SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit of an IS department's operations and systems.
Grid Computing
Incident Management
Employee termination process
An IS audit
2. IT Service Management is defined in ___________________ framework.
A Compliance audit
Concentrate on samples known to represent high risk
Inherent Risk
ITIL - IT Infrastructure Library
3. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
To identify the tasks that are responsible for project delays
TCP/IP Internet Layer
Annualized Loss Expectance (ALE)
Business Realization
4. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Rating Scale for Process Maturity
Function Point Analysis
Transport Layer Protocols
The 4-item focus of a Balanced Scorecard
5. Focuses on: post-event recovery and restoration of services
TCP/IP Link Layer
Hash
Disaster Recovery
BCP Plans
6. Used to translate or transform data from lower layers into formats that the application layer can work with.
Stay current with technology
OSI Layer 6: Presentation
An Administrative
The two Categories of Controls
7. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Advantages of outsourcing
Audit Methodologies
Compliance Testing
Emergency Changes
8. The sum of all samples divided by the number of samples.
Information systems access
A Sample Mean
A Compliance audit
Lacks specific expertise or resources to conduct an internal audit
9. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Capability Maturity Model
A Compliance audit
Advantages of outsourcing
Prblem Management
10. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Business Realization
Examples of IT General Controls
Segregation of duties issue in a high value process
The Requirements
11. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
TCP/IP Internet Layer
The 4-item focus of a Balanced Scorecard
Balanced Scorecard
ITIL definition of CHANGE MANAGEMENT
12. Used to estimate the effort required to develop a software program.
Function Point Analysis
IT Strategy
ITIL definition of PROBLEM
Statement of Impact
13. The memory locations in the CPU where arithmetic values are stored.
Registers
Three Types of Controls
Main types of Controls
ITIL - IT Infrastructure Library
14. An audit that is performed in support of an anticipated or active legal proceeding.
OSI Layer 5: Session
A gate process
A Forensic Audit
Sampling Risk
15. PERT: shows the ______________ critical path.
Database primary key
Current and most up-to-date
Balanced Scorecard
The 4-item focus of a Balanced Scorecard
16. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Variable Sampling
Audit logging
Disaster Recovery
Precision means
17. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Geographic location
Notify the Audit Committee
The 5 types of Evidence that the auditor will collect during an audit.
The availability of IT systems
18. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Examples of Application Controls
Project change request
Stop-or-go Sampling
Statistical Sampling
19. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Capability Maturity Model
Project change request
Business Continuity
Current and most up-to-date
20. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
A Cold Site
Substantive Testing
Organizational culture and maturity
Advantages of outsourcing
21. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
TCP/IP Network Model
Registers
The audit program
Inform the auditee
22. The maximum period of downtime for a process or application
Notify the Audit Committee
Vulnerability in the organization's PBX
Information security policy
Recovery time objective
23. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Sampling
ISO 20000 Standard:
Entire password for an encryption key
An Administrative
24. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
Stratified Sampling
Compliance Testing
The Requirements
25. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Reduced sign-on
Release management
The availability of IT systems
Compliance Testing
26. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Database primary key
Notify the Audit Committee
OSI: Network Layer
WAN Protocols
27. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Hash
Notify the Audit Committee
Organizational culture and maturity
The two Categories of Controls
28. The risk that an IS auditor will overlook errors or exceptions during an audit.
Assess the maturity of its business processes
(1.) Man-made (2.) Natural
Detection Risk
The Release process
29. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
OSI: Network Layer
Judgmental sampling
Blade Computer Architecture
Confidence coefficient
30. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
Stay current with technology
BCP Plans
Risk Management
31. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
ITIL - IT Infrastructure Library
Personnel involved in the requirements phase of a software development project
Database primary key
Data Link Layer Standards
32. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Detection Risk
Variable Sampling
IT executives and the Board of Directors
Resource details
33. One of a database table's fields - whose value is unique.
Capability Maturity Model Integration (CMMI)
The 7 phases and their order in the SDLC
Judgmental sampling
Database primary key
34. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
35. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
List of systems examined
The two Categories of Controls
Detection Risk
36. Used to determine which business processes are the most critical - by ranking them in order of criticality
IT Service Management
An IS audit
Application Controls
Criticality analysis
37. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Blade Computer Architecture
The first step in a business impact analysis
ITIL definition of PROBLEM
Hash
38. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
ITIL definition of PROBLEM
Release management
Information security policy
39. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Organizational culture and maturity
Statement of Impact
An Administrative
Foreign Key
40. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
ITIL definition of CHANGE MANAGEMENT
TCP/IP Internet Layer
Inherent Risk
Data Link Layer Standards
41. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Primary security features of relational databases
Substantive Testing (test of transaction integrity)
OSI: Network Layer
Gantt Chart
42. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
A Server Cluster
Insourcing
Power system controls
Substantive Testing (test of transaction integrity)
43. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The typical Configuration Items in Configuration Management
To identify the tasks that are responsible for project delays
Audit logging
Entire password for an encryption key
44. Describes the effect on the business if a process is incapacitated for any appreciable time
A Problem
Database primary key
Statement of Impact
Annualized Loss Expectance (ALE)
45. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Capability Maturity Model Integration (CMMI)
Substantive Testing (test of transaction integrity)
OSI: Transport Layer
46. An audit of a third-party organization that provides services to other organizations.
Business Continuity
OSI Layer 6: Presentation
Current and most up-to-date
A Service Provider audit
47. To measure organizational performance and effectiveness against strategic goals.
Documentation and interview personnel
Balanced Scorecard
Types of sampling an auditor can perform.
IT Strategy
48. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
The Business Process Life Cycle
Dimensions of the COSO cube
BCP Plans
Sample Standard Deviation
49. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Stratified Sampling
ITIL definition of CHANGE MANAGEMENT
The typical Configuration Items in Configuration Management
Function Point Analysis
50. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Annualized Loss Expectance (ALE)
The typical Configuration Items in Configuration Management
Employees with excessive privileges