SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Attribute Sampling
Power system controls
Examples of Application Controls
Hash
2. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Grid Computing
Blade Computer Architecture
Project Management Strategies
A Problem
3. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
OSI: Data Link Layer
OSI: Physical Layer
(1.) Man-made (2.) Natural
4. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Concentrate on samples known to represent high risk
Inherent Risk
A gate process
TCP/IP Link Layer
5. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Volumes of COSO framework
Notify the Audit Committee
Control Risk
Disaster Recovery
6. The highest number of errors that can exist without a result being materially misstated.
Sampling Risk
Tolerable Error Rate
OSI Layer 5: Session
Critical Path Methodology
7. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
Notify the Audit Committee
Grid Computing
An Operational Audit
8. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Sample Mean
A Compliance audit
Frameworks
Transport Layer Protocols
9. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Wet pipe fire sprinkler system
The audit program
OSI: Physical Layer
Advantages of outsourcing
10. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
(1.) Man-made (2.) Natural
Input validation checking
The audit program
Examples of Application Controls
11. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
A Virtual Server
Substantive Testing (test of transaction integrity)
Assess the maturity of its business processes
ITIL definition of CHANGE MANAGEMENT
12. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
Network Layer Protocols
Deming Cycle
Overall audit risk
13. The inventory of all in-scope business processes and systems
TCP/IP Internet Layer
IT Strategy
A Problem
The first step in a business impact analysis
14. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
The Business Process Life Cycle
Inform the auditee
Sample Standard Deviation
Service Continuity Management
15. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
Cloud computing
Service Continuity Management
Detection Risk
16. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Overall audit risk
SDLC Phases
Insourcing
Current and most up-to-date
17. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Split custody
Organizational culture and maturity
Notify the Audit Committee
Project change request
18. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
The appropriate role of an IS auditor in a control self-assessment
OSI: Physical Layer
Statement of Impact
19. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Structural fires and transportation accidents
A Compliance audit
Statement of Impact
Information security policy
20. Used to translate or transform data from lower layers into formats that the application layer can work with.
(1.) Man-made (2.) Natural
Emergency Changes
Tolerable Error Rate
OSI Layer 6: Presentation
21. PERT: shows the ______________ critical path.
Controls
Security Awareness program
Current and most up-to-date
Information systems access
22. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Sampling
Service Continuity Management
Current and most up-to-date
More difficult to perform
23. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Stay current with technology
Foreign Key
(1.) Polices (2.) Procedures (3.) Standards
PERT Diagram?
24. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
OSI: Network Layer
Types of sampling an auditor can perform.
(1.) Polices (2.) Procedures (3.) Standards
Grid Computing
25. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Blade Computer Architecture
Cloud computing
Wet pipe fire sprinkler system
Rating Scale for Process Maturity
26. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
A Problem
Database primary key
Expected Error Rate
27. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
A Server Cluster
Substantive Testing (test of transaction integrity)
Department Charters
An IS audit
28. (1.) TCP (2.) UDP
Foreign Key
TCP/IP Transport Layer
Function Point Analysis
Transport Layer Protocols
29. The sum of all samples divided by the number of samples.
Reduced sign-on
A Sample Mean
Dimensions of the COSO cube
A Financial Audit
30. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
Vulnerability in the organization's PBX
More difficult to perform
Dimensions of the COSO cube
31. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Examples of IT General Controls
Main types of Controls
Split custody
A Financial Audit
32. Used to estimate the effort required to develop a software program.
The typical Configuration Items in Configuration Management
Annualized Loss Expectance (ALE)
Function Point Analysis
Rating Scale for Process Maturity
33. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
The appropriate role of an IS auditor in a control self-assessment
Security Awareness program
Reduced sign-on
Elements of the COSO pyramid
34. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Referential Integrity
Release management
Personnel involved in the requirements phase of a software development project
Stay current with technology
35. Disasters are generally grouped in terms of type: ______________.
Prblem Management
(1.) Man-made (2.) Natural
The Software Program Library
IT Services Financial Management
36. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
The availability of IT systems
Incident Management
Buffers
Database primary key
37. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Background checks performed
Capability Maturity Model Integration (CMMI)
BCP Plans
The Eight Types of Audits
38. To communication security policies - procedures - and other security-related information to an organization's employees.
The typical Configuration Items in Configuration Management
Input validation checking
Security Awareness program
Main types of Controls
39. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Annualized Loss Expectance (ALE)
The Requirements
Risk Management
objective and unbiased
40. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
Entire password for an encryption key
OSI: Data Link Layer
Elements of the COSO pyramid
41. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Rating Scale for Process Maturity
Employee termination process
Stop-or-go Sampling
Formal waterfall
42. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Blade Computer Architecture
The Release process
The BCP process
The Software Program Library
43. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Background checks performed
PERT Diagram?
less than 24 hours
44. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
The availability of IT systems
Data Link Layer Standards
Separate administrative accounts
Recovery time objective
45. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Stratified Sampling
IT executives and the Board of Directors
Change management
Confidence coefficient
46. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
The first step in a business impact analysis
Six steps of the Release Management process
Stop-or-go Sampling
Information systems access
47. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Input validation checking
The 4-item focus of a Balanced Scorecard
General Controls
IT Service Management
48. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
49. A sampling technique where at least one exception is sought in a population
Examples of Application Controls
Segregation of duties issue in a high value process
Project change request
Discovery Sampling
50. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Grid Computing
Sampling Risk
OSI: Transport Layer
Registers
