SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
General Controls
Rating Scale for Process Maturity
More difficult to perform
OSI Layer 7: Application
2. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Power system controls
Data Link Layer Standards
The typical Configuration Items in Configuration Management
Separate administrative accounts
3. The main hardware component of a computer system - which executes instructions in computer programs.
Audit Methodologies
Variable Sampling
CPU
Documentation and interview personnel
4. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Transport Layer Protocols
A Server Cluster
5. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
Stratified Sampling
Types of sampling an auditor can perform.
A Compliance audit
6. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Antivirus software on the email servers
Substantive Testing (test of transaction integrity)
OSI: Network Layer
7. (1.) General (2.) Application
Information systems access
The Business Process Life Cycle
Main types of Controls
BCP Plans
8. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
The 4-item focus of a Balanced Scorecard
Risk Management
Configuration Management
9. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Precision means
Sampling
The Eight Types of Audits
10. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Expected Error Rate
An Administrative
Database primary key
11. An audit of operational efficiency.
ISO 20000 Standard:
An Administrative
IT executives and the Board of Directors
Stay current with technology
12. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Transport Layer Protocols
Variable Sampling
A Problem
objective and unbiased
13. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
The Steering Committee
The Software Program Library
Disaster Recovery
TCP/IP Internet Layer
14. A representation of how closely a sample represents an entire population.
Precision means
Statement of Impact
Power system controls
The availability of IT systems
15. The memory locations in the CPU where arithmetic values are stored.
Registers
Discovery Sampling
Configuration Management
IT Strategy
16. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Inform the auditee
Categories of risk treatment
ITIL - IT Infrastructure Library
Sample Standard Deviation
17. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
Prblem Management
Lacks specific expertise or resources to conduct an internal audit
OSI: Data Link Layer
18. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The availability of IT systems
The Eight Types of Audits
objective and unbiased
ITIL definition of CHANGE MANAGEMENT
19. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Employee termination process
IT standards are not being reviewed often enough
Business Realization
Hash
20. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Compliance Testing
The typical Configuration Items in Configuration Management
Control Unit
Foreign Key
21. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
OSI: Network Layer
Prblem Management
Stop-or-go Sampling
22. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
OSI: Physical Layer
TCP/IP Link Layer
(1.) Polices (2.) Procedures (3.) Standards
23. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
OSI Layer 6: Presentation
Buffers
Control Risk
Structural fires and transportation accidents
24. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Release management
Employee termination process
IT standards are not being reviewed often enough
objective and unbiased
25. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Business Continuity
Transport Layer Protocols
Controls
Lacks specific expertise or resources to conduct an internal audit
26. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
A Server Cluster
IT standards are not being reviewed often enough
Risk Management
Incident Management
27. (1.) Access controls (2.) Encryption (3.) Audit logging
Substantive Testing (test of transaction integrity)
Primary security features of relational databases
Data Link Layer Standards
Attribute Sampling
28. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Input validation checking
Dimensions of the COSO cube
ITIL - IT Infrastructure Library
Power system controls
29. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Examples of Application Controls
Control Unit
Frameworks
Configuration Management
30. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
less than 24 hours
Main types of Controls
Data Link Layer Standards
31. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Concentrate on samples known to represent high risk
The typical Configuration Items in Configuration Management
The appropriate role of an IS auditor in a control self-assessment
Change management
32. Framework for auditing and measuring IT Service Management Processes.
Compliance Testing
Statement of Impact
Disaster Recovery
ISO 20000 Standard:
33. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Security Awareness program
Primary security features of relational databases
The Business Process Life Cycle
IT Strategy
34. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
A Server Cluster
Sample Standard Deviation
A Compliance audit
35. Gantt: used to display ______________.
Resource details
Security Awareness program
Prblem Management
Audit logging
36. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Types of sampling an auditor can perform.
Cloud computing
IT executives and the Board of Directors
WAN Protocols
37. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Registers
Statistical Sampling
Business Continuity
Compliance Testing
38. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
General Controls
A Service Provider audit
Rating Scale for Process Maturity
Recovery time objective
39. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
Overall audit risk
Transport Layer Protocols
Judgmental sampling
40. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Resource details
Insourcing
Sample Standard Deviation
IT executives and the Board of Directors
41. PERT: shows the ______________ critical path.
Substantive Testing
Input validation checking
Business Realization
Current and most up-to-date
42. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
OSI Layer 6: Presentation
Service Level Management
Incident Management
Power system controls
43. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
A Virtual Server
Formal waterfall
An Administrative
Three Types of Controls
44. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Balanced Scorecard
IT Service Management
The 7 phases and their order in the SDLC
More difficult to perform
45. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
Categories of risk treatment
Documentation and interview personnel
Antivirus software on the email servers
46. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
47. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
OSI: Physical Layer
Overall audit risk
The availability of IT systems
Registers
48. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Business Continuity
Examples of Application Controls
Control Unit
Change management
49. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
ITIL - IT Infrastructure Library
Elements of the COSO pyramid
A Problem
Structural fires and transportation accidents
50. An audit that combines an operational audit and a financial audit.
Elements of the COBIT Framework
The Requirements
Sampling Risk
An Integrated Audit
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests