SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
PERT Diagram?
Change management
Categories of risk treatment
Expected Error Rate
2. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
The Eight Types of Audits
Grid Computing
An Operational Audit
3. A collection of two or more servers that is designed to appear as a single server.
Audit Methodologies
Server cluster
Frameworks
OSI Layer 6: Presentation
4. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
5. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
A Service Provider audit
OSI Layer 5: Session
Examples of IT General Controls
The 4-item focus of a Balanced Scorecard
6. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Vulnerability in the organization's PBX
The appropriate role of an IS auditor in a control self-assessment
WAN Protocols
The best approach for identifying high risk areas for an audit
7. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
Sampling Risk
Stratified Sampling
Configuration Management
8. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Business Realization
Antivirus software on the email servers
Sampling
9. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Database primary key
Department Charters
Audit logging
Input validation checking
10. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
PERT Diagram?
Balanced Scorecard
Examples of Application Controls
The Internet Layer in the TCP/IP model
11. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
TCP/IP Transport Layer
The availability of IT systems
Detection Risk
Confidence coefficient
12. (1.) Physical (2.) Technical (4.) Administrative
The 5 types of Evidence that the auditor will collect during an audit.
Hash
Three Types of Controls
Audit logging
13. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Grid Computing
Business Continuity
Inherent Risk
Configuration Management
14. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
Recovery time objective
The Business Process Life Cycle
Business Continuity
15. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Employee termination process
Cloud computing
Referential Integrity
OSI: Data Link Layer
16. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Emergency Changes
WAN Protocols
Disaster Recovery
Service Continuity Management
17. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
The Software Program Library
Discovery Sampling
Lacks specific expertise or resources to conduct an internal audit
Incident Management
18. Framework for auditing and measuring IT Service Management Processes.
Balanced Scorecard
IT standards are not being reviewed often enough
TCP/IP Transport Layer
ISO 20000 Standard:
19. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Vulnerability in the organization's PBX
Options for Risk Treatment
Business Realization
TCP/IP Internet Layer
20. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Testing activities
TCP/IP Transport Layer packet delivery
A Cold Site
Database primary key
21. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
objective and unbiased
Primary security features of relational databases
Foreign Key
IT Services Financial Management
22. (1.) General (2.) Application
Application Layer protocols
Main types of Controls
Business impact analysis
Capability Maturity Model
23. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Variable Sampling
The Requirements
Notify the Audit Committee
List of systems examined
24. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Control Unit
less than 24 hours
Frameworks
The Software Program Library
25. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Input validation checking
The Eight Types of Audits
The best approach for identifying high risk areas for an audit
Emergency Changes
26. To communication security policies - procedures - and other security-related information to an organization's employees.
Project change request
Volumes of COSO framework
Business Continuity
Security Awareness program
27. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
A Sample Mean
The Requirements
Prblem Management
TCP/IP Network Model
28. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Expected Error Rate
A Compliance audit
Business Realization
Stay current with technology
29. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information security policy
Notify the Audit Committee
The availability of IT systems
Information systems access
30. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
OSI Layer 5: Session
The Internet Layer in the TCP/IP model
Three Types of Controls
31. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Elements of the COBIT Framework
The Business Process Life Cycle
Compliance Testing
Options for Risk Treatment
32. (1.) TCP (2.) UDP
Referential Integrity
Transport Layer Protocols
Employee termination process
IT Services Financial Management
33. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
A Server Cluster
Buffers
Controls
TCP/IP Transport Layer
34. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
A Financial Audit
Sampling
Discovery Sampling
35. Gantt: used to display ______________.
OSI Layer 5: Session
Cloud computing
Resource details
Recovery time objective
36. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Six steps of the Release Management process
Variable Sampling
Geographic location
Expected Error Rate
37. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Application Controls
A Financial Audit
Service Continuity Management
38. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Segregation of duties issue in a high value process
Lacks specific expertise or resources to conduct an internal audit
The 7 phases and their order in the SDLC
A Virtual Server
39. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Emergency Changes
Antivirus software on the email servers
Separate administrative accounts
40. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Audit logging
Judgmental sampling
Tolerable Error Rate
Sampling
41. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
The Release process
Control Risk
Department Charters
42. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
ITIL - IT Infrastructure Library
Statement of Impact
Organizational culture and maturity
Notify the Audit Committee
43. A maturity model that represents the aggregations of other maturity models.
Segregation of duties issue in a high value process
IT Services Financial Management
Capability Maturity Model Integration (CMMI)
Data Link Layer Standards
44. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Structural fires and transportation accidents
IT executives and the Board of Directors
Testing activities
The 4-item focus of a Balanced Scorecard
45. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Disaster Recovery
A Server Cluster
Application Layer protocols
OSI: Physical Layer
46. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
The Internet Layer in the TCP/IP model
The 5 types of Evidence that the auditor will collect during an audit.
Risk Management
Registers
47. The inventory of all in-scope business processes and systems
Recovery time objective
The availability of IT systems
The first step in a business impact analysis
The typical Configuration Items in Configuration Management
48. ITIL term used to describe the SDLC.
Options for Risk Treatment
Entire password for an encryption key
Formal waterfall
Release management
49. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Judgmental sampling
Entire password for an encryption key
Function Point Analysis
A Cold Site
50. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Audit logging
The 7 phases and their order in the SDLC
Data Link Layer Standards
Sample Standard Deviation