A Review Test On CISA Auditing! Trivia Quiz!

10 Questions

Settings
A Review Test On CISA Auditing! Trivia Quiz!

Although the CISA curriculum can be classified into six categories, the curriculum that deals with the protection of information assets, which include new technologies and current threats is the one that possesses attention the most. This quiz will test your knowledge on what you know about Certified Information System Auditing.


Questions and Answers
  • 1. 
    Which of the following is the most fundamental step in preventing virus attacks?
    • A. 

      Adopting and communicating a comprehensive antivirus policy

    • B. 

      Implementing antivirus protection software on users' desktop computers

    • C. 

      Implementing antivirus content checking at all network-to-Internet gateways

    • D. 

      Inoculating systems with antivirus code

  • 2. 
    When should systems administrators first assess the impact of applications or systems patches?
    • A. 

      Within five business days following installation

    • B. 

      Prior to installation

    • C. 

      No sooner than five business days following installation

    • D. 

      Immediately following installation

  • 3. 
    What is a callback system?
    • A. 

      It is a remote-access system whereby the remote-access server immediately calls the user back at a predetermined number if the dial-in connection fails.

    • B. 

      It is a remote-access system whereby the user's application automatically redials the remote access server if the initial connection attempt fails

    • C. 

      It is a remote-access control whereby the user initially connects to the network systems via dial-up access, only to have the initial connection terminated by the server, which then subsequently dials the user back at a predetermined number stored in the server's configuration database

    • D. 

      It is a remote-access control whereby the user initially connects to the network systems via dial-up access, only to have the initial connection terminated by the server, which then subsequently allows the user to call back at an approved number for a limited period of time.

  • 4. 
    Which of the following help(s) prevent an organization's systems from participating in a distributed denial-of-service (DDoS) attack? Choose the BEST answer.
    • A. 

      Inbound traffic filtering

    • B. 

      Using access control lists (ACLs) to restrict inbound connection attempts

    • C. 

      Recentralizing distributed systems

    • D. 

      Outbound traffic filtering

  • 5. 
    Which of the following uses a prototype that can be updated continually to meet changing user or business requirements?
    • A. 

      PERT

    • B. 

      Rapid application development (RAD)

    • C. 

      Function point analysis (FPA)

    • D. 

      GANTT

  • 6. 
    When should application controls be considered within the system-development process?
    • A. 

      After application unit testing.

    • B. 

      After application module testing

    • C. 

      After applications systems testing

    • D. 

      Regression testing

  • 7. 
    If a database is restored from information backed up before the last system image, which of the following is recommended?
    • A. 

      The system should be restarted after the last transaction.

    • B. 

      The system should be restarted before the last transaction.

    • C. 

      The system should be restarted at the first transaction

    • D. 

      The system should be restarted on the last transaction.

  • 8. 
    What are intrusion-detection systems (IDS) primarily used for?
    • A. 

      To identify and prevent intrusion attempts to a network

    • B. 

      To prevent intrusion attempts to a network

    • C. 

      Forensic incident response

    • D. 

      To identify intrusion attempts to a network.

  • 9. 
    The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. Which would be the BEST audit technique to use in this situation?
    • A. 

      Test data

    • B. 

      Generalized audit software

    • C. 

      Integrated test facility

    • D. 

      Embedded audit module

  • 10. 
    During a security audit of IT processes, an IS auditor found that there were no documented security procedures. The IS auditor should:
    • A. 

      Create the procedures document.

    • B. 

      Terminate the audit.

    • C. 

      Conduct compliance testing

    • D. 

      Identify and evaluate existing practices