SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
The availability of IT systems
Split custody
The first step in a business impact analysis
Substantive Testing (test of transaction integrity)
2. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
TCP/IP Transport Layer
Application Layer protocols
IT Services Financial Management
Service Continuity Management
3. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
TCP/IP Transport Layer packet delivery
Reduced sign-on
Release management
4. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Six steps of the Release Management process
TCP/IP Internet Layer
OSI Layer 6: Presentation
Sampling Risk
5. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Controls
Sampling Risk
Categories of risk treatment
An Operational Audit
6. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
A Sample Mean
Testing activities
Antivirus software on the email servers
objective and unbiased
7. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
A Server Cluster
The Release process
An Integrated Audit
8. The highest number of errors that can exist without a result being materially misstated.
Recovery time objective
A Server Cluster
Tolerable Error Rate
ITIL definition of CHANGE MANAGEMENT
9. (1.) Physical (2.) Technical (4.) Administrative
Registers
Server cluster
Three Types of Controls
Entire password for an encryption key
10. (1.) TCP (2.) UDP
Reduced sign-on
Transport Layer Protocols
Criticality analysis
A gate process
11. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Entire password for an encryption key
List of systems examined
Dimensions of the COSO cube
Gantt Chart
12. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Grid Computing
Current and most up-to-date
Emergency Changes
Testing activities
13. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
The 7 phases and their order in the SDLC
Background checks performed
Controls
Data Link Layer Standards
14. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
The 7 phases and their order in the SDLC
Tolerable Error Rate
A Problem
The appropriate role of an IS auditor in a control self-assessment
15. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Business impact analysis
Discovery Sampling
Employee termination process
Sampling Risk
16. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
Statement of Impact
An Operational Audit
Data Link Layer Standards
17. An audit of a third-party organization that provides services to other organizations.
Balanced Scorecard
A Virtual Server
A Service Provider audit
Stratified Sampling
18. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
An Integrated Audit
SDLC Phases
Entire password for an encryption key
Control Unit
19. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
The Steering Committee
Sample Standard Deviation
Annualized Loss Expectance (ALE)
Application Controls
20. ITIL term used to describe the SDLC.
Release management
Prblem Management
Formal waterfall
Application Controls
21. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Elements of the COBIT Framework
TCP/IP Transport Layer
Categories of risk treatment
22. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
Blade Computer Architecture
Power system controls
OSI Layer 7: Application
23. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Statement of Impact
Sampling Risk
Business impact analysis
SDLC Phases
24. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Sampling Risk
A Compliance audit
The appropriate role of an IS auditor in a control self-assessment
A Cold Site
25. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
BCP Plans
Audit Methodologies
PERT Diagram?
Deming Cycle
26. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Control Unit
Expected Error Rate
Application Controls
Separate administrative accounts
27. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Application Layer protocols
Inherent Risk
The 5 types of Evidence that the auditor will collect during an audit.
(1.) Polices (2.) Procedures (3.) Standards
28. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Notify the Audit Committee
WAN Protocols
Sampling Risk
Hash
29. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
TCP/IP Transport Layer packet delivery
Sampling
Deming Cycle
Department Charters
30. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
Precision means
Network Layer Protocols
Database primary key
31. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Critical Path Methodology
ITIL definition of PROBLEM
TCP/IP Internet Layer
Organizational culture and maturity
32. A maturity model that represents the aggregations of other maturity models.
IT standards are not being reviewed often enough
Capability Maturity Model Integration (CMMI)
The appropriate role of an IS auditor in a control self-assessment
Elements of the COBIT Framework
33. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Organizational culture and maturity
An IS audit
OSI Layer 7: Application
34. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
ITIL definition of CHANGE MANAGEMENT
Project Management Strategies
OSI: Data Link Layer
Insourcing
35. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
OSI Layer 6: Presentation
The Software Program Library
IT executives and the Board of Directors
TCP/IP Network Model
36. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Stratified Sampling
Reduced sign-on
Geographic location
Project Management Strategies
37. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
A Virtual Server
The Requirements
Options for Risk Treatment
Types of sampling an auditor can perform.
38. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
Risk Management
Background checks performed
Overall audit risk
39. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Reduced sign-on
The appropriate role of an IS auditor in a control self-assessment
Hash
Referential Integrity
40. The maximum period of downtime for a process or application
Main types of Controls
Recovery time objective
Vulnerability in the organization's PBX
Attribute Sampling
41. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
IT standards are not being reviewed often enough
An IS audit
Dimensions of the COSO cube
The Software Program Library
42. The first major task in a disaster recovery or business continuity planning project.
Sampling
Three Types of Controls
Stratified Sampling
Business impact analysis
43. Used to estimate the effort required to develop a software program.
ITIL definition of PROBLEM
Function Point Analysis
Advantages of outsourcing
Detection Risk
44. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Substantive Testing (test of transaction integrity)
Business Realization
TCP/IP Internet Layer
Audit Methodologies
45. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Reduced sign-on
ITIL - IT Infrastructure Library
Primary security features of relational databases
46. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
TCP/IP Internet Layer
Audit logging
The best approach for identifying high risk areas for an audit
Wet pipe fire sprinkler system
47. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
Documentation and interview personnel
Volumes of COSO framework
A Problem
48. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
TCP/IP Link Layer
Judgmental sampling
Deming Cycle
IT executives and the Board of Directors
49. IT Governance is most concerned with ________.
A Problem
A Service Provider audit
IT Strategy
A Cold Site
50. The risk that an IS auditor will overlook errors or exceptions during an audit.
Detection Risk
A Compliance audit
Service Level Management
Variable Sampling
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests