SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Personnel involved in the requirements phase of a software development project
Testing activities
2. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
IT Services Financial Management
The BCP process
Elements of the COBIT Framework
Formal waterfall
3. The main hardware component of a computer system - which executes instructions in computer programs.
An Integrated Audit
A Service Provider audit
CPU
PERT Diagram?
4. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Data Link Layer Standards
Geographic location
OSI Layer 6: Presentation
Business Continuity
5. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
PERT Diagram?
Data Link Layer Standards
OSI: Transport Layer
Organizational culture and maturity
6. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Wet pipe fire sprinkler system
Sampling Risk
Blade Computer Architecture
Foreign Key
7. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Business Continuity
Audit logging
Formal waterfall
Input validation checking
8. What type of testing is performed to determine if control procedures have proper design and are operating properly?
CPU
A Virtual Server
Compliance Testing
Elements of the COSO pyramid
9. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
Insourcing
Tolerable Error Rate
The availability of IT systems
10. Delivery of packets from one station to another - on the same network or on different networks.
The 5 types of Evidence that the auditor will collect during an audit.
A Sample Mean
The audit program
The Internet Layer in the TCP/IP model
11. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The Release process
ITIL definition of CHANGE MANAGEMENT
Critical Path Methodology
Overall audit risk
12. The highest number of errors that can exist without a result being materially misstated.
Compliance Testing
Insourcing
Tolerable Error Rate
Prblem Management
13. 1.) Executive Support (2.) Well-defined roles and responsibilities.
A Virtual Server
Information security policy
Balanced Scorecard
The Software Program Library
14. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Separate administrative accounts
Insourcing
TCP/IP Transport Layer packet delivery
The Internet Layer in the TCP/IP model
15. The memory locations in the CPU where arithmetic values are stored.
Three Types of Controls
Registers
TCP/IP Network Model
(1.) Polices (2.) Procedures (3.) Standards
16. A representation of how closely a sample represents an entire population.
Precision means
Reduced sign-on
Application Layer protocols
Input validation checking
17. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
IT Service Management
Split custody
Risk Management
18. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Registers
The audit program
Detection Risk
Foreign Key
19. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Hash
Prblem Management
A Problem
Confidence coefficient
20. IT Service Management is defined in ___________________ framework.
Department Charters
ITIL - IT Infrastructure Library
IT standards are not being reviewed often enough
Gantt Chart
21. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
The Release process
Network Layer Protocols
Elements of the COSO pyramid
Business Realization
22. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
The best approach for identifying high risk areas for an audit
Background checks performed
Inform the auditee
ITIL definition of PROBLEM
23. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
The Steering Committee
The Requirements
Capability Maturity Model
24. An alternate processing center that contains no information processing equipment.
Security Awareness program
Risk Management
The audit program
A Cold Site
25. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
Antivirus software on the email servers
Confidence coefficient
A Cold Site
26. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Variable Sampling
Application Layer protocols
Stay current with technology
Server cluster
27. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Current and most up-to-date
Split custody
The Requirements
Registers
28. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
The Internet Layer in the TCP/IP model
Grid Computing
TCP/IP Transport Layer packet delivery
Hash
29. To communication security policies - procedures - and other security-related information to an organization's employees.
Security Awareness program
Hash
The audit program
OSI Layer 6: Presentation
30. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
The Requirements
Critical Path Methodology
Variable Sampling
31. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
The typical Configuration Items in Configuration Management
Criticality analysis
Cloud computing
Incident Management
32. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Testing activities
Primary security features of relational databases
Information security policy
(1.) Polices (2.) Procedures (3.) Standards
33. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Security Awareness program
A Sample Mean
Vulnerability in the organization's PBX
34. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
A Server Cluster
Primary security features of relational databases
Blade Computer Architecture
35. Describes the effect on the business if a process is incapacitated for any appreciable time
Business Realization
A Financial Audit
Statement of Impact
Structural fires and transportation accidents
36. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Reduced sign-on
Compliance Testing
(1.) Polices (2.) Procedures (3.) Standards
Information systems access
37. Guide program execution through organization of resources and development of clear project objectives.
Cloud computing
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Project Management Strategies
(1.) Polices (2.) Procedures (3.) Standards
38. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Cloud computing
Antivirus software on the email servers
Grid Computing
Emergency Changes
39. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Substantive Testing (test of transaction integrity)
Wet pipe fire sprinkler system
Stay current with technology
PERT Diagram?
40. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Security Awareness program
Gantt Chart
A Virtual Server
The Eight Types of Audits
41. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Notify the Audit Committee
Business Continuity
Security Awareness program
The first step in a business impact analysis
42. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
Change management
(1.) Man-made (2.) Natural
An Integrated Audit
43. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
Documentation and interview personnel
Tolerable Error Rate
A Financial Audit
44. Contains programs that communicate directly with the end user.
OSI Layer 7: Application
PERT Diagram?
Release management
The first step in a business impact analysis
45. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Organizational culture and maturity
Personnel involved in the requirements phase of a software development project
Split custody
Background checks performed
46. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Risk Management
The 4-item focus of a Balanced Scorecard
Overall audit risk
Structural fires and transportation accidents
47. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
PERT Diagram?
The Business Process Life Cycle
A Cold Site
48. Framework for auditing and measuring IT Service Management Processes.
Examples of Application Controls
TCP/IP Link Layer
ISO 20000 Standard:
Project change request
49. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Audit logging
Organizational culture and maturity
Overall audit risk
Blade Computer Architecture
50. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
Assess the maturity of its business processes
Tolerable Error Rate
The availability of IT systems
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests