SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
Assess the maturity of its business processes
The Release process
Control Unit
2. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
Sample Standard Deviation
OSI: Transport Layer
Personnel involved in the requirements phase of a software development project
3. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Primary security features of relational databases
The appropriate role of an IS auditor in a control self-assessment
Reduced sign-on
OSI: Physical Layer
4. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
OSI Layer 5: Session
Advantages of outsourcing
Release management
Assess the maturity of its business processes
5. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
less than 24 hours
Frameworks
Structural fires and transportation accidents
Dimensions of the COSO cube
6. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Server cluster
Foreign Key
Entire password for an encryption key
Categories of risk treatment
7. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Cloud computing
Buffers
The 5 types of Evidence that the auditor will collect during an audit.
Wet pipe fire sprinkler system
8. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Hash
The best approach for identifying high risk areas for an audit
Configuration Management
A Forensic Audit
9. (1.) TCP (2.) UDP
TCP/IP Internet Layer
Transport Layer Protocols
The appropriate role of an IS auditor in a control self-assessment
Emergency Changes
10. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
Sampling Risk
Service Continuity Management
Project change request
11. The main hardware component of a computer system - which executes instructions in computer programs.
Personnel involved in the requirements phase of a software development project
A Server Cluster
CPU
Compliance Testing
12. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Background checks performed
Volumes of COSO framework
Options for Risk Treatment
Capability Maturity Model Integration (CMMI)
13. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Examples of Application Controls
An Integrated Audit
Referential Integrity
14. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Employee termination process
Lacks specific expertise or resources to conduct an internal audit
IT executives and the Board of Directors
The audit program
15. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
An IS audit
Business Continuity
WAN Protocols
The Steering Committee
16. The means by which management establishes and measures processes by which organizational objectives are achieved
Controls
Incident Management
The BCP process
Annualized Loss Expectance (ALE)
17. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Current and most up-to-date
less than 24 hours
Segregation of duties issue in a high value process
TCP/IP Transport Layer packet delivery
18. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
A Forensic Audit
Change management
Insourcing
The Eight Types of Audits
19. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Examples of IT General Controls
The typical Configuration Items in Configuration Management
Organizational culture and maturity
20. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
Sample Standard Deviation
OSI Layer 5: Session
Background checks performed
21. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
OSI: Network Layer
Criticality analysis
Volumes of COSO framework
The two Categories of Controls
22. (1.) Access controls (2.) Encryption (3.) Audit logging
An Integrated Audit
Advantages of outsourcing
Elements of the COSO pyramid
Primary security features of relational databases
23. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Application Controls
Segregation of duties issue in a high value process
Control Unit
Incident Management
24. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
less than 24 hours
Segregation of duties issue in a high value process
A Server Cluster
IT Strategy
25. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
TCP/IP Transport Layer packet delivery
A Financial Audit
Organizational culture and maturity
Function Point Analysis
26. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
WAN Protocols
less than 24 hours
Geographic location
Cloud computing
27. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
OSI: Data Link Layer
Sample Standard Deviation
Formal waterfall
IT Service Management
28. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
The 4-item focus of a Balanced Scorecard
Business Realization
A Financial Audit
A Compliance audit
29. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Wet pipe fire sprinkler system
Elements of the COSO pyramid
Inherent Risk
A Sample Mean
30. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Information systems access
Grid Computing
Power system controls
IT Service Management
31. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The 7 phases and their order in the SDLC
Wet pipe fire sprinkler system
Stay current with technology
The Steering Committee
32. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Formal waterfall
Sample Standard Deviation
The first step in a business impact analysis
The Eight Types of Audits
33. Handle application processing
General Controls
Application Controls
Blade Computer Architecture
Gantt Chart
34. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
Cloud computing
OSI: Physical Layer
SDLC Phases
35. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
(1.) Man-made (2.) Natural
Service Continuity Management
Emergency Changes
Advantages of outsourcing
36. An audit of an IS department's operations and systems.
Resource details
An IS audit
Disaster Recovery
TCP/IP Link Layer
37. Support the functioning of the application controls
IT Strategy
The appropriate role of an IS auditor in a control self-assessment
General Controls
Hash
38. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
TCP/IP Network Model
PERT Diagram?
Background checks performed
Sampling
39. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Statement of Impact
IT Services Financial Management
A Virtual Server
The Requirements
40. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Business Continuity
(1.) Polices (2.) Procedures (3.) Standards
TCP/IP Internet Layer
Variable Sampling
41. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Elements of the COBIT Framework
The first step in a business impact analysis
The 7 phases and their order in the SDLC
Audit logging
42. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Application Controls
Confidence coefficient
TCP/IP Transport Layer
Input validation checking
43. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
PERT Diagram?
The Eight Types of Audits
Function Point Analysis
Risk Management
44. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
(1.) Man-made (2.) Natural
Application Controls
Entire password for an encryption key
Controls
45. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
Stay current with technology
less than 24 hours
TCP/IP Transport Layer
46. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Emergency Changes
Power system controls
The availability of IT systems
Stratified Sampling
47. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Testing activities
Sampling Risk
Capability Maturity Model
OSI: Data Link Layer
48. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Criticality analysis
A gate process
Information systems access
ITIL definition of CHANGE MANAGEMENT
49. The maximum period of downtime for a process or application
Recovery time objective
Registers
Reduced sign-on
Critical Path Methodology
50. The memory locations in the CPU where arithmetic values are stored.
Organizational culture and maturity
Registers
Database primary key
Volumes of COSO framework