SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit that combines an operational audit and a financial audit.
Entire password for an encryption key
An Integrated Audit
Buffers
Tolerable Error Rate
2. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
The two Categories of Controls
Power system controls
Audit logging
Antivirus software on the email servers
3. The main hardware component of a computer system - which executes instructions in computer programs.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
CPU
objective and unbiased
Elements of the COSO pyramid
4. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Balanced Scorecard
Wet pipe fire sprinkler system
Referential Integrity
(1.) Man-made (2.) Natural
5. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
IT Service Management
More difficult to perform
The Release process
6. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Grid Computing
IT Service Management
OSI: Network Layer
An Operational Audit
7. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
Registers
Main types of Controls
Data Link Layer Standards
8. Subjective sampling is used when the auditor wants to _________________________.
The Eight Types of Audits
IT Services Financial Management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Concentrate on samples known to represent high risk
9. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
The 7 phases and their order in the SDLC
Function Point Analysis
Information security policy
10. Used to measure the relative maturity of an organization and its processes.
Dimensions of the COSO cube
ITIL definition of PROBLEM
Capability Maturity Model
The Requirements
11. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
A Cold Site
The audit program
OSI Layer 5: Session
Hash
12. Used to estimate the effort required to develop a software program.
Function Point Analysis
Six steps of the Release Management process
Transport Layer Protocols
Control Unit
13. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
The first step in a business impact analysis
Attribute Sampling
A gate process
Critical Path Methodology
14. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
A Service Provider audit
Categories of risk treatment
Audit logging
OSI: Transport Layer
15. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
The availability of IT systems
less than 24 hours
Service Level Management
Sampling Risk
16. Used to determine which business processes are the most critical - by ranking them in order of criticality
Compliance Testing
Elements of the COBIT Framework
Criticality analysis
Examples of IT General Controls
17. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
IT Service Management
Sample Standard Deviation
Testing activities
The best approach for identifying high risk areas for an audit
18. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
A Financial Audit
Criticality analysis
Blade Computer Architecture
19. Consists of two main packet transport protocols: TCP and UDP.
The Internet Layer in the TCP/IP model
TCP/IP Transport Layer
Criticality analysis
Registers
20. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Segregation of duties issue in a high value process
Documentation and interview personnel
Options for Risk Treatment
Resource details
21. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
List of systems examined
Project Management Strategies
Gantt Chart
Inform the auditee
22. An audit of an IS department's operations and systems.
A Service Provider audit
less than 24 hours
An IS audit
OSI Layer 5: Session
23. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Network Layer Protocols
IT Service Management
IT Strategy
Emergency Changes
24. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
Control Unit
The 4-item focus of a Balanced Scorecard
Testing activities
25. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Substantive Testing
A Virtual Server
A Service Provider audit
Registers
26. The maximum period of downtime for a process or application
TCP/IP Link Layer
Insourcing
Hash
Recovery time objective
27. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
Project change request
Change management
Entire password for an encryption key
28. Defines internal controls and provides guidance for assessing and improving internal control systems.
OSI Layer 5: Session
IT standards are not being reviewed often enough
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Main types of Controls
29. The highest number of errors that can exist without a result being materially misstated.
To identify the tasks that are responsible for project delays
Tolerable Error Rate
A Forensic Audit
OSI: Physical Layer
30. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Documentation and interview personnel
An Integrated Audit
TCP/IP Link Layer
Network Layer Protocols
31. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
TCP/IP Internet Layer
Gantt Chart
Service Continuity Management
Advantages of outsourcing
32. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Concentrate on samples known to represent high risk
Configuration Management
Business Realization
Gantt Chart
33. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Expected Error Rate
Resource details
OSI: Data Link Layer
A Server Cluster
34. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Background checks performed
Advantages of outsourcing
TCP/IP Network Model
Data Link Layer Standards
35. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
An Administrative
Notify the Audit Committee
Project Management Strategies
Business Continuity
36. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Project change request
Hash
SDLC Phases
Department Charters
37. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
An IS audit
ITIL definition of PROBLEM
Substantive Testing
38. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
The two Categories of Controls
Organizational culture and maturity
Examples of IT General Controls
Server cluster
39. Delivery of packets from one station to another - on the same network or on different networks.
objective and unbiased
Three Types of Controls
Frameworks
The Internet Layer in the TCP/IP model
40. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
TCP/IP Link Layer
Attribute Sampling
Business Realization
41. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
Assess the maturity of its business processes
Sample Standard Deviation
The 4-item focus of a Balanced Scorecard
42. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Vulnerability in the organization's PBX
Background checks performed
Overall audit risk
ITIL - IT Infrastructure Library
43. (1.) Objectives (2.) Components (3.) Business Units / Areas
TCP/IP Internet Layer
Project Management Strategies
Dimensions of the COSO cube
Inherent Risk
44. Gantt: used to display ______________.
Current and most up-to-date
Control Risk
Resource details
ITIL definition of PROBLEM
45. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
IT executives and the Board of Directors
Change management
Examples of IT General Controls
Department Charters
46. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Application Layer protocols
Audit logging
Lacks specific expertise or resources to conduct an internal audit
Confidence coefficient
47. Guide program execution through organization of resources and development of clear project objectives.
Server cluster
Main types of Controls
Project Management Strategies
Formal waterfall
48. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Service Level Management
Overall audit risk
TCP/IP Transport Layer packet delivery
Types of sampling an auditor can perform.
49. To communication security policies - procedures - and other security-related information to an organization's employees.
OSI Layer 7: Application
Incident Management
Security Awareness program
The Internet Layer in the TCP/IP model
50. Collections of Controls that work together to achieve an entire range of an organization's objectives.
OSI Layer 6: Presentation
Network Layer Protocols
Frameworks
Background checks performed
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests