SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
A Virtual Server
Current and most up-to-date
Elements of the COBIT Framework
Examples of Application Controls
2. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
OSI Layer 6: Presentation
Cloud computing
Business Continuity
A Problem
3. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Elements of the COSO pyramid
Network Layer Protocols
Sample Standard Deviation
4. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
Concentrate on samples known to represent high risk
More difficult to perform
Overall audit risk
5. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
ISO 20000 Standard:
The availability of IT systems
Balanced Scorecard
Split custody
6. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
TCP/IP Network Model
Capability Maturity Model Integration (CMMI)
A Compliance audit
(1.) Man-made (2.) Natural
7. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Expected Error Rate
The Business Process Life Cycle
Separate administrative accounts
Sampling Risk
8. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Capability Maturity Model
PERT Diagram?
Tolerable Error Rate
Referential Integrity
9. To communication security policies - procedures - and other security-related information to an organization's employees.
Security Awareness program
The first step in a business impact analysis
IT executives and the Board of Directors
A Virtual Server
10. An audit of an IS department's operations and systems.
An IS audit
Service Level Management
(1.) Man-made (2.) Natural
TCP/IP Transport Layer
11. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
OSI: Physical Layer
Categories of risk treatment
Server cluster
Inform the auditee
12. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Capability Maturity Model
Blade Computer Architecture
Background checks performed
Balanced Scorecard
13. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
TCP/IP Transport Layer
IT standards are not being reviewed often enough
Substantive Testing
14. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The best approach for identifying high risk areas for an audit
A Cold Site
The Requirements
WAN Protocols
15. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
Notify the Audit Committee
TCP/IP Network Model
Hash
16. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
Annualized Loss Expectance (ALE)
The typical Configuration Items in Configuration Management
A Virtual Server
17. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
Substantive Testing
Types of sampling an auditor can perform.
Rating Scale for Process Maturity
18. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Personnel involved in the requirements phase of a software development project
The audit program
Buffers
Advantages of outsourcing
19. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
The Software Program Library
Business Realization
Configuration Management
Employee termination process
20. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
To identify the tasks that are responsible for project delays
Business Realization
Lacks specific expertise or resources to conduct an internal audit
Background checks performed
21. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Geographic location
Inherent Risk
Entire password for an encryption key
Annualized Loss Expectance (ALE)
22. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
More difficult to perform
TCP/IP Internet Layer
Tolerable Error Rate
23. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Security Awareness program
Concentrate on samples known to represent high risk
Balanced Scorecard
Overall audit risk
24. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
Volumes of COSO framework
The appropriate role of an IS auditor in a control self-assessment
IT Strategy
25. (1.) Access controls (2.) Encryption (3.) Audit logging
Judgmental sampling
Examples of IT General Controls
Statement of Impact
Primary security features of relational databases
26. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
List of systems examined
Critical Path Methodology
The Eight Types of Audits
Examples of IT General Controls
27. An audit of a third-party organization that provides services to other organizations.
Service Continuity Management
A Service Provider audit
Release management
Background checks performed
28. The sum of all samples divided by the number of samples.
Blade Computer Architecture
Judgmental sampling
The first step in a business impact analysis
A Sample Mean
29. The memory locations in the CPU where arithmetic values are stored.
The appropriate role of an IS auditor in a control self-assessment
The 4-item focus of a Balanced Scorecard
Registers
Information security policy
30. Delivery of packets from one station to another - on the same network or on different networks.
Information systems access
The Internet Layer in the TCP/IP model
Reduced sign-on
Three Types of Controls
31. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The Release process
Criticality analysis
Controls
The 5 types of Evidence that the auditor will collect during an audit.
32. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Audit logging
A Server Cluster
IT standards are not being reviewed often enough
Judgmental sampling
33. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Compliance Testing
Change management
Incident Management
The Release process
34. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Configuration Management
The audit program
Substantive Testing
Discovery Sampling
35. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Discovery Sampling
The first step in a business impact analysis
IT Services Financial Management
Emergency Changes
36. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
less than 24 hours
A Virtual Server
Gantt Chart
TCP/IP Network Model
37. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Reduced sign-on
An Administrative
Inform the auditee
Grid Computing
38. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Geographic location
TCP/IP Transport Layer packet delivery
Split custody
Structural fires and transportation accidents
39. IT Service Management is defined in ___________________ framework.
ITIL - IT Infrastructure Library
Disaster Recovery
OSI: Data Link Layer
Substantive Testing (test of transaction integrity)
40. Subjective sampling is used when the auditor wants to _________________________.
TCP/IP Internet Layer
Concentrate on samples known to represent high risk
Prblem Management
Information security policy
41. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Power system controls
Geographic location
Server cluster
Balanced Scorecard
42. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Notify the Audit Committee
Advantages of outsourcing
OSI Layer 6: Presentation
TCP/IP Transport Layer packet delivery
43. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The 7 phases and their order in the SDLC
Precision means
Security Awareness program
Insourcing
44. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Expected Error Rate
Volumes of COSO framework
Substantive Testing (test of transaction integrity)
Balanced Scorecard
45. Used to estimate the effort required to develop a software program.
Function Point Analysis
Server cluster
Main types of Controls
Database primary key
46. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
The first step in a business impact analysis
Rating Scale for Process Maturity
Formal waterfall
Separate administrative accounts
47. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
Sampling
Grid Computing
IT Service Management
48. The highest number of errors that can exist without a result being materially misstated.
TCP/IP Network Model
Statement of Impact
Insourcing
Tolerable Error Rate
49. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
OSI: Network Layer
WAN Protocols
Dimensions of the COSO cube
The Steering Committee
50. Used to measure the relative maturity of an organization and its processes.
Application Controls
Capability Maturity Model
CPU
Lacks specific expertise or resources to conduct an internal audit
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests