SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
ISO 20000 Standard:
General Controls
Discovery Sampling
IT Service Management
2. One of a database table's fields - whose value is unique.
Database primary key
Reduced sign-on
Split custody
The Internet Layer in the TCP/IP model
3. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Statistical Sampling
ITIL definition of PROBLEM
Server cluster
A Cold Site
4. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Structural fires and transportation accidents
Advantages of outsourcing
Volumes of COSO framework
General Controls
5. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
TCP/IP Transport Layer packet delivery
Sampling Risk
Categories of risk treatment
6. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Discovery Sampling
Notify the Audit Committee
The Steering Committee
The typical Configuration Items in Configuration Management
7. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
Insourcing
ITIL - IT Infrastructure Library
Control Unit
8. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Service Level Management
Control Unit
A Cold Site
The Requirements
9. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
Background checks performed
TCP/IP Internet Layer
The best approach for identifying high risk areas for an audit
10. Consists of two main packet transport protocols: TCP and UDP.
Change management
Notify the Audit Committee
The typical Configuration Items in Configuration Management
TCP/IP Transport Layer
11. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
Audit Methodologies
Network Layer Protocols
Wet pipe fire sprinkler system
12. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Vulnerability in the organization's PBX
Capability Maturity Model
An Integrated Audit
The 5 types of Evidence that the auditor will collect during an audit.
13. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
CPU
Split custody
Options for Risk Treatment
A Compliance audit
14. Used to determine which business processes are the most critical - by ranking them in order of criticality
IT Services Financial Management
Security Awareness program
PERT Diagram?
Criticality analysis
15. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Stay current with technology
The Steering Committee
Inform the auditee
WAN Protocols
16. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Power system controls
Documentation and interview personnel
Control Unit
IT executives and the Board of Directors
17. Subjective sampling is used when the auditor wants to _________________________.
OSI: Network Layer
Concentrate on samples known to represent high risk
ITIL - IT Infrastructure Library
Server cluster
18. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
TCP/IP Network Model
A Compliance audit
Disaster Recovery
Organizational culture and maturity
19. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Data Link Layer Standards
ITIL definition of PROBLEM
The Eight Types of Audits
Network Layer Protocols
20. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Testing activities
To identify the tasks that are responsible for project delays
A Problem
OSI Layer 6: Presentation
21. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
A Forensic Audit
Incident Management
IT Services Financial Management
The appropriate role of an IS auditor in a control self-assessment
22. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
less than 24 hours
Incident Management
Confidence coefficient
Grid Computing
23. The memory locations in the CPU where arithmetic values are stored.
OSI: Network Layer
Rating Scale for Process Maturity
Registers
General Controls
24. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Sample Standard Deviation
Application Controls
TCP/IP Network Model
OSI: Transport Layer
25. PERT: shows the ______________ critical path.
Capability Maturity Model
Cloud computing
The audit program
Current and most up-to-date
26. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
TCP/IP Transport Layer
OSI Layer 5: Session
Network Layer Protocols
The Eight Types of Audits
27. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Disaster Recovery
A Compliance audit
An Administrative
The BCP process
28. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
Split custody
CPU
Audit logging
29. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Wet pipe fire sprinkler system
Attribute Sampling
Service Level Management
A Virtual Server
30. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Stratified Sampling
Information security policy
Configuration Management
An Administrative
31. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Background checks performed
WAN Protocols
Foreign Key
More difficult to perform
32. IT Service Management is defined in ___________________ framework.
Variable Sampling
Employee termination process
Prblem Management
ITIL - IT Infrastructure Library
33. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Project change request
Segregation of duties issue in a high value process
Antivirus software on the email servers
Documentation and interview personnel
34. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Detection Risk
Compliance Testing
Employees with excessive privileges
IT Strategy
35. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
OSI: Network Layer
General Controls
Judgmental sampling
Lacks specific expertise or resources to conduct an internal audit
36. Describes the effect on the business if a process is incapacitated for any appreciable time
The BCP process
Confidence coefficient
The Software Program Library
Statement of Impact
37. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
TCP/IP Link Layer
Precision means
The typical Configuration Items in Configuration Management
Project change request
38. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
SDLC Phases
(1.) Man-made (2.) Natural
Recovery time objective
39. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
A gate process
Separate administrative accounts
Insourcing
ITIL - IT Infrastructure Library
40. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Department Charters
Stop-or-go Sampling
Elements of the COBIT Framework
Compliance Testing
41. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Examples of IT General Controls
Transport Layer Protocols
The Requirements
Application Controls
42. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
ITIL definition of PROBLEM
Hash
Balanced Scorecard
43. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Substantive Testing
Sampling Risk
Network Layer Protocols
Application Layer protocols
44. An alternate processing center that contains no information processing equipment.
A Sample Mean
A Cold Site
Statement of Impact
CPU
45. An audit that combines an operational audit and a financial audit.
TCP/IP Network Model
Project Management Strategies
An Operational Audit
An Integrated Audit
46. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Grid Computing
Sampling Risk
Expected Error Rate
IT standards are not being reviewed often enough
47. (1.) TCP (2.) UDP
Lacks specific expertise or resources to conduct an internal audit
Transport Layer Protocols
Elements of the COBIT Framework
Audit Methodologies
48. A sampling technique where at least one exception is sought in a population
TCP/IP Transport Layer packet delivery
Separate administrative accounts
Discovery Sampling
Tolerable Error Rate
49. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Emergency Changes
A gate process
Main types of Controls
PERT Diagram?
50. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Emergency Changes
Blade Computer Architecture
Inherent Risk
Department Charters
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests