SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Objectives (2.) Components (3.) Business Units / Areas
Volumes of COSO framework
The BCP process
Dimensions of the COSO cube
Cloud computing
2. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Discovery Sampling
Reduced sign-on
Controls
ISO 20000 Standard:
3. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Prblem Management
The availability of IT systems
Employees with excessive privileges
Sample Standard Deviation
4. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
To identify the tasks that are responsible for project delays
Elements of the COBIT Framework
Disaster Recovery
Business Continuity
5. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
TCP/IP Transport Layer
Inform the auditee
The typical Configuration Items in Configuration Management
Emergency Changes
6. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
PERT Diagram?
Information security policy
Entire password for an encryption key
WAN Protocols
7. (1.) General (2.) Application
Testing activities
Business Continuity
TCP/IP Internet Layer
Main types of Controls
8. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
OSI: Transport Layer
The typical Configuration Items in Configuration Management
Variable Sampling
A Financial Audit
9. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Structural fires and transportation accidents
The first step in a business impact analysis
SDLC Phases
10. Focuses on: post-event recovery and restoration of services
Disaster Recovery
SDLC Phases
Substantive Testing
Elements of the COBIT Framework
11. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
Capability Maturity Model Integration (CMMI)
Network Layer Protocols
Stay current with technology
12. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Categories of risk treatment
The Release process
Advantages of outsourcing
Geographic location
13. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Insourcing
Split custody
Expected Error Rate
14. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Recovery time objective
Examples of IT General Controls
Blade Computer Architecture
Lacks specific expertise or resources to conduct an internal audit
15. Guide program execution through organization of resources and development of clear project objectives.
Segregation of duties issue in a high value process
Project Management Strategies
Lacks specific expertise or resources to conduct an internal audit
Network Layer Protocols
16. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
List of systems examined
Stop-or-go Sampling
Main types of Controls
17. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Business impact analysis
Types of sampling an auditor can perform.
Inherent Risk
Judgmental sampling
18. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The audit program
Network Layer Protocols
Elements of the COSO pyramid
Configuration Management
19. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Service Continuity Management
TCP/IP Transport Layer
Security Awareness program
Geographic location
20. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
TCP/IP Internet Layer
OSI: Data Link Layer
CPU
21. A collection of two or more servers that is designed to appear as a single server.
The audit program
Server cluster
Project Management Strategies
Insourcing
22. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
SDLC Phases
The best approach for identifying high risk areas for an audit
The Internet Layer in the TCP/IP model
23. Support the functioning of the application controls
General Controls
OSI Layer 6: Presentation
Inherent Risk
TCP/IP Link Layer
24. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
Project change request
Prblem Management
Criticality analysis
25. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Inherent Risk
General Controls
OSI: Network Layer
Audit Methodologies
26. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
A Compliance audit
Sampling Risk
IT Strategy
27. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Audit Methodologies
Substantive Testing (test of transaction integrity)
SDLC Phases
28. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Primary security features of relational databases
The first step in a business impact analysis
Hash
Control Risk
29. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
The Requirements
The best approach for identifying high risk areas for an audit
OSI Layer 7: Application
Elements of the COBIT Framework
30. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
(1.) Man-made (2.) Natural
Attribute Sampling
Function Point Analysis
Audit Methodologies
31. Delivery of packets from one station to another - on the same network or on different networks.
Split custody
Elements of the COSO pyramid
The Internet Layer in the TCP/IP model
Controls
32. A representation of how closely a sample represents an entire population.
OSI: Transport Layer
Precision means
Application Controls
Statistical Sampling
33. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
OSI Layer 5: Session
A Virtual Server
Release management
The 7 phases and their order in the SDLC
34. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Sample Standard Deviation
TCP/IP Link Layer
OSI: Transport Layer
35. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Business impact analysis
Options for Risk Treatment
Information security policy
Server cluster
36. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Notify the Audit Committee
Control Unit
The 5 types of Evidence that the auditor will collect during an audit.
Application Controls
37. ITIL term used to describe the SDLC.
Stay current with technology
Risk Management
OSI Layer 6: Presentation
Release management
38. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The first step in a business impact analysis
TCP/IP Transport Layer packet delivery
The 4-item focus of a Balanced Scorecard
Background checks performed
39. Disasters are generally grouped in terms of type: ______________.
Six steps of the Release Management process
(1.) Man-made (2.) Natural
Information systems access
Lacks specific expertise or resources to conduct an internal audit
40. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
An Integrated Audit
Notify the Audit Committee
Segregation of duties issue in a high value process
OSI: Data Link Layer
41. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
CPU
Current and most up-to-date
Sampling Risk
Expected Error Rate
42. Subjective sampling is used when the auditor wants to _________________________.
Sampling Risk
A Cold Site
Concentrate on samples known to represent high risk
Application Controls
43. The risk that an IS auditor will overlook errors or exceptions during an audit.
Advantages of outsourcing
Emergency Changes
OSI: Data Link Layer
Detection Risk
44. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
More difficult to perform
Dimensions of the COSO cube
An Administrative
Service Continuity Management
45. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The 7 phases and their order in the SDLC
Personnel involved in the requirements phase of a software development project
Precision means
Information security policy
46. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Formal waterfall
Geographic location
Elements of the COSO pyramid
Antivirus software on the email servers
47. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI: Data Link Layer
OSI Layer 5: Session
IT Strategy
Sampling Risk
48. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Service Level Management
Categories of risk treatment
Referential Integrity
Documentation and interview personnel
49. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
The Eight Types of Audits
Substantive Testing
A Forensic Audit
More difficult to perform
50. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Disaster Recovery
An IS audit
Stay current with technology
Assess the maturity of its business processes
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests