SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IT Governance is most concerned with ________.
Main types of Controls
Capability Maturity Model
Employees with excessive privileges
IT Strategy
2. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Split custody
Configuration Management
A Compliance audit
SDLC Phases
3. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Configuration Management
Stratified Sampling
Geographic location
4. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
The Release process
Geographic location
The 5 types of Evidence that the auditor will collect during an audit.
The BCP process
5. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Criticality analysis
Entire password for an encryption key
Input validation checking
Referential Integrity
6. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Transport Layer Protocols
Entire password for an encryption key
OSI: Data Link Layer
Six steps of the Release Management process
7. Delivery of packets from one station to another - on the same network or on different networks.
Main types of Controls
IT Service Management
The Internet Layer in the TCP/IP model
SDLC Phases
8. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Release management
PERT Diagram?
A gate process
9. A sampling technique where at least one exception is sought in a population
Inherent Risk
Foreign Key
Discovery Sampling
Options for Risk Treatment
10. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
Input validation checking
Insourcing
Department Charters
11. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Database primary key
Substantive Testing
Elements of the COBIT Framework
IT Service Management
12. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Attribute Sampling
General Controls
Variable Sampling
The best approach for identifying high risk areas for an audit
13. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
WAN Protocols
An IS audit
Information security policy
14. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The audit program
The 4-item focus of a Balanced Scorecard
A Virtual Server
A Sample Mean
15. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
The Requirements
Types of sampling an auditor can perform.
Business impact analysis
IT standards are not being reviewed often enough
16. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Reduced sign-on
The 7 phases and their order in the SDLC
To identify the tasks that are responsible for project delays
Transport Layer Protocols
17. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
Structural fires and transportation accidents
Prblem Management
OSI Layer 7: Application
18. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
(1.) Man-made (2.) Natural
Prblem Management
Network Layer Protocols
ITIL definition of CHANGE MANAGEMENT
19. To communication security policies - procedures - and other security-related information to an organization's employees.
Deming Cycle
Elements of the COSO pyramid
The Internet Layer in the TCP/IP model
Security Awareness program
20. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Audit Methodologies
Detection Risk
Grid Computing
Project change request
21. Used to estimate the effort required to develop a software program.
Application Controls
Critical Path Methodology
The two Categories of Controls
Function Point Analysis
22. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
Main types of Controls
Cloud computing
Examples of IT General Controls
23. Defines internal controls and provides guidance for assessing and improving internal control systems.
The BCP process
Criticality analysis
Emergency Changes
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
24. ITIL term used to describe the SDLC.
Testing activities
Background checks performed
Release management
Dimensions of the COSO cube
25. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
PERT Diagram?
IT Strategy
TCP/IP Transport Layer
The Release process
26. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Options for Risk Treatment
A Compliance audit
Rating Scale for Process Maturity
BCP Plans
27. Describes the effect on the business if a process is incapacitated for any appreciable time
Antivirus software on the email servers
Statement of Impact
Service Level Management
A Cold Site
28. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
An IS audit
OSI: Transport Layer
A Service Provider audit
The availability of IT systems
29. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Grid Computing
Substantive Testing
Insourcing
OSI: Network Layer
30. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Change management
Volumes of COSO framework
Stay current with technology
Elements of the COSO pyramid
31. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
The Steering Committee
Buffers
Business Realization
Incident Management
32. Handle application processing
Split custody
A Service Provider audit
The availability of IT systems
Application Controls
33. (1.) Link (2.) Internet (3.) Transport (4.) Application
Input validation checking
Audit Methodologies
TCP/IP Network Model
Data Link Layer Standards
34. Framework for auditing and measuring IT Service Management Processes.
WAN Protocols
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
ISO 20000 Standard:
Statistical Sampling
35. Focuses on: post-event recovery and restoration of services
Disaster Recovery
OSI Layer 5: Session
Compliance Testing
Data Link Layer Standards
36. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Notify the Audit Committee
Database primary key
The Requirements
Server cluster
37. Subjective sampling is used when the auditor wants to _________________________.
Annualized Loss Expectance (ALE)
Concentrate on samples known to represent high risk
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Split custody
38. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Information security policy
A Server Cluster
Assess the maturity of its business processes
Variable Sampling
39. A representation of how closely a sample represents an entire population.
Sampling Risk
Recovery time objective
Compliance Testing
Precision means
40. The memory locations in the CPU where arithmetic values are stored.
Database primary key
Referential Integrity
Deming Cycle
Registers
41. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The two Categories of Controls
The Software Program Library
TCP/IP Internet Layer
A Server Cluster
42. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
ISO 20000 Standard:
The best approach for identifying high risk areas for an audit
CPU
The Internet Layer in the TCP/IP model
43. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
A gate process
Input validation checking
Sampling
Inherent Risk
44. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Elements of the COSO pyramid
Variable Sampling
Personnel involved in the requirements phase of a software development project
Examples of Application Controls
45. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Statement of Impact
Power system controls
A Forensic Audit
Attribute Sampling
46. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Resource details
Judgmental sampling
A Forensic Audit
47. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Assess the maturity of its business processes
Separate administrative accounts
An Operational Audit
Formal waterfall
48. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Release management
Cloud computing
Information security policy
Substantive Testing
49. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
OSI Layer 6: Presentation
Structural fires and transportation accidents
The Requirements
Substantive Testing
50. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
A Cold Site
IT standards are not being reviewed often enough
Prblem Management
Tolerable Error Rate
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests