SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Data Link Layer Standards
Critical Path Methodology
Registers
Incident Management
2. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
Compliance Testing
The appropriate role of an IS auditor in a control self-assessment
Project Management Strategies
3. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
A Compliance audit
Options for Risk Treatment
Employees with excessive privileges
Sampling Risk
4. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Geographic location
SDLC Phases
The availability of IT systems
A Sample Mean
5. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
IT Service Management
ITIL - IT Infrastructure Library
Emergency Changes
Information systems access
6. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
The Release process
Testing activities
Referential Integrity
Overall audit risk
7. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Sample Standard Deviation
Business Continuity
Service Level Management
A Server Cluster
8. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Substantive Testing (test of transaction integrity)
A Forensic Audit
Annualized Loss Expectance (ALE)
A gate process
9. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Network Layer Protocols
The Software Program Library
Information systems access
Personnel involved in the requirements phase of a software development project
10. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Gantt Chart
Types of sampling an auditor can perform.
The Steering Committee
Substantive Testing
11. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Information systems access
Rating Scale for Process Maturity
WAN Protocols
IT Service Management
12. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
To identify the tasks that are responsible for project delays
Insourcing
Examples of IT General Controls
SDLC Phases
13. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Concentrate on samples known to represent high risk
Judgmental sampling
ITIL definition of PROBLEM
14. Used to estimate the effort required to develop a software program.
Split custody
ITIL definition of PROBLEM
Function Point Analysis
OSI Layer 5: Session
15. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Lacks specific expertise or resources to conduct an internal audit
Audit Methodologies
Stratified Sampling
Antivirus software on the email servers
16. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Reduced sign-on
Confidence coefficient
Testing activities
Stay current with technology
17. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Statement of Impact
Lacks specific expertise or resources to conduct an internal audit
Gantt Chart
Buffers
18. A collection of two or more servers that is designed to appear as a single server.
The availability of IT systems
Server cluster
IT Strategy
Dimensions of the COSO cube
19. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Function Point Analysis
Project change request
Split custody
A Financial Audit
20. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Business Realization
Hash
Examples of IT General Controls
Network Layer Protocols
21. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
WAN Protocols
Audit Methodologies
The Internet Layer in the TCP/IP model
Attribute Sampling
22. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
The BCP process
Statement of Impact
Input validation checking
Power system controls
23. The maximum period of downtime for a process or application
Sampling
Controls
Balanced Scorecard
Recovery time objective
24. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Information systems access
Stratified Sampling
The availability of IT systems
25. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Balanced Scorecard
Application Layer protocols
The best approach for identifying high risk areas for an audit
OSI Layer 7: Application
26. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Testing activities
Sampling Risk
Personnel involved in the requirements phase of a software development project
The Eight Types of Audits
27. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
The appropriate role of an IS auditor in a control self-assessment
Balanced Scorecard
The two Categories of Controls
Deming Cycle
28. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Sampling Risk
Substantive Testing (test of transaction integrity)
Business Realization
Information systems access
29. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
A Cold Site
Department Charters
Structural fires and transportation accidents
Elements of the COBIT Framework
30. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Primary security features of relational databases
A Sample Mean
IT Services Financial Management
Application Layer protocols
31. (1.) Access controls (2.) Encryption (3.) Audit logging
Three Types of Controls
Geographic location
Primary security features of relational databases
Expected Error Rate
32. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
SDLC Phases
The Release process
An Administrative
OSI: Network Layer
33. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Buffers
List of systems examined
Substantive Testing (test of transaction integrity)
34. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Function Point Analysis
BCP Plans
TCP/IP Network Model
35. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
The Requirements
OSI: Physical Layer
Registers
Options for Risk Treatment
36. To measure organizational performance and effectiveness against strategic goals.
Personnel involved in the requirements phase of a software development project
Balanced Scorecard
Disaster Recovery
Department Charters
37. An audit that combines an operational audit and a financial audit.
Sampling Risk
An Integrated Audit
Department Charters
Attribute Sampling
38. An audit of operational efficiency.
Registers
An Administrative
Hash
Lacks specific expertise or resources to conduct an internal audit
39. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
IT executives and the Board of Directors
Primary security features of relational databases
Service Continuity Management
Elements of the COBIT Framework
40. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
Split custody
The 5 types of Evidence that the auditor will collect during an audit.
Sampling Risk
41. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
Audit Methodologies
Split custody
Buffers
42. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
TCP/IP Network Model
ITIL definition of CHANGE MANAGEMENT
Hash
Risk Management
43. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
(1.) Polices (2.) Procedures (3.) Standards
Six steps of the Release Management process
Inherent Risk
44. IT Service Management is defined in ___________________ framework.
ITIL - IT Infrastructure Library
Change management
A Cold Site
Compliance Testing
45. Collections of Controls that work together to achieve an entire range of an organization's objectives.
The Internet Layer in the TCP/IP model
Confidence coefficient
Antivirus software on the email servers
Frameworks
46. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Business Continuity
Organizational culture and maturity
PERT Diagram?
Resource details
47. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Sampling Risk
Examples of Application Controls
Capability Maturity Model
The two Categories of Controls
48. PERT: shows the ______________ critical path.
Current and most up-to-date
Business impact analysis
Documentation and interview personnel
IT Strategy
49. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Geographic location
Three Types of Controls
ITIL definition of CHANGE MANAGEMENT
Audit logging
50. Used to measure the relative maturity of an organization and its processes.
Capability Maturity Model
Employees with excessive privileges
A Sample Mean
TCP/IP Transport Layer
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests