SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
TCP/IP Network Model
Precision means
Security Awareness program
2. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Elements of the COSO pyramid
Examples of IT General Controls
A Problem
Controls
3. Used to measure the relative maturity of an organization and its processes.
WAN Protocols
Capability Maturity Model
Referential Integrity
Business Continuity
4. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
More difficult to perform
Background checks performed
Expected Error Rate
Registers
5. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Information systems access
Confidence coefficient
Separate administrative accounts
The first step in a business impact analysis
6. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Gantt Chart
Three Types of Controls
Hash
Power system controls
7. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Documentation and interview personnel
ITIL definition of PROBLEM
Advantages of outsourcing
Blade Computer Architecture
8. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Detection Risk
Expected Error Rate
ITIL definition of CHANGE MANAGEMENT
Cloud computing
9. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
IT Strategy
A Problem
Precision means
10. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
The best approach for identifying high risk areas for an audit
Segregation of duties issue in a high value process
Structural fires and transportation accidents
Change management
11. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
WAN Protocols
TCP/IP Transport Layer
Rating Scale for Process Maturity
Inform the auditee
12. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
The Eight Types of Audits
OSI: Data Link Layer
TCP/IP Network Model
Wet pipe fire sprinkler system
13. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Volumes of COSO framework
Release management
Recovery time objective
Statistical Sampling
14. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Input validation checking
Examples of Application Controls
OSI Layer 5: Session
Database primary key
15. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
PERT Diagram?
IT Services Financial Management
Sampling Risk
Options for Risk Treatment
16. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Audit Methodologies
To identify the tasks that are responsible for project delays
A Compliance audit
The Eight Types of Audits
17. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
The audit program
OSI: Data Link Layer
Sample Standard Deviation
OSI Layer 6: Presentation
18. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
The Internet Layer in the TCP/IP model
Precision means
ITIL definition of PROBLEM
Business impact analysis
19. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
OSI Layer 7: Application
Business Continuity
Network Layer Protocols
TCP/IP Internet Layer
20. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
The Steering Committee
IT Services Financial Management
Capability Maturity Model Integration (CMMI)
Emergency Changes
21. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
ISO 20000 Standard:
Data Link Layer Standards
More difficult to perform
Separate administrative accounts
22. The first major task in a disaster recovery or business continuity planning project.
Testing activities
The appropriate role of an IS auditor in a control self-assessment
Audit logging
Business impact analysis
23. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Information security policy
Frameworks
A Virtual Server
SDLC Phases
24. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
IT Strategy
Reduced sign-on
Project change request
The typical Configuration Items in Configuration Management
25. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Inherent Risk
Concentrate on samples known to represent high risk
Background checks performed
26. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Main types of Controls
Department Charters
The Steering Committee
Service Continuity Management
27. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
Testing activities
A Forensic Audit
Deming Cycle
28. The sum of all samples divided by the number of samples.
Referential Integrity
Cloud computing
Three Types of Controls
A Sample Mean
29. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
The Software Program Library
WAN Protocols
Information security policy
Three Types of Controls
30. Support the functioning of the application controls
Grid Computing
General Controls
Annualized Loss Expectance (ALE)
Application Controls
31. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
OSI Layer 7: Application
Prblem Management
The Software Program Library
A Sample Mean
32. An alternate processing center that contains no information processing equipment.
A Cold Site
Emergency Changes
OSI Layer 6: Presentation
The Steering Committee
33. Consists of two main packet transport protocols: TCP and UDP.
Three Types of Controls
Inherent Risk
Grid Computing
TCP/IP Transport Layer
34. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Sampling
OSI: Physical Layer
Resource details
Dimensions of the COSO cube
35. ITIL term used to describe the SDLC.
Hash
The appropriate role of an IS auditor in a control self-assessment
TCP/IP Link Layer
Release management
36. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Function Point Analysis
Volumes of COSO framework
Security Awareness program
37. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Cloud computing
Wet pipe fire sprinkler system
Change management
Sampling Risk
38. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
OSI: Network Layer
IT Service Management
List of systems examined
39. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Power system controls
BCP Plans
Compliance Testing
Personnel involved in the requirements phase of a software development project
40. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
Input validation checking
The Release process
OSI: Network Layer
41. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Types of sampling an auditor can perform.
Audit Methodologies
Gantt Chart
less than 24 hours
42. Gantt: used to display ______________.
Resource details
Precision means
Buffers
Split custody
43. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Change management
Buffers
Detection Risk
Segregation of duties issue in a high value process
44. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Advantages of outsourcing
Personnel involved in the requirements phase of a software development project
Split custody
Wet pipe fire sprinkler system
45. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Background checks performed
OSI: Transport Layer
The first step in a business impact analysis
Control Risk
46. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Configuration Management
Primary security features of relational databases
The 4-item focus of a Balanced Scorecard
The Internet Layer in the TCP/IP model
47. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Emergency Changes
Business Realization
TCP/IP Network Model
Prblem Management
48. Guide program execution through organization of resources and development of clear project objectives.
Entire password for an encryption key
Project Management Strategies
Network Layer Protocols
Sampling Risk
49. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
ISO 20000 Standard:
Insourcing
Six steps of the Release Management process
Precision means
50. (1.) Objectives (2.) Components (3.) Business Units / Areas
OSI: Data Link Layer
Dimensions of the COSO cube
Network Layer Protocols
Capability Maturity Model
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests