SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Incident Management
The Software Program Library
Assess the maturity of its business processes
Capability Maturity Model
2. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
Criticality analysis
Control Unit
An Integrated Audit
3. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
Transport Layer Protocols
OSI: Physical Layer
Insourcing
4. Used to translate or transform data from lower layers into formats that the application layer can work with.
Compliance Testing
Statement of Impact
(1.) Man-made (2.) Natural
OSI Layer 6: Presentation
5. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Configuration Management
Risk Management
Balanced Scorecard
Employees with excessive privileges
6. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Examples of IT General Controls
The Release process
OSI: Data Link Layer
Volumes of COSO framework
7. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Project change request
An Operational Audit
The Release process
To identify the tasks that are responsible for project delays
8. The main hardware component of a computer system - which executes instructions in computer programs.
Sampling Risk
Business impact analysis
CPU
Power system controls
9. IT Governance is most concerned with ________.
The Software Program Library
IT Strategy
Information systems access
Cloud computing
10. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Software Program Library
Rating Scale for Process Maturity
The BCP process
The Eight Types of Audits
11. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Entire password for an encryption key
OSI Layer 5: Session
Substantive Testing
Precision means
12. Defines internal controls and provides guidance for assessing and improving internal control systems.
OSI: Network Layer
Employee termination process
The Eight Types of Audits
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
13. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
objective and unbiased
Change management
Compliance Testing
14. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Capability Maturity Model
WAN Protocols
Balanced Scorecard
Critical Path Methodology
15. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
TCP/IP Network Model
Options for Risk Treatment
Examples of Application Controls
16. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Wet pipe fire sprinkler system
The typical Configuration Items in Configuration Management
A Server Cluster
Foreign Key
17. (1.) Access controls (2.) Encryption (3.) Audit logging
Rating Scale for Process Maturity
Transport Layer Protocols
The 7 phases and their order in the SDLC
Primary security features of relational databases
18. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI: Physical Layer
Security Awareness program
OSI Layer 5: Session
Cloud computing
19. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
An Integrated Audit
SDLC Phases
Compliance Testing
Main types of Controls
20. The inventory of all in-scope business processes and systems
Variable Sampling
PERT Diagram?
The first step in a business impact analysis
Six steps of the Release Management process
21. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
A Financial Audit
TCP/IP Link Layer
Capability Maturity Model
Insourcing
22. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Separate administrative accounts
A Financial Audit
An Operational Audit
Service Level Management
23. An audit that combines an operational audit and a financial audit.
The Internet Layer in the TCP/IP model
Geographic location
An Integrated Audit
Service Continuity Management
24. The sum of all samples divided by the number of samples.
Background checks performed
Statement of Impact
The appropriate role of an IS auditor in a control self-assessment
A Sample Mean
25. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
OSI Layer 7: Application
Gantt Chart
List of systems examined
Cloud computing
26. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Six steps of the Release Management process
Power system controls
Examples of Application Controls
Lacks specific expertise or resources to conduct an internal audit
27. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
Referential Integrity
General Controls
TCP/IP Network Model
28. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Annualized Loss Expectance (ALE)
Inherent Risk
Separate administrative accounts
A Compliance audit
29. A maturity model that represents the aggregations of other maturity models.
Examples of Application Controls
The best approach for identifying high risk areas for an audit
Capability Maturity Model Integration (CMMI)
SDLC Phases
30. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
List of systems examined
Elements of the COBIT Framework
Disaster Recovery
31. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
An Integrated Audit
The best approach for identifying high risk areas for an audit
Antivirus software on the email servers
Advantages of outsourcing
32. (1.) General (2.) Application
A gate process
Annualized Loss Expectance (ALE)
OSI: Transport Layer
Main types of Controls
33. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
IT standards are not being reviewed often enough
less than 24 hours
General Controls
An Operational Audit
34. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
OSI: Data Link Layer
Structural fires and transportation accidents
Configuration Management
Notify the Audit Committee
35. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Security Awareness program
Judgmental sampling
Business impact analysis
The Business Process Life Cycle
36. (1.) Automatic (2.) Manual
Six steps of the Release Management process
The two Categories of Controls
Geographic location
The Internet Layer in the TCP/IP model
37. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
WAN Protocols
Categories of risk treatment
A Virtual Server
IT Service Management
38. An audit of operational efficiency.
Organizational culture and maturity
Referential Integrity
Inherent Risk
An Administrative
39. Used to estimate the effort required to develop a software program.
Capability Maturity Model Integration (CMMI)
Function Point Analysis
Release management
Dimensions of the COSO cube
40. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
Transport Layer Protocols
Grid Computing
Background checks performed
41. Focuses on: post-event recovery and restoration of services
Foreign Key
Tolerable Error Rate
Elements of the COBIT Framework
Disaster Recovery
42. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Six steps of the Release Management process
Department Charters
Antivirus software on the email servers
Control Unit
43. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Network Layer Protocols
Volumes of COSO framework
Insourcing
A Compliance audit
44. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Criticality analysis
The 4-item focus of a Balanced Scorecard
Elements of the COBIT Framework
Foreign Key
45. Disasters are generally grouped in terms of type: ______________.
objective and unbiased
Information systems access
Statistical Sampling
(1.) Man-made (2.) Natural
46. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Stratified Sampling
Employees with excessive privileges
IT Service Management
OSI Layer 7: Application
47. Consists of two main packet transport protocols: TCP and UDP.
Insourcing
Three Types of Controls
TCP/IP Transport Layer
A Sample Mean
48. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Substantive Testing (test of transaction integrity)
Organizational culture and maturity
Buffers
Wet pipe fire sprinkler system
49. An audit of an IS department's operations and systems.
Rating Scale for Process Maturity
An IS audit
Precision means
IT Services Financial Management
50. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Sampling Risk
WAN Protocols
A Financial Audit
General Controls
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests