SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The sum of all samples divided by the number of samples.
Database primary key
Reduced sign-on
(1.) Man-made (2.) Natural
A Sample Mean
2. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Six steps of the Release Management process
Information systems access
The 5 types of Evidence that the auditor will collect during an audit.
Information security policy
3. Guide program execution through organization of resources and development of clear project objectives.
Attribute Sampling
Project Management Strategies
The 7 phases and their order in the SDLC
SDLC Phases
4. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
TCP/IP Link Layer
To identify the tasks that are responsible for project delays
TCP/IP Internet Layer
Stratified Sampling
5. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
BCP Plans
A Compliance audit
OSI: Network Layer
Separate administrative accounts
6. (1.) Objectives (2.) Components (3.) Business Units / Areas
Elements of the COBIT Framework
Stay current with technology
Dimensions of the COSO cube
Wet pipe fire sprinkler system
7. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Security Awareness program
Inherent Risk
IT standards are not being reviewed often enough
Hash
8. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Frameworks
Structural fires and transportation accidents
Buffers
A Financial Audit
9. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Sample Standard Deviation
Concentrate on samples known to represent high risk
Examples of Application Controls
Separate administrative accounts
10. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
IT executives and the Board of Directors
The Release process
Categories of risk treatment
More difficult to perform
11. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
Application Controls
Split custody
Prblem Management
12. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Dimensions of the COSO cube
OSI: Transport Layer
A Financial Audit
Rating Scale for Process Maturity
13. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Recovery time objective
Background checks performed
Controls
14. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Vulnerability in the organization's PBX
The best approach for identifying high risk areas for an audit
A Financial Audit
BCP Plans
15. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
The typical Configuration Items in Configuration Management
Structural fires and transportation accidents
Capability Maturity Model
A Virtual Server
16. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Incident Management
TCP/IP Link Layer
Notify the Audit Committee
Critical Path Methodology
17. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Project Management Strategies
Incident Management
Tolerable Error Rate
TCP/IP Transport Layer
18. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Organizational culture and maturity
Gantt Chart
Assess the maturity of its business processes
CPU
19. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Release management
Department Charters
The first step in a business impact analysis
A Problem
20. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
IT Services Financial Management
Judgmental sampling
OSI: Transport Layer
Department Charters
21. Used to estimate the effort required to develop a software program.
The two Categories of Controls
Service Level Management
Function Point Analysis
OSI: Transport Layer
22. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Compliance Testing
Critical Path Methodology
The best approach for identifying high risk areas for an audit
Personnel involved in the requirements phase of a software development project
23. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employees with excessive privileges
Database primary key
Deming Cycle
Structural fires and transportation accidents
24. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Elements of the COBIT Framework
A Server Cluster
Organizational culture and maturity
An Operational Audit
25. The inventory of all in-scope business processes and systems
Primary security features of relational databases
Lacks specific expertise or resources to conduct an internal audit
The first step in a business impact analysis
Database primary key
26. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Business impact analysis
OSI: Transport Layer
List of systems examined
Six steps of the Release Management process
27. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
CPU
TCP/IP Transport Layer packet delivery
The Steering Committee
The Requirements
28. IT Governance is most concerned with ________.
Wet pipe fire sprinkler system
Security Awareness program
Project change request
IT Strategy
29. A collection of two or more servers that is designed to appear as a single server.
Controls
Server cluster
PERT Diagram?
The Business Process Life Cycle
30. (1.) Access controls (2.) Encryption (3.) Audit logging
Security Awareness program
OSI: Transport Layer
Network Layer Protocols
Primary security features of relational databases
31. The risk that an IS auditor will overlook errors or exceptions during an audit.
Advantages of outsourcing
Types of sampling an auditor can perform.
Detection Risk
less than 24 hours
32. One of a database table's fields - whose value is unique.
Database primary key
Security Awareness program
IT Service Management
OSI: Transport Layer
33. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Documentation and interview personnel
OSI Layer 7: Application
PERT Diagram?
Hash
34. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Six steps of the Release Management process
IT Strategy
To identify the tasks that are responsible for project delays
Lacks specific expertise or resources to conduct an internal audit
35. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
The best approach for identifying high risk areas for an audit
An Integrated Audit
Application Layer protocols
Organizational culture and maturity
36. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Blade Computer Architecture
Project Management Strategies
Prblem Management
Formal waterfall
37. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
ISO 20000 Standard:
Business impact analysis
Insourcing
TCP/IP Internet Layer
38. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
Stay current with technology
Blade Computer Architecture
Referential Integrity
39. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Main types of Controls
Release management
objective and unbiased
Expected Error Rate
40. ITIL term used to describe the SDLC.
Examples of Application Controls
Reduced sign-on
ITIL - IT Infrastructure Library
Release management
41. An audit that combines an operational audit and a financial audit.
An Integrated Audit
The Software Program Library
Prblem Management
Overall audit risk
42. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Expected Error Rate
Wet pipe fire sprinkler system
Transport Layer Protocols
Inform the auditee
43. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Precision means
A Virtual Server
Advantages of outsourcing
Frameworks
44. A maturity model that represents the aggregations of other maturity models.
IT Service Management
The 5 types of Evidence that the auditor will collect during an audit.
A Sample Mean
Capability Maturity Model Integration (CMMI)
45. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
Grid Computing
The Requirements
Deming Cycle
46. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
An IS audit
Capability Maturity Model Integration (CMMI)
Main types of Controls
Emergency Changes
47. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Cloud computing
OSI: Transport Layer
Assess the maturity of its business processes
Stop-or-go Sampling
48. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
An Integrated Audit
IT Services Financial Management
Sample Standard Deviation
49. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Options for Risk Treatment
Control Risk
Stay current with technology
Server cluster
50. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Options for Risk Treatment
Statement of Impact
A Forensic Audit
Blade Computer Architecture
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests