SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Main types of Controls
Structural fires and transportation accidents
WAN Protocols
A Server Cluster
2. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Information security policy
An Operational Audit
Examples of IT General Controls
Hash
3. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Department Charters
The Steering Committee
The audit program
SDLC Phases
4. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
IT executives and the Board of Directors
A Virtual Server
Advantages of outsourcing
IT standards are not being reviewed often enough
5. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Recovery time objective
Capability Maturity Model Integration (CMMI)
TCP/IP Transport Layer
Geographic location
6. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
Segregation of duties issue in a high value process
Referential Integrity
PERT Diagram?
7. A collection of two or more servers that is designed to appear as a single server.
Separate administrative accounts
Server cluster
Primary security features of relational databases
Discovery Sampling
8. Used to determine which business processes are the most critical - by ranking them in order of criticality
Inherent Risk
Current and most up-to-date
An Operational Audit
Criticality analysis
9. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
The Eight Types of Audits
Testing activities
Statistical Sampling
The Requirements
10. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Rating Scale for Process Maturity
ITIL - IT Infrastructure Library
Project change request
Employees with excessive privileges
11. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Reduced sign-on
An Integrated Audit
Types of sampling an auditor can perform.
Power system controls
12. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Segregation of duties issue in a high value process
Statement of Impact
Categories of risk treatment
Judgmental sampling
13. One of a database table's fields - whose value is unique.
Audit Methodologies
Variable Sampling
TCP/IP Transport Layer packet delivery
Database primary key
14. Concerned with electrical and physical specifications for devices. No frames or packets involved.
(1.) Polices (2.) Procedures (3.) Standards
WAN Protocols
OSI: Physical Layer
Inform the auditee
15. An audit that combines an operational audit and a financial audit.
A Cold Site
Examples of IT General Controls
An Integrated Audit
A Compliance audit
16. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Formal waterfall
Resource details
More difficult to perform
Segregation of duties issue in a high value process
17. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Examples of IT General Controls
Documentation and interview personnel
Referential Integrity
Balanced Scorecard
18. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
Information security policy
Rating Scale for Process Maturity
Formal waterfall
19. The sum of all samples divided by the number of samples.
Audit logging
A Sample Mean
Testing activities
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
20. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Sampling Risk
OSI Layer 6: Presentation
Audit Methodologies
Segregation of duties issue in a high value process
21. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
The best approach for identifying high risk areas for an audit
Emergency Changes
Application Layer protocols
OSI: Data Link Layer
22. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
To identify the tasks that are responsible for project delays
Business Continuity
Concentrate on samples known to represent high risk
23. The main hardware component of a computer system - which executes instructions in computer programs.
The Eight Types of Audits
Primary security features of relational databases
Audit Methodologies
CPU
24. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Expected Error Rate
OSI Layer 7: Application
Detection Risk
Sample Standard Deviation
25. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Reduced sign-on
Categories of risk treatment
More difficult to perform
The Eight Types of Audits
26. IT Service Management is defined in ___________________ framework.
A Financial Audit
ITIL - IT Infrastructure Library
Risk Management
A Problem
27. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
Hash
Controls
OSI Layer 7: Application
28. Support the functioning of the application controls
IT standards are not being reviewed often enough
Wet pipe fire sprinkler system
Data Link Layer Standards
General Controls
29. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Options for Risk Treatment
A Forensic Audit
Grid Computing
Confidence coefficient
30. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Current and most up-to-date
TCP/IP Network Model
Information systems access
Business Continuity
31. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Blade Computer Architecture
The Internet Layer in the TCP/IP model
Resource details
Control Risk
32. An audit that is performed in support of an anticipated or active legal proceeding.
To identify the tasks that are responsible for project delays
OSI Layer 5: Session
A Forensic Audit
Project Management Strategies
33. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Transport Layer Protocols
Types of sampling an auditor can perform.
less than 24 hours
Elements of the COSO pyramid
34. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Frameworks
Critical Path Methodology
Power system controls
OSI Layer 5: Session
35. (1.) General (2.) Application
The Eight Types of Audits
Main types of Controls
Substantive Testing (test of transaction integrity)
Geographic location
36. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
Split custody
Employees with excessive privileges
The BCP process
37. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Balanced Scorecard
Advantages of outsourcing
Criticality analysis
A Server Cluster
38. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
OSI Layer 5: Session
Overall audit risk
Employee termination process
ITIL definition of CHANGE MANAGEMENT
39. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
IT executives and the Board of Directors
The typical Configuration Items in Configuration Management
The first step in a business impact analysis
The Requirements
40. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Sample Standard Deviation
Current and most up-to-date
Emergency Changes
Vulnerability in the organization's PBX
41. Used to estimate the effort required to develop a software program.
Function Point Analysis
The Steering Committee
Cloud computing
Reduced sign-on
42. PERT: shows the ______________ critical path.
To identify the tasks that are responsible for project delays
The Software Program Library
Current and most up-to-date
Data Link Layer Standards
43. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
Inform the auditee
The Release process
WAN Protocols
44. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
A Service Provider audit
Types of sampling an auditor can perform.
Sampling Risk
Examples of Application Controls
45. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
Employees with excessive privileges
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Precision means
46. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Application Layer protocols
Registers
Elements of the COSO pyramid
Input validation checking
47. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Insourcing
Referential Integrity
Testing activities
Sampling Risk
48. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Cloud computing
Grid Computing
Project change request
IT Service Management
49. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Main types of Controls
Categories of risk treatment
Sampling
An Administrative
50. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
A Financial Audit
Wet pipe fire sprinkler system
Audit logging
Attribute Sampling
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests