SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Personnel involved in the requirements phase of a software development project
Hash
To identify the tasks that are responsible for project delays
Examples of Application Controls
2. Guide program execution through organization of resources and development of clear project objectives.
Volumes of COSO framework
Project Management Strategies
The Requirements
Stay current with technology
3. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Precision means
Business Continuity
Project change request
Control Unit
4. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Gantt Chart
Inform the auditee
More difficult to perform
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
5. IT Service Management is defined in ___________________ framework.
Three Types of Controls
A Financial Audit
The availability of IT systems
ITIL - IT Infrastructure Library
6. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
WAN Protocols
Release management
Statistical Sampling
Information systems access
7. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Application Controls
PERT Diagram?
Background checks performed
ITIL definition of PROBLEM
8. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Employee termination process
Data Link Layer Standards
Recovery time objective
The typical Configuration Items in Configuration Management
9. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
less than 24 hours
Judgmental sampling
Types of sampling an auditor can perform.
Incident Management
10. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
To identify the tasks that are responsible for project delays
The Requirements
Application Layer protocols
Registers
11. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Structural fires and transportation accidents
OSI Layer 5: Session
Sampling Risk
Stay current with technology
12. The memory locations in the CPU where arithmetic values are stored.
An Integrated Audit
A Sample Mean
Judgmental sampling
Registers
13. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
OSI Layer 7: Application
Change management
Service Continuity Management
Project Management Strategies
14. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Detection Risk
A Forensic Audit
TCP/IP Transport Layer packet delivery
Sample Standard Deviation
15. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
Six steps of the Release Management process
Tolerable Error Rate
General Controls
16. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Attribute Sampling
List of systems examined
Sampling Risk
The Internet Layer in the TCP/IP model
17. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Options for Risk Treatment
The best approach for identifying high risk areas for an audit
Emergency Changes
Configuration Management
18. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The BCP process
Security Awareness program
Stratified Sampling
Variable Sampling
19. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
objective and unbiased
Volumes of COSO framework
Formal waterfall
20. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
OSI Layer 6: Presentation
TCP/IP Transport Layer
The Business Process Life Cycle
OSI: Network Layer
21. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Stratified Sampling
Assess the maturity of its business processes
Stay current with technology
Service Level Management
22. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Notify the Audit Committee
Project Management Strategies
Balanced Scorecard
TCP/IP Transport Layer packet delivery
23. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Elements of the COBIT Framework
Employee termination process
IT executives and the Board of Directors
24. Consists of two main packet transport protocols: TCP and UDP.
Testing activities
Control Risk
Main types of Controls
TCP/IP Transport Layer
25. Used to translate or transform data from lower layers into formats that the application layer can work with.
Compliance Testing
The Release process
OSI Layer 6: Presentation
A Service Provider audit
26. (1.) Physical (2.) Technical (4.) Administrative
OSI: Data Link Layer
Sample Standard Deviation
Three Types of Controls
Separate administrative accounts
27. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Incident Management
Six steps of the Release Management process
Variable Sampling
More difficult to perform
28. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
(1.) Man-made (2.) Natural
Main types of Controls
The typical Configuration Items in Configuration Management
29. PERT: shows the ______________ critical path.
Detection Risk
Current and most up-to-date
OSI Layer 5: Session
Volumes of COSO framework
30. Subjective sampling is used when the auditor wants to _________________________.
Inform the auditee
The 4-item focus of a Balanced Scorecard
Project change request
Concentrate on samples known to represent high risk
31. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
An Operational Audit
(1.) Man-made (2.) Natural
The Internet Layer in the TCP/IP model
32. Handle application processing
Variable Sampling
Application Controls
Detection Risk
Service Level Management
33. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
Capability Maturity Model Integration (CMMI)
(1.) Polices (2.) Procedures (3.) Standards
The Requirements
34. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Antivirus software on the email servers
Insourcing
Substantive Testing (test of transaction integrity)
TCP/IP Network Model
35. (1.) Access controls (2.) Encryption (3.) Audit logging
Application Layer protocols
List of systems examined
Primary security features of relational databases
(1.) Polices (2.) Procedures (3.) Standards
36. An audit that is performed in support of an anticipated or active legal proceeding.
The best approach for identifying high risk areas for an audit
A Forensic Audit
Structural fires and transportation accidents
Elements of the COSO pyramid
37. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Application Layer protocols
Prblem Management
An Operational Audit
(1.) Man-made (2.) Natural
38. Framework for auditing and measuring IT Service Management Processes.
Incident Management
Insourcing
ISO 20000 Standard:
The 7 phases and their order in the SDLC
39. Collections of Controls that work together to achieve an entire range of an organization's objectives.
IT Service Management
Elements of the COBIT Framework
The audit program
Frameworks
40. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
The Eight Types of Audits
IT executives and the Board of Directors
ITIL - IT Infrastructure Library
IT Services Financial Management
41. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
Notify the Audit Committee
Background checks performed
Tolerable Error Rate
42. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Service Continuity Management
Variable Sampling
Prblem Management
Geographic location
43. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Service Continuity Management
The availability of IT systems
Split custody
Security Awareness program
44. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Emergency Changes
TCP/IP Transport Layer packet delivery
WAN Protocols
Detection Risk
45. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Confidence coefficient
Cloud computing
Sampling Risk
A Financial Audit
46. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
less than 24 hours
IT Services Financial Management
Department Charters
ITIL definition of CHANGE MANAGEMENT
47. Used to measure the relative maturity of an organization and its processes.
Assess the maturity of its business processes
Capability Maturity Model
A Financial Audit
Inherent Risk
48. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Current and most up-to-date
The availability of IT systems
Data Link Layer Standards
Blade Computer Architecture
49. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Elements of the COBIT Framework
OSI Layer 6: Presentation
OSI: Physical Layer
Balanced Scorecard
50. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
Server cluster
Inherent Risk
IT Strategy
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests