SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Examples of IT General Controls
Audit logging
less than 24 hours
Split custody
2. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Service Continuity Management
A Server Cluster
Geographic location
IT executives and the Board of Directors
3. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Wet pipe fire sprinkler system
Foreign Key
TCP/IP Network Model
4. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
The Release process
Network Layer Protocols
Control Unit
Hash
5. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
Attribute Sampling
Stop-or-go Sampling
Configuration Management
6. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
An Administrative
IT Service Management
Employees with excessive privileges
The Release process
7. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Stop-or-go Sampling
OSI Layer 5: Session
Stratified Sampling
Documentation and interview personnel
8. IT Service Management is defined in ___________________ framework.
Department Charters
ITIL - IT Infrastructure Library
The appropriate role of an IS auditor in a control self-assessment
ITIL definition of CHANGE MANAGEMENT
9. The maximum period of downtime for a process or application
Rating Scale for Process Maturity
Recovery time objective
Data Link Layer Standards
An Integrated Audit
10. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
IT Strategy
Deming Cycle
IT standards are not being reviewed often enough
Expected Error Rate
11. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
PERT Diagram?
OSI: Network Layer
An IS audit
An Operational Audit
12. Disasters are generally grouped in terms of type: ______________.
Grid Computing
(1.) Man-made (2.) Natural
Detection Risk
Controls
13. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Antivirus software on the email servers
A Server Cluster
Service Continuity Management
Examples of IT General Controls
14. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Entire password for an encryption key
A Service Provider audit
Business Continuity
Stratified Sampling
15. Used to determine which business processes are the most critical - by ranking them in order of criticality
The appropriate role of an IS auditor in a control self-assessment
OSI: Data Link Layer
Criticality analysis
The BCP process
16. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
BCP Plans
Network Layer Protocols
Types of sampling an auditor can perform.
Incident Management
17. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Attribute Sampling
Data Link Layer Standards
Elements of the COBIT Framework
Expected Error Rate
18. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The availability of IT systems
A Compliance audit
Function Point Analysis
Stratified Sampling
19. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Substantive Testing (test of transaction integrity)
OSI: Transport Layer
Blade Computer Architecture
Resource details
20. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
Detection Risk
A Financial Audit
Six steps of the Release Management process
21. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
TCP/IP Network Model
Audit logging
Service Continuity Management
22. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Gantt Chart
The Software Program Library
Segregation of duties issue in a high value process
23. An audit that combines an operational audit and a financial audit.
Server cluster
Change management
An Integrated Audit
Overall audit risk
24. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Data Link Layer Standards
Sampling
An Administrative
25. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
ITIL - IT Infrastructure Library
(1.) Polices (2.) Procedures (3.) Standards
Elements of the COSO pyramid
26. One of a database table's fields - whose value is unique.
OSI Layer 5: Session
Database primary key
Six steps of the Release Management process
A Compliance audit
27. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
General Controls
The BCP process
Vulnerability in the organization's PBX
28. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
The best approach for identifying high risk areas for an audit
Separate administrative accounts
Confidence coefficient
Rating Scale for Process Maturity
29. A representation of how closely a sample represents an entire population.
Incident Management
The Steering Committee
Statement of Impact
Precision means
30. Framework for auditing and measuring IT Service Management Processes.
Control Risk
Audit logging
ISO 20000 Standard:
Dimensions of the COSO cube
31. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Stratified Sampling
Inherent Risk
An Integrated Audit
TCP/IP Link Layer
32. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Control Risk
Release management
Registers
33. Delivery of packets from one station to another - on the same network or on different networks.
Elements of the COBIT Framework
Resource details
Information security policy
The Internet Layer in the TCP/IP model
34. A maturity model that represents the aggregations of other maturity models.
WAN Protocols
Function Point Analysis
ISO 20000 Standard:
Capability Maturity Model Integration (CMMI)
35. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
An Operational Audit
Wet pipe fire sprinkler system
Examples of IT General Controls
Deming Cycle
36. An audit of an IS department's operations and systems.
Business Continuity
Personnel involved in the requirements phase of a software development project
An IS audit
The BCP process
37. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Information systems access
OSI Layer 6: Presentation
WAN Protocols
More difficult to perform
38. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
A Problem
The Requirements
Structural fires and transportation accidents
Annualized Loss Expectance (ALE)
39. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
The BCP process
Insourcing
The appropriate role of an IS auditor in a control self-assessment
More difficult to perform
40. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Antivirus software on the email servers
Concentrate on samples known to represent high risk
Foreign Key
Grid Computing
41. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
Cloud computing
Server cluster
Personnel involved in the requirements phase of a software development project
42. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
TCP/IP Network Model
TCP/IP Transport Layer packet delivery
IT Services Financial Management
The Software Program Library
43. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Capability Maturity Model Integration (CMMI)
Compliance Testing
Substantive Testing
Sampling Risk
44. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
The Internet Layer in the TCP/IP model
Precision means
WAN Protocols
45. Focuses on: post-event recovery and restoration of services
An IS audit
Disaster Recovery
Examples of IT General Controls
Variable Sampling
46. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Annualized Loss Expectance (ALE)
Dimensions of the COSO cube
Sampling Risk
OSI: Transport Layer
47. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
TCP/IP Link Layer
Power system controls
Rating Scale for Process Maturity
Prblem Management
48. An audit of a third-party organization that provides services to other organizations.
Business Continuity
The typical Configuration Items in Configuration Management
Three Types of Controls
A Service Provider audit
49. (1.) General (2.) Application
Database primary key
Main types of Controls
A gate process
Tolerable Error Rate
50. (1.) Link (2.) Internet (3.) Transport (4.) Application
Statement of Impact
Inform the auditee
TCP/IP Network Model
Separate administrative accounts
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests