SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
Cloud computing
Advantages of outsourcing
Application Layer protocols
2. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Registers
Control Unit
Organizational culture and maturity
Geographic location
3. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
The Internet Layer in the TCP/IP model
A Compliance audit
An IS audit
TCP/IP Transport Layer packet delivery
4. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Personnel involved in the requirements phase of a software development project
Substantive Testing
Current and most up-to-date
Volumes of COSO framework
5. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
Expected Error Rate
Data Link Layer Standards
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
6. Focuses on: post-event recovery and restoration of services
Disaster Recovery
Configuration Management
Transport Layer Protocols
Wet pipe fire sprinkler system
7. Gantt: used to display ______________.
A Problem
Judgmental sampling
Resource details
An Administrative
8. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
Input validation checking
An Administrative
Employee termination process
9. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Network Layer Protocols
More difficult to perform
The 4-item focus of a Balanced Scorecard
Sampling
10. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Grid Computing
Business Realization
To identify the tasks that are responsible for project delays
Attribute Sampling
11. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
A Problem
IT standards are not being reviewed often enough
The two Categories of Controls
Attribute Sampling
12. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Employees with excessive privileges
Substantive Testing (test of transaction integrity)
IT Strategy
Annualized Loss Expectance (ALE)
13. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Business impact analysis
Sampling Risk
Emergency Changes
Audit logging
14. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Segregation of duties issue in a high value process
The Business Process Life Cycle
Service Level Management
Application Layer protocols
15. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
The BCP process
Deming Cycle
Change management
16. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
The Eight Types of Audits
Input validation checking
Emergency Changes
Blade Computer Architecture
17. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
An Operational Audit
Business impact analysis
Discovery Sampling
18. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Background checks performed
To identify the tasks that are responsible for project delays
IT standards are not being reviewed often enough
TCP/IP Internet Layer
19. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Antivirus software on the email servers
OSI: Transport Layer
IT standards are not being reviewed often enough
Control Risk
20. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
less than 24 hours
Sampling
Dimensions of the COSO cube
21. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
Business impact analysis
Expected Error Rate
Criticality analysis
22. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
Capability Maturity Model Integration (CMMI)
Assess the maturity of its business processes
Capability Maturity Model
23. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Information systems access
The Steering Committee
Options for Risk Treatment
The typical Configuration Items in Configuration Management
24. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Release management
Substantive Testing
Entire password for an encryption key
Testing activities
25. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
A Forensic Audit
Confidence coefficient
Employee termination process
Structural fires and transportation accidents
26. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
More difficult to perform
Cloud computing
Geographic location
The Eight Types of Audits
27. The memory locations in the CPU where arithmetic values are stored.
Separate administrative accounts
Registers
Testing activities
A Compliance audit
28. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
IT Service Management
Registers
Categories of risk treatment
(1.) Polices (2.) Procedures (3.) Standards
29. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
A Compliance audit
IT executives and the Board of Directors
Antivirus software on the email servers
Documentation and interview personnel
30. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Lacks specific expertise or resources to conduct an internal audit
A Virtual Server
Business Realization
OSI: Network Layer
31. To measure organizational performance and effectiveness against strategic goals.
Recovery time objective
Balanced Scorecard
Project Management Strategies
List of systems examined
32. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
BCP Plans
Types of sampling an auditor can perform.
Substantive Testing
Examples of IT General Controls
33. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
The 5 types of Evidence that the auditor will collect during an audit.
Insourcing
Structural fires and transportation accidents
Three Types of Controls
34. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Stay current with technology
IT standards are not being reviewed often enough
Wet pipe fire sprinkler system
IT Services Financial Management
35. Contains programs that communicate directly with the end user.
OSI Layer 7: Application
Frameworks
Entire password for an encryption key
Configuration Management
36. (1.) TCP (2.) UDP
Transport Layer Protocols
Recovery time objective
Project change request
Testing activities
37. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
The best approach for identifying high risk areas for an audit
Substantive Testing (test of transaction integrity)
Resource details
The Requirements
38. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Stop-or-go Sampling
Sample Standard Deviation
Concentrate on samples known to represent high risk
Segregation of duties issue in a high value process
39. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
objective and unbiased
The 4-item focus of a Balanced Scorecard
A Service Provider audit
Employees with excessive privileges
40. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
OSI Layer 6: Presentation
less than 24 hours
Judgmental sampling
41. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Release management
A gate process
Department Charters
Control Risk
42. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Cloud computing
Deming Cycle
PERT Diagram?
Gantt Chart
43. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Stop-or-go Sampling
Types of sampling an auditor can perform.
Inform the auditee
IT Services Financial Management
44. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
Recovery time objective
A Forensic Audit
Antivirus software on the email servers
45. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Business impact analysis
Critical Path Methodology
Entire password for an encryption key
Concentrate on samples known to represent high risk
46. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Business Realization
Change management
Gantt Chart
Volumes of COSO framework
47. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
The typical Configuration Items in Configuration Management
Blade Computer Architecture
Resource details
Geographic location
48. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
OSI: Network Layer
Stay current with technology
Emergency Changes
The typical Configuration Items in Configuration Management
49. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
A Forensic Audit
The typical Configuration Items in Configuration Management
Power system controls
Balanced Scorecard
50. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Risk Management
Reduced sign-on
Emergency Changes
Stratified Sampling
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests