SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Access controls (2.) Encryption (3.) Audit logging
The 5 types of Evidence that the auditor will collect during an audit.
The appropriate role of an IS auditor in a control self-assessment
Detection Risk
Primary security features of relational databases
2. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
The audit program
Advantages of outsourcing
Annualized Loss Expectance (ALE)
ITIL definition of CHANGE MANAGEMENT
3. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Audit Methodologies
Employee termination process
BCP Plans
Expected Error Rate
4. The sum of all samples divided by the number of samples.
Split custody
Discovery Sampling
A Sample Mean
Hash
5. Describes the effect on the business if a process is incapacitated for any appreciable time
An Operational Audit
Statement of Impact
Stop-or-go Sampling
The 5 types of Evidence that the auditor will collect during an audit.
6. The risk that an IS auditor will overlook errors or exceptions during an audit.
Business Realization
The audit program
Three Types of Controls
Detection Risk
7. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Gantt Chart
TCP/IP Transport Layer
Audit logging
A Server Cluster
8. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Frameworks
List of systems examined
Application Layer protocols
To identify the tasks that are responsible for project delays
9. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The BCP process
Control Risk
Sampling Risk
Notify the Audit Committee
10. Gantt: used to display ______________.
Service Level Management
Volumes of COSO framework
Resource details
ISO 20000 Standard:
11. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Organizational culture and maturity
Input validation checking
Categories of risk treatment
SDLC Phases
12. Used to measure the relative maturity of an organization and its processes.
Frameworks
Capability Maturity Model
Wet pipe fire sprinkler system
The Business Process Life Cycle
13. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Business Process Life Cycle
Cloud computing
Gantt Chart
Grid Computing
14. An audit of operational efficiency.
Input validation checking
Capability Maturity Model Integration (CMMI)
An Administrative
Annualized Loss Expectance (ALE)
15. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
OSI: Network Layer
Concentrate on samples known to represent high risk
Personnel involved in the requirements phase of a software development project
Network Layer Protocols
16. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Control Risk
TCP/IP Transport Layer packet delivery
A Compliance audit
less than 24 hours
17. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
An Integrated Audit
The Eight Types of Audits
Notify the Audit Committee
18. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Insourcing
Business Continuity
An Administrative
Frameworks
19. IT Service Management is defined in ___________________ framework.
ITIL - IT Infrastructure Library
Inherent Risk
Entire password for an encryption key
Employee termination process
20. Consists of two main packet transport protocols: TCP and UDP.
Notify the Audit Committee
TCP/IP Transport Layer
Reduced sign-on
Hash
21. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
The typical Configuration Items in Configuration Management
Overall audit risk
Input validation checking
An IS audit
22. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Recovery time objective
Substantive Testing
A Cold Site
23. Support the functioning of the application controls
Documentation and interview personnel
Testing activities
Sampling Risk
General Controls
24. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
The Eight Types of Audits
Information security policy
TCP/IP Internet Layer
25. A maturity model that represents the aggregations of other maturity models.
The typical Configuration Items in Configuration Management
Capability Maturity Model Integration (CMMI)
BCP Plans
General Controls
26. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
OSI Layer 5: Session
Advantages of outsourcing
IT Services Financial Management
27. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Information security policy
Documentation and interview personnel
The 5 types of Evidence that the auditor will collect during an audit.
Service Continuity Management
28. The maximum period of downtime for a process or application
Detection Risk
Segregation of duties issue in a high value process
Recovery time objective
Insourcing
29. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Geographic location
Annualized Loss Expectance (ALE)
Business Continuity
Variable Sampling
30. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information systems access
CPU
Information security policy
Structural fires and transportation accidents
31. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Referential Integrity
Geographic location
Information systems access
Emergency Changes
32. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
The appropriate role of an IS auditor in a control self-assessment
ITIL - IT Infrastructure Library
IT Strategy
33. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
A Compliance audit
(1.) Polices (2.) Procedures (3.) Standards
TCP/IP Transport Layer
To identify the tasks that are responsible for project delays
34. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Critical Path Methodology
Reduced sign-on
Sample Standard Deviation
Overall audit risk
35. Used to translate or transform data from lower layers into formats that the application layer can work with.
Capability Maturity Model Integration (CMMI)
Sampling Risk
An Administrative
OSI Layer 6: Presentation
36. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Criticality analysis
Tolerable Error Rate
ITIL definition of CHANGE MANAGEMENT
Sampling Risk
37. A sampling technique where at least one exception is sought in a population
Configuration Management
Discovery Sampling
SDLC Phases
Sampling Risk
38. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Antivirus software on the email servers
Department Charters
Inform the auditee
Six steps of the Release Management process
39. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
The Steering Committee
Project change request
Judgmental sampling
The first step in a business impact analysis
40. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
Formal waterfall
Employees with excessive privileges
Segregation of duties issue in a high value process
41. To measure organizational performance and effectiveness against strategic goals.
Balanced Scorecard
More difficult to perform
A Service Provider audit
ISO 20000 Standard:
42. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Statement of Impact
Risk Management
Security Awareness program
Organizational culture and maturity
43. Used to estimate the effort required to develop a software program.
Substantive Testing
A Forensic Audit
Function Point Analysis
less than 24 hours
44. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
ITIL definition of PROBLEM
Resource details
Elements of the COSO pyramid
45. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
TCP/IP Internet Layer
Employees with excessive privileges
(1.) Polices (2.) Procedures (3.) Standards
Lacks specific expertise or resources to conduct an internal audit
46. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
TCP/IP Transport Layer
IT Service Management
(1.) Polices (2.) Procedures (3.) Standards
A Problem
47. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Emergency Changes
Split custody
Input validation checking
Stay current with technology
48. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Entire password for an encryption key
Assess the maturity of its business processes
The Release process
Risk Management
49. PERT: shows the ______________ critical path.
Current and most up-to-date
The Steering Committee
Reduced sign-on
Substantive Testing
50. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Sample Standard Deviation
Statistical Sampling
Documentation and interview personnel
The Business Process Life Cycle
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests