SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
More difficult to perform
The 4-item focus of a Balanced Scorecard
Elements of the COBIT Framework
Insourcing
2. To communication security policies - procedures - and other security-related information to an organization's employees.
Control Risk
Security Awareness program
Antivirus software on the email servers
TCP/IP Transport Layer packet delivery
3. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
ITIL definition of CHANGE MANAGEMENT
IT executives and the Board of Directors
Elements of the COSO pyramid
TCP/IP Transport Layer
4. (1.) Link (2.) Internet (3.) Transport (4.) Application
Personnel involved in the requirements phase of a software development project
TCP/IP Network Model
Antivirus software on the email servers
Geographic location
5. IT Service Management is defined in ___________________ framework.
Current and most up-to-date
ITIL - IT Infrastructure Library
A Problem
OSI: Physical Layer
6. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
TCP/IP Transport Layer
Wet pipe fire sprinkler system
Main types of Controls
Substantive Testing
7. (1.) Access controls (2.) Encryption (3.) Audit logging
Stay current with technology
A Forensic Audit
A Service Provider audit
Primary security features of relational databases
8. PERT: shows the ______________ critical path.
Entire password for an encryption key
The best approach for identifying high risk areas for an audit
Personnel involved in the requirements phase of a software development project
Current and most up-to-date
9. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
Employees with excessive privileges
Statistical Sampling
Recovery time objective
10. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The audit program
Power system controls
The Release process
OSI Layer 6: Presentation
11. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Information systems access
General Controls
Confidence coefficient
Examples of Application Controls
12. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Entire password for an encryption key
A Virtual Server
Advantages of outsourcing
OSI Layer 5: Session
13. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Three Types of Controls
Statistical Sampling
Expected Error Rate
OSI Layer 5: Session
14. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
Judgmental sampling
Advantages of outsourcing
Blade Computer Architecture
15. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Control Unit
Sampling Risk
ITIL definition of PROBLEM
IT standards are not being reviewed often enough
16. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
IT standards are not being reviewed often enough
A Server Cluster
IT Services Financial Management
17. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Six steps of the Release Management process
Overall audit risk
Antivirus software on the email servers
18. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
A Sample Mean
A gate process
less than 24 hours
Change management
19. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
TCP/IP Transport Layer
SDLC Phases
CPU
Service Level Management
20. Used to determine which business processes are the most critical - by ranking them in order of criticality
A Financial Audit
Criticality analysis
A Virtual Server
Project change request
21. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Critical Path Methodology
A Virtual Server
Business impact analysis
Split custody
22. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Application Controls
Audit logging
Elements of the COBIT Framework
Referential Integrity
23. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
Formal waterfall
A Server Cluster
Sampling Risk
24. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
List of systems examined
Six steps of the Release Management process
Sampling
Antivirus software on the email servers
25. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Inform the auditee
Employees with excessive privileges
Examples of IT General Controls
Frameworks
26. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Configuration Management
Stay current with technology
Three Types of Controls
Structural fires and transportation accidents
27. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Expected Error Rate
Business Continuity
objective and unbiased
28. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Service Continuity Management
Application Layer protocols
Current and most up-to-date
Power system controls
29. A collection of two or more servers that is designed to appear as a single server.
Server cluster
Organizational culture and maturity
Wet pipe fire sprinkler system
Annualized Loss Expectance (ALE)
30. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
Business Realization
The Steering Committee
Registers
31. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
Information security policy
Sample Standard Deviation
Discovery Sampling
32. The maximum period of downtime for a process or application
Application Layer protocols
Detection Risk
Recovery time objective
Control Unit
33. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
Lacks specific expertise or resources to conduct an internal audit
Audit Methodologies
Function Point Analysis
34. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Examples of Application Controls
IT Services Financial Management
Split custody
Testing activities
35. The risk that an IS auditor will overlook errors or exceptions during an audit.
Transport Layer Protocols
Detection Risk
The two Categories of Controls
Six steps of the Release Management process
36. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Judgmental sampling
The typical Configuration Items in Configuration Management
Foreign Key
OSI Layer 5: Session
37. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
A Sample Mean
Hash
Statistical Sampling
IT Strategy
38. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
The Steering Committee
Recovery time objective
Statement of Impact
39. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
A Financial Audit
Inform the auditee
Elements of the COBIT Framework
40. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Input validation checking
A Problem
Substantive Testing (test of transaction integrity)
Database primary key
41. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
An Operational Audit
The first step in a business impact analysis
The 4-item focus of a Balanced Scorecard
42. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
WAN Protocols
Elements of the COSO pyramid
Data Link Layer Standards
More difficult to perform
43. Focuses on: post-event recovery and restoration of services
Disaster Recovery
Blade Computer Architecture
OSI: Physical Layer
Business Realization
44. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Dimensions of the COSO cube
Lacks specific expertise or resources to conduct an internal audit
Substantive Testing (test of transaction integrity)
Concentrate on samples known to represent high risk
45. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The BCP process
The typical Configuration Items in Configuration Management
ITIL definition of CHANGE MANAGEMENT
IT Strategy
46. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
An Operational Audit
A Problem
A Service Provider audit
Antivirus software on the email servers
47. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
The Software Program Library
(1.) Polices (2.) Procedures (3.) Standards
Application Layer protocols
48. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
Audit logging
Variable Sampling
Incident Management
49. A sampling technique where at least one exception is sought in a population
ITIL - IT Infrastructure Library
The Requirements
Business Continuity
Discovery Sampling
50. (1.) Automatic (2.) Manual
An IS audit
The two Categories of Controls
SDLC Phases
Registers
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests