SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The sum of all samples divided by the number of samples.
ITIL - IT Infrastructure Library
A Sample Mean
Server cluster
Three Types of Controls
2. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Three Types of Controls
OSI: Transport Layer
Options for Risk Treatment
Rating Scale for Process Maturity
3. Used to measure the relative maturity of an organization and its processes.
A Server Cluster
Insourcing
Department Charters
Capability Maturity Model
4. Used to translate or transform data from lower layers into formats that the application layer can work with.
Variable Sampling
The two Categories of Controls
CPU
OSI Layer 6: Presentation
5. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
To identify the tasks that are responsible for project delays
Service Level Management
Stay current with technology
Incident Management
6. Gantt: used to display ______________.
TCP/IP Link Layer
Resource details
Project Management Strategies
ITIL definition of PROBLEM
7. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
A Server Cluster
Employee termination process
OSI: Transport Layer
8. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Organizational culture and maturity
Entire password for an encryption key
Antivirus software on the email servers
Documentation and interview personnel
9. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Cloud computing
Gantt Chart
Inform the auditee
Information security policy
10. IT Service Management is defined in ___________________ framework.
Data Link Layer Standards
Structural fires and transportation accidents
Sampling Risk
ITIL - IT Infrastructure Library
11. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
ITIL definition of CHANGE MANAGEMENT
IT Strategy
Employees with excessive privileges
Stop-or-go Sampling
12. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Types of sampling an auditor can perform.
The typical Configuration Items in Configuration Management
The 5 types of Evidence that the auditor will collect during an audit.
Stratified Sampling
13. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Capability Maturity Model
IT standards are not being reviewed often enough
Types of sampling an auditor can perform.
Statistical Sampling
14. A maturity model that represents the aggregations of other maturity models.
Critical Path Methodology
Capability Maturity Model Integration (CMMI)
Segregation of duties issue in a high value process
TCP/IP Network Model
15. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Business impact analysis
IT Services Financial Management
BCP Plans
Separate administrative accounts
16. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
BCP Plans
The 5 types of Evidence that the auditor will collect during an audit.
Annualized Loss Expectance (ALE)
17. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
A Cold Site
Wet pipe fire sprinkler system
Foreign Key
A Problem
18. (1.) Access controls (2.) Encryption (3.) Audit logging
Stratified Sampling
Emergency Changes
Compliance Testing
Primary security features of relational databases
19. The first major task in a disaster recovery or business continuity planning project.
A Sample Mean
Business impact analysis
Discovery Sampling
WAN Protocols
20. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Insourcing
Grid Computing
Blade Computer Architecture
21. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
The Internet Layer in the TCP/IP model
Sample Standard Deviation
The 5 types of Evidence that the auditor will collect during an audit.
Registers
22. One of a database table's fields - whose value is unique.
Wet pipe fire sprinkler system
An Operational Audit
Database primary key
Frameworks
23. Focuses on: post-event recovery and restoration of services
Annualized Loss Expectance (ALE)
Six steps of the Release Management process
Disaster Recovery
Gantt Chart
24. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Balanced Scorecard
Gantt Chart
TCP/IP Link Layer
The 5 types of Evidence that the auditor will collect during an audit.
25. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Frameworks
A Virtual Server
Buffers
Gantt Chart
26. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Resource details
TCP/IP Internet Layer
Expected Error Rate
BCP Plans
27. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Risk Management
IT Service Management
Wet pipe fire sprinkler system
Resource details
28. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Registers
Department Charters
The BCP process
TCP/IP Transport Layer packet delivery
29. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
A Service Provider audit
Project change request
Wet pipe fire sprinkler system
Documentation and interview personnel
30. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Organizational culture and maturity
An Operational Audit
Elements of the COBIT Framework
Judgmental sampling
31. The risk that an IS auditor will overlook errors or exceptions during an audit.
Buffers
Entire password for an encryption key
An Integrated Audit
Detection Risk
32. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
Application Controls
IT Strategy
Data Link Layer Standards
33. Used to determine which business processes are the most critical - by ranking them in order of criticality
Segregation of duties issue in a high value process
Testing activities
Criticality analysis
Options for Risk Treatment
34. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Vulnerability in the organization's PBX
Gantt Chart
Variable Sampling
Frameworks
35. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Network Layer Protocols
Employee termination process
Service Continuity Management
Three Types of Controls
36. The maximum period of downtime for a process or application
Data Link Layer Standards
A Problem
Recovery time objective
Insourcing
37. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Primary security features of relational databases
Input validation checking
Control Unit
The typical Configuration Items in Configuration Management
38. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Main types of Controls
Function Point Analysis
Recovery time objective
Information systems access
39. Disasters are generally grouped in terms of type: ______________.
List of systems examined
Sample Standard Deviation
Personnel involved in the requirements phase of a software development project
(1.) Man-made (2.) Natural
40. The inventory of all in-scope business processes and systems
A gate process
The first step in a business impact analysis
IT Strategy
Vulnerability in the organization's PBX
41. Used to estimate the effort required to develop a software program.
Controls
Function Point Analysis
Business impact analysis
The Requirements
42. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
OSI: Transport Layer
OSI: Data Link Layer
Business impact analysis
Application Controls
43. ITIL term used to describe the SDLC.
Release management
Stratified Sampling
TCP/IP Internet Layer
The Eight Types of Audits
44. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
IT Strategy
Segregation of duties issue in a high value process
OSI: Transport Layer
Audit Methodologies
45. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Change management
The typical Configuration Items in Configuration Management
ISO 20000 Standard:
objective and unbiased
46. 1.) Executive Support (2.) Well-defined roles and responsibilities.
ITIL definition of CHANGE MANAGEMENT
Information security policy
Resource details
Capability Maturity Model
47. Handle application processing
Application Controls
Audit logging
TCP/IP Transport Layer packet delivery
Stratified Sampling
48. An alternate processing center that contains no information processing equipment.
WAN Protocols
Database primary key
A Cold Site
Main types of Controls
49. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Power system controls
Foreign Key
Options for Risk Treatment
A Compliance audit
50. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Buffers
IT Service Management
Control Unit