SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
General Controls
Application Layer protocols
TCP/IP Internet Layer
IT standards are not being reviewed often enough
2. An audit that combines an operational audit and a financial audit.
Sampling Risk
Resource details
An Integrated Audit
TCP/IP Link Layer
3. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Gantt Chart
The Requirements
Service Continuity Management
Audit logging
4. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
Stop-or-go Sampling
Gantt Chart
Capability Maturity Model Integration (CMMI)
5. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Annualized Loss Expectance (ALE)
Security Awareness program
Transport Layer Protocols
Input validation checking
6. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
The Steering Committee
Main types of Controls
List of systems examined
7. Used to estimate the effort required to develop a software program.
Function Point Analysis
SDLC Phases
Sampling Risk
Buffers
8. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Information systems access
Blade Computer Architecture
Discovery Sampling
Substantive Testing (test of transaction integrity)
9. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
ITIL - IT Infrastructure Library
Vulnerability in the organization's PBX
TCP/IP Transport Layer
Incident Management
10. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
(1.) Polices (2.) Procedures (3.) Standards
Geographic location
List of systems examined
Formal waterfall
11. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Database primary key
Server cluster
Statistical Sampling
Types of sampling an auditor can perform.
12. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Controls
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
IT Service Management
Server cluster
13. Focuses on: post-event recovery and restoration of services
Disaster Recovery
Rating Scale for Process Maturity
The two Categories of Controls
Testing activities
14. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Application Controls
Information security policy
Advantages of outsourcing
Reduced sign-on
15. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Audit logging
Separate administrative accounts
Wet pipe fire sprinkler system
OSI Layer 5: Session
16. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
General Controls
OSI Layer 5: Session
Power system controls
17. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Cloud computing
The typical Configuration Items in Configuration Management
Risk Management
A gate process
18. The main hardware component of a computer system - which executes instructions in computer programs.
Main types of Controls
Information security policy
Project change request
CPU
19. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Data Link Layer Standards
ITIL - IT Infrastructure Library
Control Risk
Service Level Management
20. ITIL term used to describe the SDLC.
Project change request
Business impact analysis
Release management
Foreign Key
21. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
Segregation of duties issue in a high value process
ISO 20000 Standard:
TCP/IP Link Layer
22. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Separate administrative accounts
OSI: Data Link Layer
The Release process
The typical Configuration Items in Configuration Management
23. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
Inherent Risk
Entire password for an encryption key
OSI Layer 7: Application
24. The sum of all samples divided by the number of samples.
Confidence coefficient
Vulnerability in the organization's PBX
SDLC Phases
A Sample Mean
25. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Precision means
The typical Configuration Items in Configuration Management
TCP/IP Link Layer
26. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Business Continuity
Primary security features of relational databases
Elements of the COSO pyramid
Personnel involved in the requirements phase of a software development project
27. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
An Administrative
Project change request
Sampling
Project Management Strategies
28. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Geographic location
Department Charters
Antivirus software on the email servers
Cloud computing
29. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Annualized Loss Expectance (ALE)
Frameworks
Information systems access
IT Services Financial Management
30. Framework for auditing and measuring IT Service Management Processes.
Entire password for an encryption key
ISO 20000 Standard:
BCP Plans
Information security policy
31. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Expected Error Rate
Cloud computing
Deming Cycle
Sampling Risk
32. A maturity model that represents the aggregations of other maturity models.
Judgmental sampling
List of systems examined
Expected Error Rate
Capability Maturity Model Integration (CMMI)
33. Delivery of packets from one station to another - on the same network or on different networks.
Grid Computing
The Internet Layer in the TCP/IP model
Gantt Chart
Release management
34. A collection of two or more servers that is designed to appear as a single server.
The 4-item focus of a Balanced Scorecard
Segregation of duties issue in a high value process
Server cluster
Control Risk
35. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Emergency Changes
TCP/IP Internet Layer
ITIL definition of CHANGE MANAGEMENT
Information systems access
36. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Prblem Management
Service Level Management
Gantt Chart
Examples of Application Controls
37. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Background checks performed
IT standards are not being reviewed often enough
The Requirements
ITIL definition of PROBLEM
38. PERT: shows the ______________ critical path.
Vulnerability in the organization's PBX
Inform the auditee
The Release process
Current and most up-to-date
39. The risk that an IS auditor will overlook errors or exceptions during an audit.
Antivirus software on the email servers
General Controls
BCP Plans
Detection Risk
40. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
The Steering Committee
Split custody
Elements of the COBIT Framework
The first step in a business impact analysis
41. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Options for Risk Treatment
Notify the Audit Committee
Entire password for an encryption key
Advantages of outsourcing
42. (1.) Link (2.) Internet (3.) Transport (4.) Application
Attribute Sampling
TCP/IP Network Model
Registers
Reduced sign-on
43. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Service Continuity Management
TCP/IP Internet Layer
More difficult to perform
Stay current with technology
44. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Deming Cycle
Transport Layer Protocols
List of systems examined
Sampling Risk
45. An audit of a third-party organization that provides services to other organizations.
The availability of IT systems
A Service Provider audit
Precision means
TCP/IP Internet Layer
46. An audit of an IS department's operations and systems.
An IS audit
CPU
Examples of Application Controls
The 5 types of Evidence that the auditor will collect during an audit.
47. IT Service Management is defined in ___________________ framework.
ITIL - IT Infrastructure Library
Primary security features of relational databases
The 7 phases and their order in the SDLC
The first step in a business impact analysis
48. An audit of operational efficiency.
Attribute Sampling
Statistical Sampling
An Administrative
Sampling Risk
49. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
The Internet Layer in the TCP/IP model
Department Charters
Capability Maturity Model Integration (CMMI)
Critical Path Methodology
50. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
TCP/IP Link Layer
Six steps of the Release Management process
Server cluster
The audit program
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests