SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Background checks performed
Notify the Audit Committee
Separate administrative accounts
TCP/IP Link Layer
2. An audit of operational efficiency.
Information security policy
Network Layer Protocols
Vulnerability in the organization's PBX
An Administrative
3. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Project Management Strategies
The Business Process Life Cycle
A Server Cluster
Employees with excessive privileges
4. The maximum period of downtime for a process or application
The first step in a business impact analysis
Recovery time objective
ITIL definition of CHANGE MANAGEMENT
Incident Management
5. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Attribute Sampling
OSI: Transport Layer
Inform the auditee
Capability Maturity Model Integration (CMMI)
6. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Statistical Sampling
Compliance Testing
An Integrated Audit
7. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Inherent Risk
Power system controls
The Requirements
Sampling Risk
8. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Critical Path Methodology
Capability Maturity Model Integration (CMMI)
Vulnerability in the organization's PBX
Risk Management
9. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
The first step in a business impact analysis
ITIL definition of PROBLEM
TCP/IP Transport Layer packet delivery
Variable Sampling
10. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
TCP/IP Internet Layer
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Sampling
The Steering Committee
11. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Notify the Audit Committee
Emergency Changes
BCP Plans
(1.) Man-made (2.) Natural
12. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Elements of the COBIT Framework
The Software Program Library
Power system controls
The 4-item focus of a Balanced Scorecard
13. One of a database table's fields - whose value is unique.
Database primary key
Sample Standard Deviation
Application Layer protocols
Substantive Testing (test of transaction integrity)
14. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
Compliance Testing
Judgmental sampling
Concentrate on samples known to represent high risk
15. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Control Risk
Criticality analysis
IT Service Management
Examples of Application Controls
16. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
A Financial Audit
A Cold Site
Business Realization
17. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
Formal waterfall
ITIL definition of CHANGE MANAGEMENT
Employee termination process
18. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
TCP/IP Internet Layer
TCP/IP Transport Layer packet delivery
Statement of Impact
Elements of the COBIT Framework
19. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Expected Error Rate
OSI: Transport Layer
OSI Layer 5: Session
The Eight Types of Audits
20. Support the functioning of the application controls
TCP/IP Network Model
General Controls
Referential Integrity
Antivirus software on the email servers
21. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Function Point Analysis
Stop-or-go Sampling
objective and unbiased
Frameworks
22. The inventory of all in-scope business processes and systems
The audit program
Reduced sign-on
The first step in a business impact analysis
Discovery Sampling
23. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Criticality analysis
A Sample Mean
Organizational culture and maturity
Critical Path Methodology
24. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Audit Methodologies
A gate process
Stratified Sampling
Blade Computer Architecture
25. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
OSI: Data Link Layer
Prblem Management
ITIL - IT Infrastructure Library
Department Charters
26. Used to measure the relative maturity of an organization and its processes.
Capability Maturity Model
Volumes of COSO framework
Cloud computing
To identify the tasks that are responsible for project delays
27. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Hash
General Controls
Dimensions of the COSO cube
Network Layer Protocols
28. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Stay current with technology
ITIL definition of PROBLEM
Application Layer protocols
Prblem Management
29. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
TCP/IP Transport Layer
Assess the maturity of its business processes
Organizational culture and maturity
30. Used to determine which business processes are the most critical - by ranking them in order of criticality
Options for Risk Treatment
Detection Risk
Criticality analysis
Vulnerability in the organization's PBX
31. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Concentrate on samples known to represent high risk
An Operational Audit
Formal waterfall
OSI: Physical Layer
32. (1.) General (2.) Application
Elements of the COSO pyramid
An Integrated Audit
Main types of Controls
Buffers
33. An audit that is performed in support of an anticipated or active legal proceeding.
less than 24 hours
OSI: Transport Layer
A Forensic Audit
OSI: Physical Layer
34. Subjective sampling is used when the auditor wants to _________________________.
OSI: Physical Layer
Current and most up-to-date
Concentrate on samples known to represent high risk
Business Continuity
35. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
An Administrative
Information security policy
Organizational culture and maturity
The availability of IT systems
36. A representation of how closely a sample represents an entire population.
More difficult to perform
A Problem
A Server Cluster
Precision means
37. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
Control Unit
The Release process
Sampling
38. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
CPU
An Operational Audit
Information security policy
A Forensic Audit
39. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Incident Management
Resource details
OSI Layer 5: Session
Audit logging
40. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Precision means
A Problem
Statistical Sampling
Transport Layer Protocols
41. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Sample Standard Deviation
Notify the Audit Committee
Types of sampling an auditor can perform.
A Problem
42. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Project change request
The 4-item focus of a Balanced Scorecard
Stay current with technology
Server cluster
43. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
A Forensic Audit
Segregation of duties issue in a high value process
OSI Layer 7: Application
BCP Plans
44. (1.) Physical (2.) Technical (4.) Administrative
Insourcing
A gate process
Grid Computing
Three Types of Controls
45. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
Overall audit risk
The typical Configuration Items in Configuration Management
Incident Management
46. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Application Layer protocols
Incident Management
A Sample Mean
47. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
A Server Cluster
Gantt Chart
Segregation of duties issue in a high value process
Testing activities
48. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Buffers
Prblem Management
Stay current with technology
Entire password for an encryption key
49. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
ITIL - IT Infrastructure Library
WAN Protocols
Assess the maturity of its business processes
Prblem Management
50. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Separate administrative accounts
Statistical Sampling
Concentrate on samples known to represent high risk
PERT Diagram?
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests