SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
An Integrated Audit
Sampling Risk
Controls
2. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Entire password for an encryption key
Split custody
Server cluster
Testing activities
3. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
Network Layer Protocols
Organizational culture and maturity
The availability of IT systems
4. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Controls
An IS audit
IT Services Financial Management
Concentrate on samples known to represent high risk
5. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Sampling Risk
The Steering Committee
Business Realization
6. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Project change request
Balanced Scorecard
ISO 20000 Standard:
BCP Plans
7. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
OSI: Network Layer
(1.) Polices (2.) Procedures (3.) Standards
Referential Integrity
Dimensions of the COSO cube
8. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Capability Maturity Model Integration (CMMI)
Transport Layer Protocols
Information systems access
Information security policy
9. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
TCP/IP Network Model
Emergency Changes
A Cold Site
10. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Statistical Sampling
Inform the auditee
Service Level Management
Information systems access
11. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Cloud computing
Criticality analysis
ITIL definition of PROBLEM
TCP/IP Transport Layer packet delivery
12. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
ITIL definition of CHANGE MANAGEMENT
Network Layer Protocols
Resource details
13. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Critical Path Methodology
The 5 types of Evidence that the auditor will collect during an audit.
Personnel involved in the requirements phase of a software development project
Resource details
14. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Tolerable Error Rate
Criticality analysis
The 7 phases and their order in the SDLC
Stratified Sampling
15. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Sampling
Background checks performed
The Software Program Library
Recovery time objective
16. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
Inform the auditee
Business impact analysis
Elements of the COBIT Framework
17. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Project Management Strategies
Wet pipe fire sprinkler system
WAN Protocols
Sample Standard Deviation
18. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Vulnerability in the organization's PBX
Information systems access
Control Unit
Input validation checking
19. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Application Layer protocols
Frameworks
Statement of Impact
WAN Protocols
20. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
To identify the tasks that are responsible for project delays
An Operational Audit
Server cluster
A Server Cluster
21. An audit of an IS department's operations and systems.
An IS audit
Elements of the COBIT Framework
OSI Layer 5: Session
A Problem
22. A collection of two or more servers that is designed to appear as a single server.
Release management
A gate process
Server cluster
A Forensic Audit
23. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
The Release process
Hash
Network Layer Protocols
More difficult to perform
24. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
Wet pipe fire sprinkler system
A Service Provider audit
Geographic location
25. Describes the effect on the business if a process is incapacitated for any appreciable time
The Internet Layer in the TCP/IP model
The best approach for identifying high risk areas for an audit
Statement of Impact
IT standards are not being reviewed often enough
26. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Options for Risk Treatment
Segregation of duties issue in a high value process
OSI Layer 6: Presentation
Input validation checking
27. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Internet Layer in the TCP/IP model
Resource details
A Virtual Server
The Business Process Life Cycle
28. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Concentrate on samples known to represent high risk
Service Level Management
Stop-or-go Sampling
Information security policy
29. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
IT Service Management
OSI: Network Layer
A Cold Site
Change management
30. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Sampling Risk
OSI Layer 5: Session
Balanced Scorecard
31. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
Categories of risk treatment
Project Management Strategies
Capability Maturity Model
32. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Controls
Balanced Scorecard
Inherent Risk
The Requirements
33. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Entire password for an encryption key
More difficult to perform
CPU
Gantt Chart
34. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Risk Management
Formal waterfall
Business impact analysis
The best approach for identifying high risk areas for an audit
35. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Criticality analysis
TCP/IP Internet Layer
A Cold Site
Control Risk
36. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
Stop-or-go Sampling
Information systems access
Elements of the COBIT Framework
37. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Documentation and interview personnel
Control Unit
To identify the tasks that are responsible for project delays
Options for Risk Treatment
38. Subjective sampling is used when the auditor wants to _________________________.
Configuration Management
Documentation and interview personnel
Concentrate on samples known to represent high risk
Background checks performed
39. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Precision means
Elements of the COSO pyramid
Disaster Recovery
An Operational Audit
40. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Elements of the COSO pyramid
Elements of the COBIT Framework
Service Level Management
An Operational Audit
41. The maximum period of downtime for a process or application
Main types of Controls
Split custody
Recovery time objective
Data Link Layer Standards
42. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
IT Service Management
Business Continuity
Volumes of COSO framework
43. An audit that combines an operational audit and a financial audit.
Incident Management
An Integrated Audit
Lacks specific expertise or resources to conduct an internal audit
OSI: Data Link Layer
44. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Discovery Sampling
(1.) Man-made (2.) Natural
Application Controls
Notify the Audit Committee
45. (1.) Link (2.) Internet (3.) Transport (4.) Application
Examples of IT General Controls
Service Level Management
TCP/IP Network Model
Configuration Management
46. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
CPU
Judgmental sampling
OSI: Transport Layer
Documentation and interview personnel
47. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
Geographic location
List of systems examined
Six steps of the Release Management process
48. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
A gate process
Data Link Layer Standards
Separate administrative accounts
objective and unbiased
49. An alternate processing center that contains no information processing equipment.
Precision means
Three Types of Controls
A Cold Site
Department Charters
50. (1.) Access controls (2.) Encryption (3.) Audit logging
Entire password for an encryption key
Insourcing
Primary security features of relational databases
The 4-item focus of a Balanced Scorecard
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests