SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
objective and unbiased
IT standards are not being reviewed often enough
Buffers
2. Guide program execution through organization of resources and development of clear project objectives.
OSI: Transport Layer
TCP/IP Internet Layer
An IS audit
Project Management Strategies
3. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
The Internet Layer in the TCP/IP model
Reduced sign-on
Advantages of outsourcing
ITIL definition of CHANGE MANAGEMENT
4. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Emergency Changes
The Internet Layer in the TCP/IP model
less than 24 hours
Overall audit risk
5. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Entire password for an encryption key
Segregation of duties issue in a high value process
Structural fires and transportation accidents
An Integrated Audit
6. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
IT Service Management
Wet pipe fire sprinkler system
Department Charters
7. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
OSI: Data Link Layer
An Operational Audit
Assess the maturity of its business processes
To identify the tasks that are responsible for project delays
8. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Notify the Audit Committee
IT Service Management
Security Awareness program
To identify the tasks that are responsible for project delays
9. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
A Virtual Server
less than 24 hours
objective and unbiased
10. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Sampling
A Sample Mean
IT executives and the Board of Directors
Lacks specific expertise or resources to conduct an internal audit
11. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Security Awareness program
List of systems examined
Emergency Changes
Transport Layer Protocols
12. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
OSI Layer 7: Application
Database primary key
Annualized Loss Expectance (ALE)
The 5 types of Evidence that the auditor will collect during an audit.
13. An alternate processing center that contains no information processing equipment.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
A Sample Mean
A Cold Site
Attribute Sampling
14. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Substantive Testing (test of transaction integrity)
Configuration Management
The typical Configuration Items in Configuration Management
The availability of IT systems
15. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Sampling Risk
Compliance Testing
ITIL definition of CHANGE MANAGEMENT
A Cold Site
16. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
OSI Layer 7: Application
Incident Management
Statistical Sampling
Audit Methodologies
17. An audit that combines an operational audit and a financial audit.
An Integrated Audit
Antivirus software on the email servers
Transport Layer Protocols
Substantive Testing
18. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
The availability of IT systems
Frameworks
Sampling
Variable Sampling
19. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Sampling Risk
Structural fires and transportation accidents
Notify the Audit Committee
20. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
TCP/IP Network Model
A Financial Audit
Separate administrative accounts
CPU
21. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
A Cold Site
OSI: Network Layer
Buffers
Dimensions of the COSO cube
22. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Examples of IT General Controls
The typical Configuration Items in Configuration Management
OSI: Transport Layer
IT standards are not being reviewed often enough
23. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
The Release process
Control Risk
Six steps of the Release Management process
24. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Power system controls
Foreign Key
Frameworks
The availability of IT systems
25. Describes the effect on the business if a process is incapacitated for any appreciable time
Grid Computing
Buffers
Employee termination process
Statement of Impact
26. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Resource details
Examples of IT General Controls
IT Strategy
27. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
An IS audit
OSI: Transport Layer
Reduced sign-on
Deming Cycle
28. (1.) TCP (2.) UDP
Insourcing
Department Charters
Hash
Transport Layer Protocols
29. The highest number of errors that can exist without a result being materially misstated.
Sampling Risk
Tolerable Error Rate
Incident Management
To identify the tasks that are responsible for project delays
30. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
Organizational culture and maturity
Grid Computing
General Controls
31. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Rating Scale for Process Maturity
Main types of Controls
Expected Error Rate
32. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Business Continuity
A Financial Audit
Application Controls
Discovery Sampling
33. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Frameworks
Sampling Risk
TCP/IP Network Model
Grid Computing
34. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employee termination process
Reduced sign-on
Compliance Testing
Employees with excessive privileges
35. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
objective and unbiased
Attribute Sampling
SDLC Phases
Wet pipe fire sprinkler system
36. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
The Release process
OSI: Network Layer
The appropriate role of an IS auditor in a control self-assessment
37. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
Reduced sign-on
Antivirus software on the email servers
Six steps of the Release Management process
38. (1.) General (2.) Application
The appropriate role of an IS auditor in a control self-assessment
Main types of Controls
Audit Methodologies
Controls
39. 1.) Executive Support (2.) Well-defined roles and responsibilities.
TCP/IP Transport Layer packet delivery
Referential Integrity
The 7 phases and their order in the SDLC
Information security policy
40. An audit of a third-party organization that provides services to other organizations.
The Software Program Library
Transport Layer Protocols
A Service Provider audit
The Steering Committee
41. To communication security policies - procedures - and other security-related information to an organization's employees.
Security Awareness program
Variable Sampling
Assess the maturity of its business processes
The Business Process Life Cycle
42. The maximum period of downtime for a process or application
Control Unit
Business impact analysis
Recovery time objective
Sample Standard Deviation
43. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Sampling Risk
Entire password for an encryption key
Database primary key
Judgmental sampling
44. An audit of operational efficiency.
A Service Provider audit
Service Continuity Management
A Problem
An Administrative
45. Support the functioning of the application controls
An Administrative
IT standards are not being reviewed often enough
General Controls
Change management
46. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Gantt Chart
ITIL definition of PROBLEM
Background checks performed
Variable Sampling
47. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Annualized Loss Expectance (ALE)
Sampling Risk
Data Link Layer Standards
Release management
48. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Deming Cycle
Project Management Strategies
Grid Computing
Elements of the COBIT Framework
49. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
TCP/IP Transport Layer
A Problem
BCP Plans
Function Point Analysis
50. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Controls
Service Level Management
Configuration Management
Cloud computing
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests