SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Compliance Testing
Overall audit risk
IT Services Financial Management
Audit logging
2. The memory locations in the CPU where arithmetic values are stored.
Audit logging
Business Realization
Registers
Capability Maturity Model Integration (CMMI)
3. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI Layer 6: Presentation
A gate process
OSI: Transport Layer
Frameworks
4. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Antivirus software on the email servers
Database primary key
Statement of Impact
Reduced sign-on
5. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
OSI: Physical Layer
Segregation of duties issue in a high value process
Formal waterfall
Advantages of outsourcing
6. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
OSI Layer 6: Presentation
Main types of Controls
Incident Management
Employee termination process
7. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Service Level Management
TCP/IP Network Model
Vulnerability in the organization's PBX
Entire password for an encryption key
8. ITIL term used to describe the SDLC.
The first step in a business impact analysis
Power system controls
Sample Standard Deviation
Release management
9. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
Attribute Sampling
CPU
Application Controls
10. Contains programs that communicate directly with the end user.
OSI Layer 7: Application
Information systems access
Elements of the COSO pyramid
Concentrate on samples known to represent high risk
11. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Audit Methodologies
The Software Program Library
Capability Maturity Model
Information systems access
12. Used to measure the relative maturity of an organization and its processes.
Split custody
Database primary key
An Administrative
Capability Maturity Model
13. IT Service Management is defined in ___________________ framework.
Substantive Testing (test of transaction integrity)
ITIL - IT Infrastructure Library
BCP Plans
Buffers
14. The highest number of errors that can exist without a result being materially misstated.
A Sample Mean
Service Continuity Management
Tolerable Error Rate
Substantive Testing (test of transaction integrity)
15. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
Application Controls
Business Realization
BCP Plans
16. A sampling technique where at least one exception is sought in a population
Control Unit
Discovery Sampling
Overall audit risk
Application Layer protocols
17. Handle application processing
A Virtual Server
The Requirements
A Compliance audit
Application Controls
18. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Application Layer protocols
Blade Computer Architecture
Hash
Options for Risk Treatment
19. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Buffers
Stop-or-go Sampling
Control Unit
ITIL definition of CHANGE MANAGEMENT
20. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
IT Service Management
Foreign Key
Incident Management
Risk Management
21. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Entire password for an encryption key
The 4-item focus of a Balanced Scorecard
Project change request
Examples of Application Controls
22. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Information security policy
ITIL definition of PROBLEM
IT Strategy
To identify the tasks that are responsible for project delays
23. An audit of a third-party organization that provides services to other organizations.
The 5 types of Evidence that the auditor will collect during an audit.
Sampling Risk
A Service Provider audit
OSI: Physical Layer
24. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
The Requirements
More difficult to perform
TCP/IP Network Model
Network Layer Protocols
25. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
An IS audit
Resource details
Application Controls
Organizational culture and maturity
26. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
The availability of IT systems
Data Link Layer Standards
Sample Standard Deviation
Incident Management
27. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Lacks specific expertise or resources to conduct an internal audit
Gantt Chart
Stratified Sampling
TCP/IP Link Layer
28. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Wet pipe fire sprinkler system
Expected Error Rate
Emergency Changes
Precision means
29. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Current and most up-to-date
Power system controls
OSI Layer 5: Session
Notify the Audit Committee
30. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
Discovery Sampling
IT Services Financial Management
Buffers
31. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Transport Layer Protocols
An IS audit
Blade Computer Architecture
A Virtual Server
32. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Formal waterfall
Elements of the COBIT Framework
Entire password for an encryption key
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
33. A representation of how closely a sample represents an entire population.
Stratified Sampling
Registers
The typical Configuration Items in Configuration Management
Precision means
34. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Department Charters
The 5 types of Evidence that the auditor will collect during an audit.
Categories of risk treatment
Referential Integrity
35. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
The availability of IT systems
IT standards are not being reviewed often enough
An IS audit
36. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Disaster Recovery
Compliance Testing
OSI: Network Layer
Reduced sign-on
37. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Statistical Sampling
Examples of IT General Controls
Split custody
The availability of IT systems
38. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
Split custody
Three Types of Controls
Capability Maturity Model
39. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
TCP/IP Transport Layer
Information security policy
Recovery time objective
40. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
More difficult to perform
A Server Cluster
Application Layer protocols
Annualized Loss Expectance (ALE)
41. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Background checks performed
A Server Cluster
Deming Cycle
42. The inventory of all in-scope business processes and systems
A Problem
The first step in a business impact analysis
Hash
Entire password for an encryption key
43. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Server cluster
Vulnerability in the organization's PBX
Audit logging
Discovery Sampling
44. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Foreign Key
Lacks specific expertise or resources to conduct an internal audit
Attribute Sampling
Expected Error Rate
45. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
The typical Configuration Items in Configuration Management
Elements of the COBIT Framework
Grid Computing
TCP/IP Internet Layer
46. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
The BCP process
Compliance Testing
Buffers
47. An alternate processing center that contains no information processing equipment.
Overall audit risk
Assess the maturity of its business processes
TCP/IP Internet Layer
A Cold Site
48. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Geographic location
Advantages of outsourcing
Personnel involved in the requirements phase of a software development project
TCP/IP Link Layer
49. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
The first step in a business impact analysis
Insourcing
Attribute Sampling
Sampling
50. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
Main types of Controls
Risk Management
TCP/IP Link Layer