SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To communication security policies - procedures - and other security-related information to an organization's employees.
A Server Cluster
Sampling Risk
Business Continuity
Security Awareness program
2. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Gantt Chart
Insourcing
TCP/IP Transport Layer packet delivery
Project change request
3. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Network Layer Protocols
Sampling
Information security policy
Categories of risk treatment
4. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
IT Services Financial Management
Transport Layer Protocols
Variable Sampling
Stop-or-go Sampling
5. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
PERT Diagram?
ITIL definition of CHANGE MANAGEMENT
A Problem
6. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Inform the auditee
Data Link Layer Standards
OSI Layer 5: Session
The Steering Committee
7. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
The Software Program Library
Control Unit
Power system controls
Personnel involved in the requirements phase of a software development project
8. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Risk Management
Formal waterfall
An IS audit
Elements of the COBIT Framework
9. ITIL term used to describe the SDLC.
Volumes of COSO framework
Release management
The audit program
Three Types of Controls
10. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Stratified Sampling
The audit program
Elements of the COSO pyramid
The 7 phases and their order in the SDLC
11. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Geographic location
Options for Risk Treatment
(1.) Polices (2.) Procedures (3.) Standards
Advantages of outsourcing
12. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
(1.) Man-made (2.) Natural
Lacks specific expertise or resources to conduct an internal audit
The appropriate role of an IS auditor in a control self-assessment
Frameworks
13. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
A Sample Mean
Testing activities
Configuration Management
The Software Program Library
14. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
An IS audit
Structural fires and transportation accidents
Sample Standard Deviation
15. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Sample Standard Deviation
(1.) Polices (2.) Procedures (3.) Standards
Deming Cycle
Notify the Audit Committee
16. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Stratified Sampling
Elements of the COBIT Framework
The Internet Layer in the TCP/IP model
Inform the auditee
17. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
More difficult to perform
Six steps of the Release Management process
Business Realization
Documentation and interview personnel
18. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Business Continuity
ITIL - IT Infrastructure Library
Network Layer Protocols
19. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Service Continuity Management
Incident Management
The best approach for identifying high risk areas for an audit
Geographic location
20. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
Capability Maturity Model
Network Layer Protocols
Inherent Risk
21. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
Compliance Testing
To identify the tasks that are responsible for project delays
Elements of the COSO pyramid
22. An audit that combines an operational audit and a financial audit.
An Integrated Audit
IT Services Financial Management
Precision means
The Internet Layer in the TCP/IP model
23. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Prblem Management
The Steering Committee
OSI Layer 7: Application
Input validation checking
24. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
25. (1.) General (2.) Application
Main types of Controls
Resource details
Variable Sampling
OSI Layer 7: Application
26. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Antivirus software on the email servers
A Financial Audit
Advantages of outsourcing
Substantive Testing
27. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
Antivirus software on the email servers
Substantive Testing (test of transaction integrity)
Critical Path Methodology
28. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
OSI Layer 7: Application
Gantt Chart
The Business Process Life Cycle
Current and most up-to-date
29. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Segregation of duties issue in a high value process
Annualized Loss Expectance (ALE)
Main types of Controls
Substantive Testing
30. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Department Charters
The Internet Layer in the TCP/IP model
A Sample Mean
Stay current with technology
31. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Organizational culture and maturity
Split custody
TCP/IP Internet Layer
Geographic location
32. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Current and most up-to-date
Documentation and interview personnel
Reduced sign-on
Sample Standard Deviation
33. (1.) Access controls (2.) Encryption (3.) Audit logging
WAN Protocols
Primary security features of relational databases
Antivirus software on the email servers
Department Charters
34. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
SDLC Phases
Security Awareness program
Foreign Key
Personnel involved in the requirements phase of a software development project
35. An audit of an IS department's operations and systems.
Criticality analysis
PERT Diagram?
An IS audit
OSI: Physical Layer
36. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Stratified Sampling
IT standards are not being reviewed often enough
An Integrated Audit
OSI: Transport Layer
37. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
The Business Process Life Cycle
Insourcing
Geographic location
The Release process
38. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
ITIL - IT Infrastructure Library
Background checks performed
IT Service Management
Risk Management
39. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Sampling
The Steering Committee
Transport Layer Protocols
Inform the auditee
40. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
ITIL definition of CHANGE MANAGEMENT
Variable Sampling
The Internet Layer in the TCP/IP model
OSI Layer 6: Presentation
41. Handle application processing
Transport Layer Protocols
Critical Path Methodology
Application Controls
Geographic location
42. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Rating Scale for Process Maturity
Judgmental sampling
Examples of Application Controls
OSI: Transport Layer
43. Focuses on: post-event recovery and restoration of services
Risk Management
Disaster Recovery
less than 24 hours
Assess the maturity of its business processes
44. Used to translate or transform data from lower layers into formats that the application layer can work with.
(1.) Man-made (2.) Natural
TCP/IP Internet Layer
OSI Layer 6: Presentation
Overall audit risk
45. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
SDLC Phases
Stop-or-go Sampling
Application Layer protocols
An Operational Audit
46. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Entire password for an encryption key
The Release process
Application Layer protocols
The audit program
47. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
The Release process
Input validation checking
Application Controls
The BCP process
48. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Deming Cycle
Geographic location
Separate administrative accounts
Blade Computer Architecture
49. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Database primary key
Foreign Key
Business impact analysis
The Requirements
50. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Controls
Configuration Management
Variable Sampling
More difficult to perform
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests