SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
SDLC Phases
Cloud computing
Disaster Recovery
2. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
IT Service Management
OSI Layer 7: Application
TCP/IP Transport Layer packet delivery
The availability of IT systems
3. An audit of an IS department's operations and systems.
A Service Provider audit
An IS audit
Sampling Risk
objective and unbiased
4. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
The best approach for identifying high risk areas for an audit
Split custody
Geographic location
The 4-item focus of a Balanced Scorecard
5. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Concentrate on samples known to represent high risk
The Business Process Life Cycle
IT Services Financial Management
Referential Integrity
6. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Main types of Controls
Expected Error Rate
Foreign Key
An Integrated Audit
7. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Capability Maturity Model Integration (CMMI)
(1.) Polices (2.) Procedures (3.) Standards
PERT Diagram?
IT executives and the Board of Directors
8. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Project change request
IT Service Management
Data Link Layer Standards
The Software Program Library
9. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
Input validation checking
Separate administrative accounts
Structural fires and transportation accidents
10. The first major task in a disaster recovery or business continuity planning project.
The availability of IT systems
Business impact analysis
Vulnerability in the organization's PBX
Examples of IT General Controls
11. Support the functioning of the application controls
Precision means
General Controls
SDLC Phases
Examples of Application Controls
12. Gantt: used to display ______________.
OSI: Network Layer
Resource details
Blade Computer Architecture
Prblem Management
13. An audit that combines an operational audit and a financial audit.
Resource details
An Integrated Audit
Categories of risk treatment
Compliance Testing
14. Used to measure the relative maturity of an organization and its processes.
A Sample Mean
The Internet Layer in the TCP/IP model
Confidence coefficient
Capability Maturity Model
15. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Control Unit
TCP/IP Network Model
A Problem
Controls
16. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Formal waterfall
Business Continuity
Frameworks
Structural fires and transportation accidents
17. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Gantt Chart
Assess the maturity of its business processes
IT Services Financial Management
Criticality analysis
18. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
IT standards are not being reviewed often enough
Background checks performed
A Problem
Information systems access
19. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Elements of the COSO pyramid
Overall audit risk
IT executives and the Board of Directors
Stop-or-go Sampling
20. To communication security policies - procedures - and other security-related information to an organization's employees.
Testing activities
Data Link Layer Standards
Security Awareness program
Geographic location
21. IT Governance is most concerned with ________.
IT Strategy
The audit program
A Cold Site
A Financial Audit
22. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Types of sampling an auditor can perform.
CPU
Separate administrative accounts
A Financial Audit
23. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Function Point Analysis
Examples of IT General Controls
Testing activities
Department Charters
24. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Tolerable Error Rate
Employee termination process
Insourcing
Types of sampling an auditor can perform.
25. The sum of all samples divided by the number of samples.
Cloud computing
A Sample Mean
Wet pipe fire sprinkler system
Background checks performed
26. The risk that an IS auditor will overlook errors or exceptions during an audit.
Elements of the COBIT Framework
TCP/IP Transport Layer packet delivery
Detection Risk
Employee termination process
27. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
Elements of the COSO pyramid
Variable Sampling
Business Realization
28. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Application Controls
IT Service Management
Attribute Sampling
A Service Provider audit
29. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Employee termination process
OSI Layer 7: Application
Dimensions of the COSO cube
IT Service Management
30. Used to translate or transform data from lower layers into formats that the application layer can work with.
Separate administrative accounts
Lacks specific expertise or resources to conduct an internal audit
OSI Layer 6: Presentation
ITIL definition of PROBLEM
31. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Volumes of COSO framework
Stay current with technology
The best approach for identifying high risk areas for an audit
objective and unbiased
32. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
CPU
Change management
Controls
Cloud computing
33. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Gantt Chart
Rating Scale for Process Maturity
OSI Layer 5: Session
objective and unbiased
34. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
OSI Layer 5: Session
Hash
Lacks specific expertise or resources to conduct an internal audit
Examples of Application Controls
35. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Operational Audit
A Problem
Vulnerability in the organization's PBX
Audit logging
36. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The Eight Types of Audits
To identify the tasks that are responsible for project delays
OSI Layer 5: Session
Recovery time objective
37. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
IT Service Management
Overall audit risk
Input validation checking
The best approach for identifying high risk areas for an audit
38. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Inform the auditee
Expected Error Rate
Wet pipe fire sprinkler system
Discovery Sampling
39. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
OSI Layer 5: Session
Employee termination process
The Software Program Library
The BCP process
40. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
ITIL definition of CHANGE MANAGEMENT
To identify the tasks that are responsible for project delays
Types of sampling an auditor can perform.
41. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Department Charters
OSI: Physical Layer
OSI Layer 7: Application
Prblem Management
42. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
A Sample Mean
Information systems access
Sampling Risk
OSI: Network Layer
43. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Employees with excessive privileges
Statistical Sampling
Geographic location
44. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Sampling Risk
Information systems access
Categories of risk treatment
ITIL - IT Infrastructure Library
45. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI Layer 7: Application
OSI: Transport Layer
Sampling Risk
The 4-item focus of a Balanced Scorecard
46. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Entire password for an encryption key
Expected Error Rate
Service Level Management
An Integrated Audit
47. (1.) General (2.) Application
To identify the tasks that are responsible for project delays
Main types of Controls
Categories of risk treatment
Data Link Layer Standards
48. (1.) Objectives (2.) Components (3.) Business Units / Areas
Six steps of the Release Management process
The best approach for identifying high risk areas for an audit
Grid Computing
Dimensions of the COSO cube
49. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
The Eight Types of Audits
Inform the auditee
Formal waterfall
Business Realization
50. Focuses on: post-event recovery and restoration of services
Geographic location
Disaster Recovery
OSI: Network Layer
Primary security features of relational databases
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests