CISA IT Governance Sample Test
Start
Congratulations - you have completed CISA IT Governance Sample Test.
You scored %%SCORE%% out of %%TOTAL%%.
Your performance has been rated as %%RATING%%
Your answers are highlighted below.
Question 1 |
Which of the following is the NEXT step in the process after completing a business impact analysis as part of BCP.
A | risk assessment program. |
B | vulnerability analysis of the existing systems, |
C | develop a business continuity strategy. |
D | develop a disaster recovery plan |
Question 2 |
An IS auditor discovers that an organization has no comprehensive business continuity plan, but has BCP for each individual business IT process. What is the best course of action the IS auditor should take?
A | recommend to develop a comprehensive business continuity plan. |
B | inform that auditee about the situation but no mention it in the audit report. |
C | determine if the each individual BCP is consistent. |
D | recommend to combine each individual BCP into a single BCP. |
Question 3 |
Which of the following you consider the best method for assessing the effectiveness of BCP(business continuity plan)?
A | review the plan and compare them with the industries best practices. |
B | review the employee awareness training plan. |
C | review the results of the previously conducted BCP test. |
D | review the BCP strategies and objectives. |
Question 4 |
1.When an auditor finds that the ID of a terminated users get deactivated within 30 days of termination, the IS auditor should
A | Recommend to check user logs regularly |
B | Report the organization to decrease the length of deactivation time. |
C | Make sure users cannot access the system anymore |
D | Recommend to change the IS policy to ensure that users ID get deactivated upon termination. |
Question 5 |
When an IS auditor discovers that the notification systems within the organizational facilities could be severely impacted by infrastructural damage.What is the best recommendation the IS auditor can provide to the organization:
A | Store the notification system to a more secure place. |
B | build a redundant notification system. |
C | train the recovery team to restore the notification system as soon as disaster happens. |
D | move the notification system to an alternative site. |
Question 6 |
Which of the following you need to take into account during the initial step of creating a firewall policy?
A | identify the vulnerabilities of your systems. |
B | identify the source and destination of the applications and not allowing the well-known ports to access the applications. |
C | identify the applications that will be accessed externally. |
D | make sure every policy creates log and saves it in a secure location. |
Question 7 |
While conducting an business continuity audit, which one of the following would be MOST important for an IS auditor?
A | readiness of the recovery site. |
B | human safety and protection procedures are in place. |
C | databases restore procedures testing |
D | Insurance coverage is adequate to meet the objectives of the business continuity plan |
Question 8 |
Which of the following should be done FIRST when preparing a disaster recovery plan?
A | develop a business continuity plan |
B | develop a recovery strategy. |
C | assets identification and data classification. |
D | Perform a business impact analysis (BIA). |
Question 9 |
Which of the following is the MOST important aspect of effective business continuity management?
A | To make sure that the site is secure and located in a different geographical location from the primary site. |
B | having a fully redundant network links the both the primary and secondary site. |
C | testing backups site |
D | test the recovery plan regularly |
Question 10 |
What is the first activity to be performed when developing a risk management program?
A | business impact analysis |
B | risk assessment |
C | Identification of the assets to be protected |
D | threat analysis |
Question 11 |
How can we express an overall business risk for a particular threat?
A | a product of the likelihood and magnitude of the impact should a threat successfully exploit a vulnerability. |
B | the magnitude of the impact should a threat source successfully exploit the vulnerability |
C | the likelihood of a given threat source exploiting a given vulnerability. |
D | the collective judgment of the risk assessment team. |
Question 12 |
Which of the following is the MOST important element for the successful implementation of IT governance?
A | identification of organizational strategies |
B | perform a risk assessment. |
C | perform a threat analysis. |
D | following the organization's policy, standards and the best practices. |
Question 13 |
What do we mean by a structured walk-through of a disaster recovery plan?
A | all IT staff should come together to practice executing the recovery plan. |
B | representative from all functional areas for the organization come together to review whether the recovery plan pertaining to their areas is accurate, complete and executable. |
C | upload the copies of the plan to the intranet so that various functional areas can review the plan. |
D | perform a full-fledge recovery test to ensure the effectiveness of the plan. |
Question 14 |
Which of the following helps to gain a clear understanding of the business process while developing a business continuity plan?
A | business continuity strategy. |
B | business recovery strategy |
C | risk assessment |
D | threat management |
Question 15 |
Which of the following is an appropriate test method to apply to a business continuity plan (BCP)?
A | a paper test that walk-through of the entire plan, or part of the plan |
B | a pilot test |
C | a unit test to verify that the critical parts of the BCP is effective and efficient. |
D | system testing |
Question 16 |
What is the best way to ensure that organizational policies comply with the legal requirements?
A | Periodic review of the policies by subject matter experts |
B | annual meeting the senior management to discuss whether the policies comply with the legal requirements. |
C | updating the policies regularly |
D | conduct compliance test regularly |
Question 17 |
What is the primary objective of testing a business continuity plan?
A | to ensure all risks have been addressed properly. |
B | to identify the limitation of the existing business continuity plan. |
C | to help the employees understand the importance of the BCP |
D | to test all possible disaster recovery scenarios |
Question 18 |
After developing a business continuity plan, which one of the following is most important for its effective implementation.
A | properly manage the plan |
B | approved by the IT steering committee. |
C | communicate the plan to the appropriate person who will be responsible for BCP. |
D | distribute the plan to everyone in the organization and conduct an BCP awareness training. |
Question 19 |
While reviewing roles and responsibilities an IS auditor discovers that some IT staffs serving multiple roles. Which of the following should be greatest concern for the IT auditor?
A | Network engineers are performing for quality assurance check. |
B | Security administrators are also responsible for system programming. |
C | IT 1st line support team are responsible for security administration for critical applications. |
D | System engineers are responsible for database administration. |
Question 20 |
When an individual in an IT department perform more than one role, which one of the following poses the greatest risk?
A | developers have access and can migrate data to the production environment. |
B | business analysts are doing software functional testing |
C | IT support team perform data backup |
D | IT manager perform as a system administrator. |
Once you are finished, click the button below. Any items you have not completed will be marked incorrect.
Get Results
There are 20 questions to complete.
You have completed
questions
question
Your score is
Correct
Wrong
Partial-Credit
You have not finished your quiz. If you leave this page, your progress will be lost.
Correct Answer
You Selected
Not Attempted
Final Score on Quiz
Attempted Questions Correct
Attempted Questions Wrong
Questions Not Attempted
Total Questions on Quiz
Question Details
Results
Date
Score
Hint
Time allowed
minutes
seconds
Time used
Answer Choice(s) Selected
Question Text
All done
Need more practice!
Keep trying!
Not bad!
Good work!
Perfect!
