Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






2. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






3. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






4. The memory locations in the CPU where arithmetic values are stored.






5. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






6. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






7. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






8. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg






9. What type of testing is performed to determine if control procedures have proper design and are operating properly?






10. The first major task in a disaster recovery or business continuity planning project.






11. The maximum period of downtime for a process or application






12. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






13. IT Governance is most concerned with ________.






14. Lowest layer. Delivers messages (frames) from one station to another vial local network.






15. An audit that combines an operational audit and a financial audit.






16. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






17. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






18. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






19. A collection of two or more servers that is designed to appear as a single server.






20. A sampling technique where at least one exception is sought in a population






21. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






22. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






23. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






24. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






25. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






26. Support the functioning of the application controls






27. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






28. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






29. An audit of a third-party organization that provides services to other organizations.






30. The means by which management establishes and measures processes by which organizational objectives are achieved






31. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






32. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






33. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






34. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






35. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






36. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






37. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






38. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






39. Subjective sampling is used when the auditor wants to _________________________.






40. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






41. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






42. (1.) Physical (2.) Technical (4.) Administrative






43. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






44. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






45. To communication security policies - procedures - and other security-related information to an organization's employees.






46. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






47. (1.) General (2.) Application






48. To measure organizational performance and effectiveness against strategic goals.






49. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






50. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests