Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit that combines an operational audit and a financial audit.






2. Consists of two main packet transport protocols: TCP and UDP.






3. Guide program execution through organization of resources and development of clear project objectives.






4. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






5. Framework for auditing and measuring IT Service Management Processes.






6. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






7. The sum of all samples divided by the number of samples.






8. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






9. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






10. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






11. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






12. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






13. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






14. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






15. The risk that an IS auditor will overlook errors or exceptions during an audit.






16. ITIL term used to describe the SDLC.






17. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






18. IT Governance is most concerned with ________.






19. Disasters are generally grouped in terms of type: ______________.






20. Focuses on: post-event recovery and restoration of services






21. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






22. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






23. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






24. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






25. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






26. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






27. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






28. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






29. Defines internal controls and provides guidance for assessing and improving internal control systems.






30. An audit that is performed in support of an anticipated or active legal proceeding.






31. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






32. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






33. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






34. An audit of operational efficiency.






35. Concerned with electrical and physical specifications for devices. No frames or packets involved.






36. An audit of an IS department's operations and systems.






37. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






38. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






39. 1.) Executive Support (2.) Well-defined roles and responsibilities.






40. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






41. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






42. Collections of Controls that work together to achieve an entire range of an organization's objectives.






43. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






44. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






45. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






46. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






47. Contains programs that communicate directly with the end user.






48. Lowest layer. Delivers messages (frames) from one station to another vial local network.






49. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






50. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.