Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






2. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






3. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






4. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






5. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






6. What type of testing is performed to determine if control procedures have proper design and are operating properly?






7. An audit of a third-party organization that provides services to other organizations.






8. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






9. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






10. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






11. (1.) Physical (2.) Technical (4.) Administrative






12. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






13. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






14. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






15. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






16. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






17. (1.) Objectives (2.) Components (3.) Business Units / Areas






18. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






19. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






20. PERT: shows the ______________ critical path.






21. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






22. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






23. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






24. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






25. The risk that an IS auditor will overlook errors or exceptions during an audit.






26. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






27. Collections of Controls that work together to achieve an entire range of an organization's objectives.






28. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






29. One of a database table's fields - whose value is unique.






30. A sampling technique where at least one exception is sought in a population






31. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






32. Gantt: used to display ______________.






33. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






34. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors






35. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






36. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






37. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






38. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






39. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






40. Concerned with electrical and physical specifications for devices. No frames or packets involved.






41. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






42. An audit of operational efficiency.






43. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






44. Contains programs that communicate directly with the end user.






45. Framework for auditing and measuring IT Service Management Processes.






46. An audit of an IS department's operations and systems.






47. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






48. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






49. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






50. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up