Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






2. IT Service Management is defined in ___________________ framework.






3. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






4. What type of testing is performed to determine if control procedures have proper design and are operating properly?






5. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






6. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






7. Contains programs that communicate directly with the end user.






8. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






9. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






10. An audit of operational efficiency.






11. (1.) Access controls (2.) Encryption (3.) Audit logging






12. An audit that combines an operational audit and a financial audit.






13. (1.) Objectives (2.) Components (3.) Business Units / Areas






14. The memory locations in the CPU where arithmetic values are stored.






15. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






16. A representation of how closely a sample represents an entire population.






17. Lowest layer. Delivers messages (frames) from one station to another vial local network.






18. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






19. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






20. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






21. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






22. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






23. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.






24. A sampling technique where at least one exception is sought in a population






25. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






26. The first major task in a disaster recovery or business continuity planning project.






27. One of a database table's fields - whose value is unique.






28. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






29. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






30. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






31. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






32. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






33. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






34. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






35. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






36. Defines internal controls and provides guidance for assessing and improving internal control systems.






37. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






38. The risk that an IS auditor will overlook errors or exceptions during an audit.






39. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






40. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






41. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






42. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






43. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






44. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






45. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






46. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






47. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






48. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






49. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






50. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?