Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






2. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






3. (1.) Physical (2.) Technical (4.) Administrative






4. Used to translate or transform data from lower layers into formats that the application layer can work with.






5. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






6. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






7. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






8. The main hardware component of a computer system - which executes instructions in computer programs.






9. IT Governance is most concerned with ________.






10. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






11. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






12. Defines internal controls and provides guidance for assessing and improving internal control systems.






13. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






14. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






15. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






16. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






17. (1.) Access controls (2.) Encryption (3.) Audit logging






18. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






19. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






20. The inventory of all in-scope business processes and systems






21. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun






22. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






23. An audit that combines an operational audit and a financial audit.






24. The sum of all samples divided by the number of samples.






25. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






26. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors






27. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






28. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






29. A maturity model that represents the aggregations of other maturity models.






30. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






31. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






32. (1.) General (2.) Application






33. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






34. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






35. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






36. (1.) Automatic (2.) Manual






37. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






38. An audit of operational efficiency.






39. Used to estimate the effort required to develop a software program.






40. An audit that is performed in support of an anticipated or active legal proceeding.






41. Focuses on: post-event recovery and restoration of services






42. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






43. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






44. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






45. Disasters are generally grouped in terms of type: ______________.






46. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






47. Consists of two main packet transport protocols: TCP and UDP.






48. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






49. An audit of an IS department's operations and systems.






50. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests