Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






2. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






3. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






4. Concerned with electrical and physical specifications for devices. No frames or packets involved.






5. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






6. Collections of Controls that work together to achieve an entire range of an organization's objectives.






7. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






8. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






9. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






10. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






11. Used to estimate the effort required to develop a software program.






12. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






13. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






14. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






15. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






16. The risk that an IS auditor will overlook errors or exceptions during an audit.






17. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






18. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






19. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






20. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


21. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






22. The memory locations in the CPU where arithmetic values are stored.






23. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






24. The sum of all samples divided by the number of samples.






25. An audit that combines an operational audit and a financial audit.






26. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






27. An audit of an IS department's operations and systems.






28. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






29. A sampling technique where at least one exception is sought in a population






30. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






31. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






32. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.






33. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






34. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






35. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






36. The maximum period of downtime for a process or application






37. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






38. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors






39. One of a database table's fields - whose value is unique.






40. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






41. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






42. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






43. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






44. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






45. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret






46. Consists of two main packet transport protocols: TCP and UDP.






47. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






48. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






49. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






50. Contains programs that communicate directly with the end user.