Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The sum of all samples divided by the number of samples.






2. Support the functioning of the application controls






3. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






4. 1.) Executive Support (2.) Well-defined roles and responsibilities.






5. PERT: shows the ______________ critical path.






6. (1.) Physical (2.) Technical (4.) Administrative






7. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


8. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






9. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






10. Consists of two main packet transport protocols: TCP and UDP.






11. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






12. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






13. Focuses on: post-event recovery and restoration of services






14. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






15. Lowest layer. Delivers messages (frames) from one station to another vial local network.






16. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






17. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






18. A sampling technique where at least one exception is sought in a population






19. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






20. To communication security policies - procedures - and other security-related information to an organization's employees.






21. An audit of a third-party organization that provides services to other organizations.






22. Guide program execution through organization of resources and development of clear project objectives.






23. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






24. Used to measure the relative maturity of an organization and its processes.






25. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






26. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






27. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP






28. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






29. Used to determine which business processes are the most critical - by ranking them in order of criticality






30. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






31. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






32. (1.) TCP (2.) UDP






33. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






34. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.






35. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






36. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






37. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






38. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






39. Used to estimate the effort required to develop a software program.






40. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






41. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






42. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






43. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






44. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






45. Describes the effect on the business if a process is incapacitated for any appreciable time






46. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






47. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






48. IT Governance is most concerned with ________.






49. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






50. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved