Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret






2. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






3. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






4. An audit that combines an operational audit and a financial audit.






5. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






6. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






7. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






8. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






9. The maximum period of downtime for a process or application






10. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






11. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






12. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






13. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






14. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






15. The risk that an IS auditor will overlook errors or exceptions during an audit.






16. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






17. Lowest layer. Delivers messages (frames) from one station to another vial local network.






18. To communication security policies - procedures - and other security-related information to an organization's employees.






19. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






20. The memory locations in the CPU where arithmetic values are stored.






21. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






22. Focuses on: post-event recovery and restoration of services






23. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






24. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






25. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






26. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






27. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






28. (1.) Link (2.) Internet (3.) Transport (4.) Application






29. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






30. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






31. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






32. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






33. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






34. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






35. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






36. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






37. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






38. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






39. ITIL term used to describe the SDLC.






40. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






41. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






42. IT Governance is most concerned with ________.






43. Support the functioning of the application controls






44. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






45. What type of testing is performed to determine if control procedures have proper design and are operating properly?






46. Gantt: used to display ______________.






47. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






48. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






49. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






50. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25