Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The memory locations in the CPU where arithmetic values are stored.
Tolerable Error Rate
Registers
TCP/IP Transport Layer
Detection Risk

2. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The two Categories of Controls
A Problem
The audit program
A Virtual Server

3. An audit that combines an operational audit and a financial audit.
Balanced Scorecard
An Integrated Audit
Volumes of COSO framework
The Steering Committee

4. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
TCP/IP Transport Layer packet delivery
Judgmental sampling
Reduced sign-on
ISO 20000 Standard:

5. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Statistical Sampling
OSI Layer 7: Application
(1.) Polices (2.) Procedures (3.) Standards
A Virtual Server

6. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Risk Management
Rating Scale for Process Maturity
Notify the Audit Committee
Geographic location

7. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Employee termination process
The 7 phases and their order in the SDLC
OSI Layer 5: Session
Precision means

8. A collection of two or more servers that is designed to appear as a single server.
Elements of the COBIT Framework
A Service Provider audit
Insourcing
Server cluster

9. An audit of a third-party organization that provides services to other organizations.
Primary security features of relational databases
TCP/IP Network Model
A Service Provider audit
Business Realization

10. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
The two Categories of Controls
Tolerable Error Rate
Foreign Key
Inherent Risk

11. (1.) Automatic (2.) Manual
Six steps of the Release Management process
Control Unit
Database primary key
The two Categories of Controls

12. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Information systems access
Examples of Application Controls
Overall audit risk
Segregation of duties issue in a high value process

13. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Grid Computing
The appropriate role of an IS auditor in a control self-assessment
Foreign Key
To identify the tasks that are responsible for project delays

14. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Inform the auditee
Data Link Layer Standards
OSI Layer 7: Application
SDLC Phases

15. A representation of how closely a sample represents an entire population.
The Release process
Precision means
Employees with excessive privileges
less than 24 hours

16. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Input validation checking
Confidence coefficient
Primary security features of relational databases
Attribute Sampling

17. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Blade Computer Architecture
Discovery Sampling
Expected Error Rate
Three Types of Controls

18. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Department Charters
Control Risk
Registers

19. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Stay current with technology
Wet pipe fire sprinkler system
Service Continuity Management
Compliance Testing

20. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
objective and unbiased
Resource details
The Business Process Life Cycle

21. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Background checks performed
The Software Program Library
Compliance Testing
Function Point Analysis

22. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Capability Maturity Model
The typical Configuration Items in Configuration Management
Insourcing
Current and most up-to-date

23. To measure organizational performance and effectiveness against strategic goals.
Balanced Scorecard
Confidence coefficient
Elements of the COBIT Framework
Types of sampling an auditor can perform.

24. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
The Internet Layer in the TCP/IP model
Application Layer protocols
Data Link Layer Standards
The BCP process

25. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Department Charters
Inherent Risk
Employee termination process

26. One of a database table's fields - whose value is unique.
Project Management Strategies
Database primary key
A Compliance audit
Balanced Scorecard

27. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Separate administrative accounts
The BCP process
Sample Standard Deviation
Hash

28. Gantt: used to display ______________.
Antivirus software on the email servers
Insourcing
TCP/IP Network Model
Resource details

29. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
A Virtual Server
Volumes of COSO framework
Change management
Sampling

30. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Confidence coefficient
A Compliance audit
Audit logging
Power system controls

31. (1.) General (2.) Application
Assess the maturity of its business processes
Gantt Chart
Main types of Controls
Capability Maturity Model Integration (CMMI)

32. (1.) Physical (2.) Technical (4.) Administrative
Server cluster
Split custody
Primary security features of relational databases
Three Types of Controls

33. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Change management
Project change request
An Integrated Audit
Sampling

34. Consists of two main packet transport protocols: TCP and UDP.
Detection Risk
TCP/IP Transport Layer
Split custody
OSI: Physical Layer

35. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
Capability Maturity Model
Detection Risk
Function Point Analysis

36. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Stratified Sampling
To identify the tasks that are responsible for project delays
A gate process
Examples of IT General Controls

37. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
TCP/IP Internet Layer
Referential Integrity
Substantive Testing
Control Unit

38. To communication security policies - procedures - and other security-related information to an organization's employees.
Gantt Chart
Configuration Management
Stay current with technology
Security Awareness program

39. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Project change request
Annualized Loss Expectance (ALE)
Critical Path Methodology
OSI Layer 6: Presentation

40. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Gantt Chart
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Department Charters
Server cluster

41. ITIL term used to describe the SDLC.
A Cold Site
Information systems access
Release management
Input validation checking

42. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Structural fires and transportation accidents
A gate process
A Problem
Employees with excessive privileges

43. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
OSI Layer 7: Application
List of systems examined
Buffers
Audit Methodologies

44. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
OSI: Transport Layer
Resource details
Judgmental sampling

45. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
(1.) Man-made (2.) Natural
Stay current with technology
The typical Configuration Items in Configuration Management
Examples of Application Controls

46. IT Governance is most concerned with ________.
Testing activities
A Compliance audit
IT Strategy
TCP/IP Transport Layer packet delivery

47. The highest number of errors that can exist without a result being materially misstated.
IT Services Financial Management
Tolerable Error Rate
Organizational culture and maturity
Critical Path Methodology

48. The first major task in a disaster recovery or business continuity planning project.
Employee termination process
IT standards are not being reviewed often enough
Business impact analysis
The first step in a business impact analysis

49. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
TCP/IP Link Layer
Types of sampling an auditor can perform.
The 4-item focus of a Balanced Scorecard
The Release process

50. Guide program execution through organization of resources and development of clear project objectives.
Incident Management
IT Services Financial Management
Stratified Sampling
Project Management Strategies