Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The first major task in a disaster recovery or business continuity planning project.






2. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






3. Framework for auditing and measuring IT Service Management Processes.






4. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






5. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






6. Guide program execution through organization of resources and development of clear project objectives.






7. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






8. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






9. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






10. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






11. (1.) Link (2.) Internet (3.) Transport (4.) Application






12. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






13. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






14. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






15. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






16. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






17. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






18. (1.) Access controls (2.) Encryption (3.) Audit logging






19. (1.) Physical (2.) Technical (4.) Administrative






20. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






21. Concerned with electrical and physical specifications for devices. No frames or packets involved.






22. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






23. To communication security policies - procedures - and other security-related information to an organization's employees.






24. Consists of two main packet transport protocols: TCP and UDP.






25. An audit of a third-party organization that provides services to other organizations.






26. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






27. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






28. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






29. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






30. Subjective sampling is used when the auditor wants to _________________________.






31. Used to estimate the effort required to develop a software program.






32. (1.) General (2.) Application






33. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






34. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






35. The memory locations in the CPU where arithmetic values are stored.






36. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






37. A representation of how closely a sample represents an entire population.






38. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review






39. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






40. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






41. Disasters are generally grouped in terms of type: ______________.






42. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






43. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






44. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






45. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






46. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






47. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






48. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






49. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






50. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning