Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Subjective sampling is used when the auditor wants to _________________________.






2. An audit of a third-party organization that provides services to other organizations.






3. Defines internal controls and provides guidance for assessing and improving internal control systems.






4. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






5. Handle application processing






6. An alternate processing center that contains no information processing equipment.






7. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






8. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






9. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






10. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






11. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg






12. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






13. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






14. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






15. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






16. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors






17. (1.) General (2.) Application






18. (1.) Objectives (2.) Components (3.) Business Units / Areas






19. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






20. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






21. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






22. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






23. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






24. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






25. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






26. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






27. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






28. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






29. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






30. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






31. Used to measure the relative maturity of an organization and its processes.






32. Delivery of packets from one station to another - on the same network or on different networks.






33. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






34. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






35. An audit of operational efficiency.






36. Collections of Controls that work together to achieve an entire range of an organization's objectives.






37. Used to determine which business processes are the most critical - by ranking them in order of criticality






38. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






39. A representation of how closely a sample represents an entire population.






40. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






41. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






42. IT Service Management is defined in ___________________ framework.






43. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






44. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






45. A collection of two or more servers that is designed to appear as a single server.






46. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






47. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






48. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






49. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






50. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests