Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






2. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






3. To measure organizational performance and effectiveness against strategic goals.






4. An audit that is performed in support of an anticipated or active legal proceeding.






5. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






6. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






7. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






8. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






9. An audit that combines an operational audit and a financial audit.






10. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






11. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






12. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






13. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






14. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






15. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






16. The highest number of errors that can exist without a result being materially misstated.






17. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






18. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






19. An audit of operational efficiency.






20. The sum of all samples divided by the number of samples.






21. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






22. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






23. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret






24. Defines internal controls and provides guidance for assessing and improving internal control systems.






25. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






26. (1.) General (2.) Application






27. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






28. Describes the effect on the business if a process is incapacitated for any appreciable time






29. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.






30. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






31. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






32. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






33. Guide program execution through organization of resources and development of clear project objectives.






34. The first major task in a disaster recovery or business continuity planning project.






35. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






36. Lowest layer. Delivers messages (frames) from one station to another vial local network.






37. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






38. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






39. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






40. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






41. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






42. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






43. Used to estimate the effort required to develop a software program.






44. To communication security policies - procedures - and other security-related information to an organization's employees.






45. (1.) Objectives (2.) Components (3.) Business Units / Areas






46. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






47. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






48. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






49. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






50. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug