Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






2. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






3. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






4. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






5. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






6. Used to determine which business processes are the most critical - by ranking them in order of criticality






7. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






8. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






9. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






10. Handle application processing






11. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






12. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






13. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






14. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






15. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






16. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






17. Used to translate or transform data from lower layers into formats that the application layer can work with.






18. Gantt: used to display ______________.






19. Concerned with electrical and physical specifications for devices. No frames or packets involved.






20. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






21. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






22. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






23. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






24. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






25. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






26. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






27. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






28. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






29. An audit that is performed in support of an anticipated or active legal proceeding.






30. What type of testing is performed to determine if control procedures have proper design and are operating properly?






31. (1.) Objectives (2.) Components (3.) Business Units / Areas






32. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






33. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






34. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






35. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






36. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






37. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






38. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






39. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun






40. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






41. Contains programs that communicate directly with the end user.






42. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






43. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






44. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






45. (1.) Access controls (2.) Encryption (3.) Audit logging






46. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






47. IT Service Management is defined in ___________________ framework.






48. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






49. The main hardware component of a computer system - which executes instructions in computer programs.






50. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number