Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 1.) Executive Support (2.) Well-defined roles and responsibilities.






2. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






3. (1.) Objectives (2.) Components (3.) Business Units / Areas






4. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






5. One of a database table's fields - whose value is unique.






6. The highest number of errors that can exist without a result being materially misstated.






7. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






8. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






9. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP






10. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






11. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






12. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






13. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






14. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






15. Collections of Controls that work together to achieve an entire range of an organization's objectives.






16. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






17. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






18. Handle application processing






19. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






20. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






21. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






22. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






23. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






24. Delivery of packets from one station to another - on the same network or on different networks.






25. Guide program execution through organization of resources and development of clear project objectives.






26. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






27. Support the functioning of the application controls






28. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






29. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






30. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.






31. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






32. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






33. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






34. A sampling technique where at least one exception is sought in a population






35. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






36. To measure organizational performance and effectiveness against strategic goals.






37. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






38. (1.) Access controls (2.) Encryption (3.) Audit logging






39. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






40. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






41. (1.) General (2.) Application






42. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






43. Consists of two main packet transport protocols: TCP and UDP.






44. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






45. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






46. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






47. (1.) Physical (2.) Technical (4.) Administrative






48. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






49. Used to estimate the effort required to develop a software program.






50. Used to measure the relative maturity of an organization and its processes.