Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Automatic (2.) Manual






2. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






3. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






4. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






5. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






6. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






7. The first major task in a disaster recovery or business continuity planning project.






8. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






9. An audit of an IS department's operations and systems.






10. An audit that is performed in support of an anticipated or active legal proceeding.






11. Subjective sampling is used when the auditor wants to _________________________.






12. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






13. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






14. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






15. The risk that an IS auditor will overlook errors or exceptions during an audit.






16. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






17. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review






18. (1.) General (2.) Application






19. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






20. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






21. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






22. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






23. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






24. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






25. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






26. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






27. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






28. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






29. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






30. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






31. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






32. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






33. The means by which management establishes and measures processes by which organizational objectives are achieved






34. (1.) Access controls (2.) Encryption (3.) Audit logging






35. 1.) Executive Support (2.) Well-defined roles and responsibilities.






36. One of a database table's fields - whose value is unique.






37. Guide program execution through organization of resources and development of clear project objectives.






38. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






39. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






40. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






41. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






42. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






43. An audit of a third-party organization that provides services to other organizations.






44. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






45. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






46. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






47. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






48. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






49. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






50. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests