Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






2. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.






3. PERT: shows the ______________ critical path.






4. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






5. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






6. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






7. Used to measure the relative maturity of an organization and its processes.






8. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






9. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






10. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






11. The highest number of errors that can exist without a result being materially misstated.






12. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






13. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






14. To measure organizational performance and effectiveness against strategic goals.






15. IT Service Management is defined in ___________________ framework.






16. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






17. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






18. Contains programs that communicate directly with the end user.






19. A collection of two or more servers that is designed to appear as a single server.






20. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






21. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






22. Used to determine which business processes are the most critical - by ranking them in order of criticality






23. Delivery of packets from one station to another - on the same network or on different networks.






24. An audit of an IS department's operations and systems.






25. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






26. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






27. Disasters are generally grouped in terms of type: ______________.






28. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






29. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






30. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






31. Defines internal controls and provides guidance for assessing and improving internal control systems.






32. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review






33. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






34. (1.) Access controls (2.) Encryption (3.) Audit logging






35. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






36. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


37. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






38. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






39. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






40. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






41. Used to translate or transform data from lower layers into formats that the application layer can work with.






42. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






43. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






44. A sampling technique where at least one exception is sought in a population






45. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun






46. The sum of all samples divided by the number of samples.






47. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






48. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






49. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






50. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.