Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit that is performed in support of an anticipated or active legal proceeding.






2. Lowest layer. Delivers messages (frames) from one station to another vial local network.






3. PERT: shows the ______________ critical path.






4. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






5. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






6. (1.) Objectives (2.) Components (3.) Business Units / Areas






7. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






8. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






9. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






10. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






11. ITIL term used to describe the SDLC.






12. The inventory of all in-scope business processes and systems






13. The highest number of errors that can exist without a result being materially misstated.






14. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






15. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






16. (1.) Automatic (2.) Manual






17. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






18. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






19. Used to estimate the effort required to develop a software program.






20. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.






21. Describes the effect on the business if a process is incapacitated for any appreciable time






22. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






23. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they






24. What type of testing is performed to determine if control procedures have proper design and are operating properly?






25. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






26. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


27. A collection of two or more servers that is designed to appear as a single server.






28. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






29. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






30. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






31. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.






32. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






33. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






34. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






35. A maturity model that represents the aggregations of other maturity models.






36. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






37. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






38. Delivery of packets from one station to another - on the same network or on different networks.






39. Focuses on: post-event recovery and restoration of services






40. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






41. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






42. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






43. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






44. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






45. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






46. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






47. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






48. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






49. (1.) TCP (2.) UDP






50. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.