Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Support the functioning of the application controls






2. To communication security policies - procedures - and other security-related information to an organization's employees.






3. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






4. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






5. An audit of operational efficiency.






6. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






7. 1.) Executive Support (2.) Well-defined roles and responsibilities.






8. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






9. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






10. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






11. Used to determine which business processes are the most critical - by ranking them in order of criticality






12. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






13. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






14. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






15. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






16. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






17. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






18. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






19. Describes the effect on the business if a process is incapacitated for any appreciable time






20. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






21. Defines internal controls and provides guidance for assessing and improving internal control systems.






22. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






23. The inventory of all in-scope business processes and systems






24. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun






25. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






26. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






27. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






28. The risk that an IS auditor will overlook errors or exceptions during an audit.






29. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






30. PERT: shows the ______________ critical path.






31. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






32. An audit that is performed in support of an anticipated or active legal proceeding.






33. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






34. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






35. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






36. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






37. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






38. Gantt: used to display ______________.






39. The maximum period of downtime for a process or application






40. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






41. The means by which management establishes and measures processes by which organizational objectives are achieved






42. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






43. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






44. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






45. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






46. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






47. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






48. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






49. IT Governance is most concerned with ________.






50. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.