Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






2. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






3. Used to measure the relative maturity of an organization and its processes.






4. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






5. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






6. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






7. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






8. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






9. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






10. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.






11. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






12. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






13. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






14. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






15. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






16. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






17. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






18. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






19. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






20. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






21. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






22. The first major task in a disaster recovery or business continuity planning project.






23. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






24. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






25. Framework for auditing and measuring IT Service Management Processes.






26. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






27. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






28. The sum of all samples divided by the number of samples.






29. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






30. Support the functioning of the application controls






31. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






32. An alternate processing center that contains no information processing equipment.






33. Consists of two main packet transport protocols: TCP and UDP.






34. Concerned with electrical and physical specifications for devices. No frames or packets involved.






35. ITIL term used to describe the SDLC.






36. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






37. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






38. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






39. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






40. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






41. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






42. Gantt: used to display ______________.






43. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






44. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






45. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






46. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






47. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






48. Guide program execution through organization of resources and development of clear project objectives.






49. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun






50. (1.) Objectives (2.) Components (3.) Business Units / Areas







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests