Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






2. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






3. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






4. 1.) Executive Support (2.) Well-defined roles and responsibilities.






5. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






6. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






7. (1.) Link (2.) Internet (3.) Transport (4.) Application






8. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






9. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






10. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP






11. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






12. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






13. Framework for auditing and measuring IT Service Management Processes.






14. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






15. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg






16. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






17. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






18. A maturity model that represents the aggregations of other maturity models.






19. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






20. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






21. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






22. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






23. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






24. (1.) Objectives (2.) Components (3.) Business Units / Areas






25. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






26. To communication security policies - procedures - and other security-related information to an organization's employees.






27. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






28. Guide program execution through organization of resources and development of clear project objectives.






29. A sampling technique where at least one exception is sought in a population






30. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






31. The memory locations in the CPU where arithmetic values are stored.






32. (1.) Automatic (2.) Manual






33. An audit that is performed in support of an anticipated or active legal proceeding.






34. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






35. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






36. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






37. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






38. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






39. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






40. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






41. (1.) Physical (2.) Technical (4.) Administrative






42. Concerned with electrical and physical specifications for devices. No frames or packets involved.






43. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






44. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






45. Disasters are generally grouped in terms of type: ______________.






46. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






47. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






48. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






49. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






50. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.