Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






2. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






3. The means by which management establishes and measures processes by which organizational objectives are achieved






4. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






5. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






6. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






7. Guide program execution through organization of resources and development of clear project objectives.






8. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






9. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






10. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






11. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






12. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






13. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






14. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






15. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






16. The inventory of all in-scope business processes and systems






17. The sum of all samples divided by the number of samples.






18. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






19. (1.) Automatic (2.) Manual






20. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






21. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






22. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






23. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






24. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






25. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






26. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






27. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






28. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






29. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






30. The memory locations in the CPU where arithmetic values are stored.






31. A maturity model that represents the aggregations of other maturity models.






32. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






33. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






34. The maximum period of downtime for a process or application






35. The highest number of errors that can exist without a result being materially misstated.






36. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






37. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






38. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






39. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






40. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






41. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors






42. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






43. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






44. An audit that combines an operational audit and a financial audit.






45. PERT: shows the ______________ critical path.






46. A representation of how closely a sample represents an entire population.






47. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






48. IT Governance is most concerned with ________.






49. Delivery of packets from one station to another - on the same network or on different networks.






50. Concerned with electrical and physical specifications for devices. No frames or packets involved.