Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






2. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






3. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






4. Subjective sampling is used when the auditor wants to _________________________.






5. (1.) General (2.) Application






6. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






7. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






8. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






9. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






10. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






11. (1.) TCP (2.) UDP






12. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






13. IT Service Management is defined in ___________________ framework.






14. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






15. 1.) Executive Support (2.) Well-defined roles and responsibilities.






16. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






17. An alternate processing center that contains no information processing equipment.






18. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






19. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.






20. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






21. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






22. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






23. Lowest layer. Delivers messages (frames) from one station to another vial local network.






24. The first major task in a disaster recovery or business continuity planning project.






25. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






26. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






27. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






28. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






29. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






30. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






31. Delivery of packets from one station to another - on the same network or on different networks.






32. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






33. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






34. Used to estimate the effort required to develop a software program.






35. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






36. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






37. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






38. An audit that is performed in support of an anticipated or active legal proceeding.






39. (1.) Physical (2.) Technical (4.) Administrative






40. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






41. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






42. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






43. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






44. The risk that an IS auditor will overlook errors or exceptions during an audit.






45. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






46. Used to determine which business processes are the most critical - by ranking them in order of criticality






47. The means by which management establishes and measures processes by which organizational objectives are achieved






48. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






49. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






50. Contains programs that communicate directly with the end user.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests