Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To measure organizational performance and effectiveness against strategic goals.






2. (1.) Automatic (2.) Manual






3. The inventory of all in-scope business processes and systems






4. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






5. The maximum period of downtime for a process or application






6. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors






7. A sampling technique where at least one exception is sought in a population






8. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






9. An audit of a third-party organization that provides services to other organizations.






10. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






11. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






12. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






13. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






14. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret






15. The means by which management establishes and measures processes by which organizational objectives are achieved






16. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






17. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






18. Consists of two main packet transport protocols: TCP and UDP.






19. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






20. A representation of how closely a sample represents an entire population.






21. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






22. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






23. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






24. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






25. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






26. Contains programs that communicate directly with the end user.






27. (1.) Objectives (2.) Components (3.) Business Units / Areas






28. The sum of all samples divided by the number of samples.






29. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






30. Defines internal controls and provides guidance for assessing and improving internal control systems.






31. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






32. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






33. Handle application processing






34. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






35. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






36. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






37. Delivery of packets from one station to another - on the same network or on different networks.






38. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.






39. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






40. Lowest layer. Delivers messages (frames) from one station to another vial local network.






41. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






42. The memory locations in the CPU where arithmetic values are stored.






43. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






44. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






45. Used to measure the relative maturity of an organization and its processes.






46. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






47. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






48. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






49. Used to estimate the effort required to develop a software program.






50. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.