Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






2. ITIL term used to describe the SDLC.






3. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






4. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






5. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






6. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






7. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






8. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






9. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






10. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






11. An audit of an IS department's operations and systems.






12. The main hardware component of a computer system - which executes instructions in computer programs.






13. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






14. IT Service Management is defined in ___________________ framework.






15. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






16. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






17. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






18. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






19. An audit of a third-party organization that provides services to other organizations.






20. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






21. Support the functioning of the application controls






22. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






23. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.






24. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






25. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






26. Delivery of packets from one station to another - on the same network or on different networks.






27. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






28. A sampling technique where at least one exception is sought in a population






29. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






30. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






31. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






32. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






33. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






34. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






35. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






36. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






37. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors






38. Describes the effect on the business if a process is incapacitated for any appreciable time






39. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






40. An audit that is performed in support of an anticipated or active legal proceeding.






41. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






42. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






43. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






44. A collection of two or more servers that is designed to appear as a single server.






45. The risk that an IS auditor will overlook errors or exceptions during an audit.






46. Defines internal controls and provides guidance for assessing and improving internal control systems.






47. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






48. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






49. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






50. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun