Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. One of a database table's fields - whose value is unique.






2. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they






3. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






4. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






5. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






6. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






7. An audit of a third-party organization that provides services to other organizations.






8. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






9. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


10. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






11. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






12. A sampling technique where at least one exception is sought in a population






13. Lowest layer. Delivers messages (frames) from one station to another vial local network.






14. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






15. Framework for auditing and measuring IT Service Management Processes.






16. Support the functioning of the application controls






17. Contains programs that communicate directly with the end user.






18. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






19. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






20. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






21. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






22. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






23. An audit that is performed in support of an anticipated or active legal proceeding.






24. Defines internal controls and provides guidance for assessing and improving internal control systems.






25. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






26. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






27. Describes the effect on the business if a process is incapacitated for any appreciable time






28. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






29. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






30. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






31. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






32. (1.) Objectives (2.) Components (3.) Business Units / Areas






33. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






34. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






35. An audit of an IS department's operations and systems.






36. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






37. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






38. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






39. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






40. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






41. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






42. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






43. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






44. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






45. An audit of operational efficiency.






46. Focuses on: post-event recovery and restoration of services






47. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






48. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






49. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






50. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation