Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






2. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






3. IT Governance is most concerned with ________.






4. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret






5. Defines internal controls and provides guidance for assessing and improving internal control systems.






6. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






7. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






8. Delivery of packets from one station to another - on the same network or on different networks.






9. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






10. To measure organizational performance and effectiveness against strategic goals.






11. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






12. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






13. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






14. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






15. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






16. The highest number of errors that can exist without a result being materially misstated.






17. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






18. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






19. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






20. Used to translate or transform data from lower layers into formats that the application layer can work with.






21. What type of testing is performed to determine if control procedures have proper design and are operating properly?






22. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






23. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






24. A collection of two or more servers that is designed to appear as a single server.






25. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






26. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






27. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors






28. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






29. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






30. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






31. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






32. Consists of two main packet transport protocols: TCP and UDP.






33. Support the functioning of the application controls






34. Focuses on: post-event recovery and restoration of services






35. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






36. An alternate processing center that contains no information processing equipment.






37. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






38. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






39. Gantt: used to display ______________.






40. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






41. One of a database table's fields - whose value is unique.






42. A sampling technique where at least one exception is sought in a population






43. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






44. (1.) Access controls (2.) Encryption (3.) Audit logging






45. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






46. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






47. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






48. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






49. (1.) Physical (2.) Technical (4.) Administrative






50. The first major task in a disaster recovery or business continuity planning project.