Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






2. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






3. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






4. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






5. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






6. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they






7. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






8. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






9. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






10. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






11. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






12. A maturity model that represents the aggregations of other maturity models.






13. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret






14. An alternate processing center that contains no information processing equipment.






15. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






16. One of a database table's fields - whose value is unique.






17. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






18. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






19. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






20. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






21. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






22. The memory locations in the CPU where arithmetic values are stored.






23. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






24. An audit of operational efficiency.






25. To measure organizational performance and effectiveness against strategic goals.






26. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






27. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






28. Defines internal controls and provides guidance for assessing and improving internal control systems.






29. The maximum period of downtime for a process or application






30. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






31. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






32. 1.) Executive Support (2.) Well-defined roles and responsibilities.






33. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






34. Lowest layer. Delivers messages (frames) from one station to another vial local network.






35. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






36. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






37. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






38. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






39. (1.) Link (2.) Internet (3.) Transport (4.) Application






40. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.






41. Concerned with electrical and physical specifications for devices. No frames or packets involved.






42. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






43. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






44. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






45. The inventory of all in-scope business processes and systems






46. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






47. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






48. A collection of two or more servers that is designed to appear as a single server.






49. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






50. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.