Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






2. Consists of two main packet transport protocols: TCP and UDP.






3. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






4. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






5. An audit that is performed in support of an anticipated or active legal proceeding.






6. Handle application processing






7. (1.) Automatic (2.) Manual






8. (1.) Physical (2.) Technical (4.) Administrative






9. The risk that an IS auditor will overlook errors or exceptions during an audit.






10. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






11. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






12. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






13. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.


14. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






15. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






16. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






17. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






18. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






19. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






20. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






21. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






22. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






23. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






24. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






25. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






26. What type of testing is performed to determine if control procedures have proper design and are operating properly?






27. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






28. A collection of two or more servers that is designed to appear as a single server.






29. 1.) Executive Support (2.) Well-defined roles and responsibilities.






30. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






31. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






32. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






33. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






34. Support the functioning of the application controls






35. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






36. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






37. An audit of an IS department's operations and systems.






38. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






39. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.






40. A sampling technique where at least one exception is sought in a population






41. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






42. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






43. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






44. Subjective sampling is used when the auditor wants to _________________________.






45. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun






46. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






47. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






48. The inventory of all in-scope business processes and systems






49. Defines internal controls and provides guidance for assessing and improving internal control systems.






50. (1.) General (2.) Application