Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






2. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






3. To communication security policies - procedures - and other security-related information to an organization's employees.






4. (1.) Access controls (2.) Encryption (3.) Audit logging






5. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






6. An audit of a third-party organization that provides services to other organizations.






7. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






8. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






9. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.






10. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






11. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






12. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






13. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






14. (1.) General (2.) Application






15. IT Service Management is defined in ___________________ framework.






16. A representation of how closely a sample represents an entire population.






17. To measure organizational performance and effectiveness against strategic goals.






18. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






19. An alternate processing center that contains no information processing equipment.






20. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






21. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






22. Used to translate or transform data from lower layers into formats that the application layer can work with.






23. A collection of two or more servers that is designed to appear as a single server.






24. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


25. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






26. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






27. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






28. Collections of Controls that work together to achieve an entire range of an organization's objectives.






29. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






30. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






31. Defines internal controls and provides guidance for assessing and improving internal control systems.






32. Subjective sampling is used when the auditor wants to _________________________.






33. Contains programs that communicate directly with the end user.






34. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






35. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






36. Framework for auditing and measuring IT Service Management Processes.






37. A maturity model that represents the aggregations of other maturity models.






38. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






39. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






40. Guide program execution through organization of resources and development of clear project objectives.






41. Gantt: used to display ______________.






42. Disasters are generally grouped in terms of type: ______________.






43. (1.) TCP (2.) UDP






44. Describes the effect on the business if a process is incapacitated for any appreciable time






45. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






46. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






47. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






48. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






49. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






50. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.