Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






2. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






3. An audit that is performed in support of an anticipated or active legal proceeding.






4. A representation of how closely a sample represents an entire population.






5. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






6. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






7. The inventory of all in-scope business processes and systems






8. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.






9. The means by which management establishes and measures processes by which organizational objectives are achieved






10. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






11. IT Governance is most concerned with ________.






12. (1.) General (2.) Application






13. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






14. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






15. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






16. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






17. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






18. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






19. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






20. Used to estimate the effort required to develop a software program.






21. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






22. The first major task in a disaster recovery or business continuity planning project.






23. Handle application processing






24. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






25. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






26. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






27. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






28. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






29. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






30. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






31. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






32. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






33. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






34. The memory locations in the CPU where arithmetic values are stored.






35. The sum of all samples divided by the number of samples.






36. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


37. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






38. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






39. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






40. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






41. Delivery of packets from one station to another - on the same network or on different networks.






42. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






43. The maximum period of downtime for a process or application






44. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






45. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






46. 1.) Executive Support (2.) Well-defined roles and responsibilities.






47. Gantt: used to display ______________.






48. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






49. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






50. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.