Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






2. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






3. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






4. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






5. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






6. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






7. A collection of two or more servers that is designed to appear as a single server.






8. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.






9. The maximum period of downtime for a process or application






10. Defines internal controls and provides guidance for assessing and improving internal control systems.






11. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






12. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






13. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






14. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






15. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






16. Gantt: used to display ______________.






17. The main hardware component of a computer system - which executes instructions in computer programs.






18. Support the functioning of the application controls






19. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






20. A maturity model that represents the aggregations of other maturity models.






21. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






22. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






23. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






24. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






25. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






26. Describes the effect on the business if a process is incapacitated for any appreciable time






27. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






28. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






29. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.






30. Used to estimate the effort required to develop a software program.






31. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.






32. Concerned with electrical and physical specifications for devices. No frames or packets involved.






33. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






34. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret






35. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






36. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


37. (1.) General (2.) Application






38. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






39. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






40. Used to measure the relative maturity of an organization and its processes.






41. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






42. The means by which management establishes and measures processes by which organizational objectives are achieved






43. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






44. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






45. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






46. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP






47. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






48. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






49. Collections of Controls that work together to achieve an entire range of an organization's objectives.






50. IT Service Management is defined in ___________________ framework.