Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Subjective sampling is used when the auditor wants to _________________________.






2. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






3. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






4. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






5. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






6. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






7. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






8. To communication security policies - procedures - and other security-related information to an organization's employees.






9. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






10. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






11. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






12. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






13. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






14. (1.) TCP (2.) UDP






15. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






16. An audit of operational efficiency.






17. An audit of an IS department's operations and systems.






18. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






19. (1.) Objectives (2.) Components (3.) Business Units / Areas






20. 1.) Executive Support (2.) Well-defined roles and responsibilities.






21. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






22. Handle application processing






23. An alternate processing center that contains no information processing equipment.






24. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






25. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






26. The memory locations in the CPU where arithmetic values are stored.






27. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






28. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


29. Defines internal controls and provides guidance for assessing and improving internal control systems.






30. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






31. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






32. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






33. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






34. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






35. Delivery of packets from one station to another - on the same network or on different networks.






36. A representation of how closely a sample represents an entire population.






37. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.






38. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






39. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






40. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






41. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






42. The inventory of all in-scope business processes and systems






43. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






44. (1.) Link (2.) Internet (3.) Transport (4.) Application






45. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






46. PERT: shows the ______________ critical path.






47. The means by which management establishes and measures processes by which organizational objectives are achieved






48. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






49. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






50. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient