Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






2. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






3. A sampling technique where at least one exception is sought in a population






4. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






5. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






6. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






7. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






8. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






9. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






10. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






11. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






12. Disasters are generally grouped in terms of type: ______________.






13. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






14. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






15. Describes the effect on the business if a process is incapacitated for any appreciable time






16. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






17. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






18. Focuses on: post-event recovery and restoration of services






19. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






20. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






21. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






22. IT Governance is most concerned with ________.






23. The risk that an IS auditor will overlook errors or exceptions during an audit.






24. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






25. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






26. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






27. A collection of two or more servers that is designed to appear as a single server.






28. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






29. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






30. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






31. Delivery of packets from one station to another - on the same network or on different networks.






32. The maximum period of downtime for a process or application






33. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






34. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






35. Subjective sampling is used when the auditor wants to _________________________.






36. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






37. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






38. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






39. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






40. Defines internal controls and provides guidance for assessing and improving internal control systems.






41. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






42. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






43. Used to measure the relative maturity of an organization and its processes.






44. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






45. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






46. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






47. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






48. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






49. An audit of a third-party organization that provides services to other organizations.






50. The inventory of all in-scope business processes and systems