Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






2. Contains programs that communicate directly with the end user.






3. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






4. (1.) Physical (2.) Technical (4.) Administrative






5. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






6. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






7. (1.) TCP (2.) UDP






8. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






9. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






10. Lowest layer. Delivers messages (frames) from one station to another vial local network.






11. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






12. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






13. An audit of an IS department's operations and systems.






14. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






15. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






16. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






17. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






18. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






19. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






20. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






21. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






22. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






23. IT Governance is most concerned with ________.






24. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






25. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg






26. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






27. Gantt: used to display ______________.






28. An audit that is performed in support of an anticipated or active legal proceeding.






29. Support the functioning of the application controls






30. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






31. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






32. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






33. IT Service Management is defined in ___________________ framework.






34. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






35. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






36. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






37. A collection of two or more servers that is designed to appear as a single server.






38. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






39. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






40. 1.) Executive Support (2.) Well-defined roles and responsibilities.






41. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






42. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






43. The inventory of all in-scope business processes and systems






44. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






45. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






46. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






47. An alternate processing center that contains no information processing equipment.






48. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






49. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.






50. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them