Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






2. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






3. One of a database table's fields - whose value is unique.






4. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






5. Gantt: used to display ______________.






6. (1.) TCP (2.) UDP






7. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






8. Disasters are generally grouped in terms of type: ______________.






9. Handle application processing






10. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






11. A maturity model that represents the aggregations of other maturity models.






12. The risk that an IS auditor will overlook errors or exceptions during an audit.






13. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






14. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






15. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






16. What type of testing is performed to determine if control procedures have proper design and are operating properly?






17. Lowest layer. Delivers messages (frames) from one station to another vial local network.






18. Contains programs that communicate directly with the end user.






19. (1.) Objectives (2.) Components (3.) Business Units / Areas






20. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






21. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






22. Delivery of packets from one station to another - on the same network or on different networks.






23. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






24. A sampling technique where at least one exception is sought in a population






25. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






26. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






27. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






28. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






29. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






30. An audit that is performed in support of an anticipated or active legal proceeding.






31. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






32. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






33. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they






34. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






35. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






36. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






37. An alternate processing center that contains no information processing equipment.






38. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






39. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






40. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






41. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






42. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






43. 1.) Executive Support (2.) Well-defined roles and responsibilities.






44. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






45. PERT: shows the ______________ critical path.






46. Used to determine which business processes are the most critical - by ranking them in order of criticality






47. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






48. The means by which management establishes and measures processes by which organizational objectives are achieved






49. Used to translate or transform data from lower layers into formats that the application layer can work with.






50. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests