Test your basic knowledge |

CISA: Certified Information Systems Auditor

  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25

2. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified

3. Guide program execution through organization of resources and development of clear project objectives.

4. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number

5. IT Service Management is defined in ___________________ framework.

6. Used to estimate the effort required to develop a software program.

7. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.

8. Defines internal controls and provides guidance for assessing and improving internal control systems.

9. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.

10. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them

11. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)

12. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider

13. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment

14. Collections of Controls that work together to achieve an entire range of an organization's objectives.

15. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they

16. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.

17. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components

18. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.

19. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog

20. IT Governance is most concerned with ________.

21. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient

22. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.

23. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.

24. An audit that is performed in support of an anticipated or active legal proceeding.

25. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie

26. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.

27. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery

28. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine

29. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.

30. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools

31. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.

32. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.

33. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug

34. A collection of two or more servers that is designed to appear as a single server.

35. A technique that is used to select a portion of a population when it is not feasible to test an entire population.

36. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS

37. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.

38. 1.) Executive Support (2.) Well-defined roles and responsibilities.

39. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk

40. Used to translate or transform data from lower layers into formats that the application layer can work with.

41. To measure organizational performance and effectiveness against strategic goals.

42. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect

43. The maximum period of downtime for a process or application

44. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun

45. A maturity model that represents the aggregations of other maturity models.

46. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk

47. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)

48. Concerned with electrical and physical specifications for devices. No frames or packets involved.

49. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.

50. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.