Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Describes the effect on the business if a process is incapacitated for any appreciable time






2. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






3. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






4. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






5. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






6. Focuses on: post-event recovery and restoration of services






7. Gantt: used to display ______________.






8. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






9. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






10. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.






11. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






12. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






13. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






14. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






15. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






16. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






17. (1.) Physical (2.) Technical (4.) Administrative






18. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






19. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






20. Subjective sampling is used when the auditor wants to _________________________.






21. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






22. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






23. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






24. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






25. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






26. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






27. The memory locations in the CPU where arithmetic values are stored.






28. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






29. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






30. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.






31. To measure organizational performance and effectiveness against strategic goals.






32. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






33. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun






34. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






35. Contains programs that communicate directly with the end user.






36. (1.) TCP (2.) UDP






37. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






38. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.






39. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






40. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






41. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






42. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






43. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






44. The highest number of errors that can exist without a result being materially misstated.






45. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






46. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






47. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






48. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






49. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






50. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests