Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






2. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






3. (1.) Automatic (2.) Manual






4. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






5. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






6. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






7. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






8. Collections of Controls that work together to achieve an entire range of an organization's objectives.






9. (1.) Physical (2.) Technical (4.) Administrative






10. An audit that combines an operational audit and a financial audit.






11. IT Governance is most concerned with ________.






12. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






13. One of a database table's fields - whose value is unique.






14. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






15. Concerned with electrical and physical specifications for devices. No frames or packets involved.






16. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






17. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






18. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






19. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






20. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






21. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






22. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






23. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






24. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






25. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






26. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






27. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






28. Used to measure the relative maturity of an organization and its processes.






29. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






30. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






31. A maturity model that represents the aggregations of other maturity models.






32. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






33. IT Service Management is defined in ___________________ framework.






34. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






35. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






36. The memory locations in the CPU where arithmetic values are stored.






37. Subjective sampling is used when the auditor wants to _________________________.






38. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






39. To communication security policies - procedures - and other security-related information to an organization's employees.






40. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






41. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






42. ITIL term used to describe the SDLC.






43. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






44. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






45. Defines internal controls and provides guidance for assessing and improving internal control systems.






46. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






47. Handle application processing






48. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






49. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






50. The main hardware component of a computer system - which executes instructions in computer programs.