Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An audit of a third-party organization that provides services to other organizations.
Network Layer Protocols
A Service Provider audit
A Forensic Audit
An Administrative

2. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
(1.) Polices (2.) Procedures (3.) Standards
The first step in a business impact analysis
To identify the tasks that are responsible for project delays

3. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The Software Program Library
The typical Configuration Items in Configuration Management
A Forensic Audit
Information security policy

4. ITIL term used to describe the SDLC.
Criticality analysis
OSI: Network Layer
Business Realization
Release management

5. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Sample Standard Deviation
ITIL definition of CHANGE MANAGEMENT
Recovery time objective
Referential Integrity

6. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
objective and unbiased
Business impact analysis
The first step in a business impact analysis

7. IT Service Management is defined in ___________________ framework.
ITIL - IT Infrastructure Library
Business Realization
Input validation checking
Criticality analysis

8. Contains programs that communicate directly with the end user.
OSI Layer 7: Application
Release management
Notify the Audit Committee
Application Layer protocols

9. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Three Types of Controls
TCP/IP Internet Layer
Control Unit
Business Realization

10. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
A Sample Mean
Grid Computing
Employee termination process
Examples of Application Controls

11. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
Control Unit
ITIL definition of CHANGE MANAGEMENT
The two Categories of Controls

12. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Segregation of duties issue in a high value process
The first step in a business impact analysis
Lacks specific expertise or resources to conduct an internal audit
To identify the tasks that are responsible for project delays

13. IT Governance is most concerned with ________.
OSI: Transport Layer
Elements of the COBIT Framework
OSI: Data Link Layer
IT Strategy

14. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Capability Maturity Model
SDLC Phases
The 4-item focus of a Balanced Scorecard
The Release process

15. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Resource details
The typical Configuration Items in Configuration Management
TCP/IP Link Layer
Service Level Management

16. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
Deming Cycle
A Cold Site
Cloud computing

17. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Server cluster
Application Layer protocols
Service Level Management
Disaster Recovery

18. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Statistical Sampling
Foreign Key
Vulnerability in the organization's PBX
A Financial Audit

19. An alternate processing center that contains no information processing equipment.
TCP/IP Internet Layer
A Cold Site
Three Types of Controls
Judgmental sampling

20. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Substantive Testing
Employee termination process
The Software Program Library
PERT Diagram?

21. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
The Release process
Emergency Changes
Control Unit
Split custody

22. The highest number of errors that can exist without a result being materially misstated.
The appropriate role of an IS auditor in a control self-assessment
OSI Layer 5: Session
Testing activities
Tolerable Error Rate

23. (1.) Link (2.) Internet (3.) Transport (4.) Application
Balanced Scorecard
Split custody
Deming Cycle
TCP/IP Network Model

24. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
The Release process
IT Service Management
Deming Cycle
ITIL definition of PROBLEM

25. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
IT standards are not being reviewed often enough
Service Continuity Management
ISO 20000 Standard:
Sampling

26. Focuses on: post-event recovery and restoration of services
Disaster Recovery
The 4-item focus of a Balanced Scorecard
BCP Plans
Lacks specific expertise or resources to conduct an internal audit

27. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Substantive Testing
Confidence coefficient
Six steps of the Release Management process
Categories of risk treatment

28. An audit of operational efficiency.
An Administrative
Registers
Attribute Sampling
Six steps of the Release Management process

29. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
CPU
Examples of IT General Controls
SDLC Phases

30. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
OSI Layer 6: Presentation
ITIL definition of CHANGE MANAGEMENT
Detection Risk
Control Risk

31. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Stay current with technology
The 4-item focus of a Balanced Scorecard
Employee termination process
CPU

32. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
less than 24 hours
Control Unit
A gate process
objective and unbiased

33. The first major task in a disaster recovery or business continuity planning project.
The Eight Types of Audits
Hash
Stay current with technology
Business impact analysis

34. To measure organizational performance and effectiveness against strategic goals.
The Software Program Library
The availability of IT systems
Project change request
Balanced Scorecard

35. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
Vulnerability in the organization's PBX
Sampling Risk
OSI: Network Layer

36. A collection of two or more servers that is designed to appear as a single server.
Inherent Risk
Grid Computing
Employee termination process
Server cluster

37. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
Stay current with technology
Capability Maturity Model Integration (CMMI)
Resource details

38. Handle application processing
Control Unit
General Controls
Application Controls
Dimensions of the COSO cube

39. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Entire password for an encryption key
Documentation and interview personnel
Expected Error Rate
Categories of risk treatment

40. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
The Steering Committee
Compliance Testing
(1.) Polices (2.) Procedures (3.) Standards

41. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
The BCP process
Background checks performed
More difficult to perform
The Software Program Library

42. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
A Virtual Server
Function Point Analysis
The appropriate role of an IS auditor in a control self-assessment
Formal waterfall

43. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
An Integrated Audit
Prblem Management
Structural fires and transportation accidents

44. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Substantive Testing (test of transaction integrity)
The Steering Committee
Emergency Changes
Deming Cycle

45. The maximum period of downtime for a process or application
Documentation and interview personnel
Sampling Risk
Recovery time objective
List of systems examined

46. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Control Risk
The two Categories of Controls
Sample Standard Deviation

47. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Control Risk
The typical Configuration Items in Configuration Management
objective and unbiased
Confidence coefficient

48. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Statistical Sampling
Sampling Risk
Precision means
Detection Risk

49. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Types of sampling an auditor can perform.
BCP Plans
Tolerable Error Rate

50. (1.) TCP (2.) UDP
Inform the auditee
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
TCP/IP Transport Layer
Transport Layer Protocols