Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they






2. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






3. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






4. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






5. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






6. Framework for auditing and measuring IT Service Management Processes.






7. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






8. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






9. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






10. A collection of two or more servers that is designed to appear as a single server.






11. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






12. (1.) General (2.) Application






13. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






14. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






15. An audit of a third-party organization that provides services to other organizations.






16. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






17. Subjective sampling is used when the auditor wants to _________________________.






18. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






19. Contains programs that communicate directly with the end user.






20. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






21. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






22. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun






23. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






24. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






25. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






26. IT Service Management is defined in ___________________ framework.






27. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






28. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






29. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






30. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






31. A maturity model that represents the aggregations of other maturity models.






32. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






33. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






34. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






35. (1.) Access controls (2.) Encryption (3.) Audit logging






36. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






37. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






38. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






39. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






40. Guide program execution through organization of resources and development of clear project objectives.






41. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






42. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






43. Lowest layer. Delivers messages (frames) from one station to another vial local network.






44. The sum of all samples divided by the number of samples.






45. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






46. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






47. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






48. IT Governance is most concerned with ________.






49. Gantt: used to display ______________.






50. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests