Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






2. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






3. Delivery of packets from one station to another - on the same network or on different networks.






4. The inventory of all in-scope business processes and systems






5. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






6. Collections of Controls that work together to achieve an entire range of an organization's objectives.






7. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






8. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.






9. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






10. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






11. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






12. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






13. To communication security policies - procedures - and other security-related information to an organization's employees.






14. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






15. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun






16. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






17. A sampling technique where at least one exception is sought in a population






18. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






19. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






20. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






21. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






22. Subjective sampling is used when the auditor wants to _________________________.






23. A maturity model that represents the aggregations of other maturity models.






24. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






25. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






26. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






27. Concerned with electrical and physical specifications for devices. No frames or packets involved.






28. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






29. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP






30. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






31. (1.) Physical (2.) Technical (4.) Administrative






32. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






33. (1.) Automatic (2.) Manual






34. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






35. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






36. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






37. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






38. Used to determine which business processes are the most critical - by ranking them in order of criticality






39. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






40. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






41. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






42. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






43. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






44. ITIL term used to describe the SDLC.






45. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






46. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






47. IT Service Management is defined in ___________________ framework.






48. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors






49. An audit of an IS department's operations and systems.






50. Describes the effect on the business if a process is incapacitated for any appreciable time