Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A maturity model that represents the aggregations of other maturity models.






2. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






3. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






4. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






5. Used to measure the relative maturity of an organization and its processes.






6. Collections of Controls that work together to achieve an entire range of an organization's objectives.






7. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.






8. IT Governance is most concerned with ________.






9. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






10. Lowest layer. Delivers messages (frames) from one station to another vial local network.






11. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret






12. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






13. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






14. Delivery of packets from one station to another - on the same network or on different networks.






15. (1.) Access controls (2.) Encryption (3.) Audit logging






16. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






17. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






18. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






19. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






20. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






21. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






22. Handle application processing






23. (1.) Objectives (2.) Components (3.) Business Units / Areas






24. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






25. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






26. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






27. The means by which management establishes and measures processes by which organizational objectives are achieved






28. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






29. The first major task in a disaster recovery or business continuity planning project.






30. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






31. An audit of a third-party organization that provides services to other organizations.






32. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they






33. Concerned with electrical and physical specifications for devices. No frames or packets involved.






34. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






35. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






36. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






37. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






38. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






39. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






40. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






41. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






42. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






43. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






44. To measure organizational performance and effectiveness against strategic goals.






45. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






46. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.






47. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






48. The main hardware component of a computer system - which executes instructions in computer programs.






49. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






50. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.