Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






2. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






3. One of a database table's fields - whose value is unique.






4. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






5. (1.) Link (2.) Internet (3.) Transport (4.) Application






6. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






7. Used to translate or transform data from lower layers into formats that the application layer can work with.






8. Used to measure the relative maturity of an organization and its processes.






9. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






10. The first major task in a disaster recovery or business continuity planning project.






11. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






12. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






13. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






14. PERT: shows the ______________ critical path.






15. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






16. (1.) General (2.) Application






17. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






18. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






19. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






20. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






21. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






22. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






23. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






24. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






25. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






26. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






27. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






28. Describes the effect on the business if a process is incapacitated for any appreciable time






29. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






30. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






31. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP






32. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






33. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






34. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






35. Consists of two main packet transport protocols: TCP and UDP.






36. A representation of how closely a sample represents an entire population.






37. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






38. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






39. The maximum period of downtime for a process or application






40. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






41. Contains programs that communicate directly with the end user.






42. (1.) Physical (2.) Technical (4.) Administrative






43. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






44. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






45. (1.) Objectives (2.) Components (3.) Business Units / Areas






46. An audit that combines an operational audit and a financial audit.






47. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






48. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






49. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






50. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog