Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






2. Contains programs that communicate directly with the end user.






3. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






4. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






5. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






6. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






7. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






8. A representation of how closely a sample represents an entire population.






9. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






10. (1.) Automatic (2.) Manual






11. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






12. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






13. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






14. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






15. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






16. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






17. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






18. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






19. The means by which management establishes and measures processes by which organizational objectives are achieved






20. Framework for auditing and measuring IT Service Management Processes.






21. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






22. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






23. The maximum period of downtime for a process or application






24. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






25. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






26. Used to determine which business processes are the most critical - by ranking them in order of criticality






27. Used to estimate the effort required to develop a software program.






28. (1.) General (2.) Application






29. Defines internal controls and provides guidance for assessing and improving internal control systems.






30. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






31. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






32. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






33. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






34. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






35. Delivery of packets from one station to another - on the same network or on different networks.






36. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






37. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review






38. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






39. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






40. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






41. The first major task in a disaster recovery or business continuity planning project.






42. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






43. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






44. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






45. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






46. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






47. Guide program execution through organization of resources and development of clear project objectives.






48. To measure organizational performance and effectiveness against strategic goals.






49. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






50. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)