Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The highest number of errors that can exist without a result being materially misstated.






2. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






3. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun






4. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors






5. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






6. (1.) Access controls (2.) Encryption (3.) Audit logging






7. An audit of operational efficiency.






8. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






9. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






10. The inventory of all in-scope business processes and systems






11. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






12. The risk that an IS auditor will overlook errors or exceptions during an audit.






13. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






14. Used to determine which business processes are the most critical - by ranking them in order of criticality






15. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.






16. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






17. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






18. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






19. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






20. A representation of how closely a sample represents an entire population.






21. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






22. To measure organizational performance and effectiveness against strategic goals.






23. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






24. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






25. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






26. One of a database table's fields - whose value is unique.






27. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






28. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






29. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






30. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






31. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.






32. (1.) Objectives (2.) Components (3.) Business Units / Areas






33. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






34. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






35. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






36. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






37. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






38. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg






39. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






40. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






41. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






42. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






43. IT Service Management is defined in ___________________ framework.






44. Subjective sampling is used when the auditor wants to _________________________.






45. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






46. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


47. Describes the effect on the business if a process is incapacitated for any appreciable time






48. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






49. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






50. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity