Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






2. An audit that combines an operational audit and a financial audit.






3. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






4. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






5. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






6. Collections of Controls that work together to achieve an entire range of an organization's objectives.






7. Used to estimate the effort required to develop a software program.






8. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






9. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






10. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






11. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






12. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






13. Focuses on: post-event recovery and restoration of services






14. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






15. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






16. Describes the effect on the business if a process is incapacitated for any appreciable time






17. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






18. The main hardware component of a computer system - which executes instructions in computer programs.






19. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






20. ITIL term used to describe the SDLC.






21. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






22. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






23. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






24. The sum of all samples divided by the number of samples.






25. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






26. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






27. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






28. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






29. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






30. Framework for auditing and measuring IT Service Management Processes.






31. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






32. A maturity model that represents the aggregations of other maturity models.






33. Delivery of packets from one station to another - on the same network or on different networks.






34. A collection of two or more servers that is designed to appear as a single server.






35. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






36. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






37. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






38. PERT: shows the ______________ critical path.






39. The risk that an IS auditor will overlook errors or exceptions during an audit.






40. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






41. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






42. (1.) Link (2.) Internet (3.) Transport (4.) Application






43. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






44. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






45. An audit of a third-party organization that provides services to other organizations.






46. An audit of an IS department's operations and systems.






47. IT Service Management is defined in ___________________ framework.






48. An audit of operational efficiency.






49. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






50. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests