Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






2. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






3. Subjective sampling is used when the auditor wants to _________________________.






4. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






5. A maturity model that represents the aggregations of other maturity models.






6. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






7. An audit of a third-party organization that provides services to other organizations.






8. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






9. (1.) Physical (2.) Technical (4.) Administrative






10. The highest number of errors that can exist without a result being materially misstated.






11. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






12. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






13. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






14. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg






15. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






16. 1.) Executive Support (2.) Well-defined roles and responsibilities.






17. A collection of two or more servers that is designed to appear as a single server.






18. Used to measure the relative maturity of an organization and its processes.






19. An audit of an IS department's operations and systems.






20. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






21. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






22. Gantt: used to display ______________.






23. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






24. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






25. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






26. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






27. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






28. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






29. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






30. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






31. What type of testing is performed to determine if control procedures have proper design and are operating properly?






32. (1.) Automatic (2.) Manual






33. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






34. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






35. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






36. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






37. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






38. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






39. Used to determine which business processes are the most critical - by ranking them in order of criticality






40. A representation of how closely a sample represents an entire population.






41. A sampling technique where at least one exception is sought in a population






42. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






43. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






44. Guide program execution through organization of resources and development of clear project objectives.






45. The inventory of all in-scope business processes and systems






46. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






47. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






48. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.






49. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






50. (1.) TCP (2.) UDP