Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






2. ITIL term used to describe the SDLC.






3. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






4. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






5. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






6. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


7. The first major task in a disaster recovery or business continuity planning project.






8. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






9. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






10. An audit that is performed in support of an anticipated or active legal proceeding.






11. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






12. (1.) General (2.) Application






13. Lowest layer. Delivers messages (frames) from one station to another vial local network.






14. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






15. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






16. (1.) Physical (2.) Technical (4.) Administrative






17. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






18. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






19. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






20. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






21. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






22. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






23. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






24. Consists of two main packet transport protocols: TCP and UDP.






25. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






26. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






27. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






28. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






29. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






30. A maturity model that represents the aggregations of other maturity models.






31. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






32. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






33. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






34. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






35. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






36. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






37. The memory locations in the CPU where arithmetic values are stored.






38. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






39. Gantt: used to display ______________.






40. Collections of Controls that work together to achieve an entire range of an organization's objectives.






41. An alternate processing center that contains no information processing equipment.






42. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.






43. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






44. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






45. An audit of a third-party organization that provides services to other organizations.






46. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






47. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






48. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






49. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






50. An estimate that expresses the percent of errors or exceptions that may exist in an entire population