Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






2. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






3. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






4. Handle application processing






5. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






6. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






7. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






8. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






9. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






10. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






11. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






12. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






13. Guide program execution through organization of resources and development of clear project objectives.






14. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






15. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






16. To communication security policies - procedures - and other security-related information to an organization's employees.






17. The memory locations in the CPU where arithmetic values are stored.






18. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






19. (1.) TCP (2.) UDP






20. Framework for auditing and measuring IT Service Management Processes.






21. (1.) Automatic (2.) Manual






22. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






23. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






24. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






25. (1.) Link (2.) Internet (3.) Transport (4.) Application






26. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






27. IT Governance is most concerned with ________.






28. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






29. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






30. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






31. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






32. The highest number of errors that can exist without a result being materially misstated.






33. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






34. (1.) Access controls (2.) Encryption (3.) Audit logging






35. Focuses on: post-event recovery and restoration of services






36. (1.) Physical (2.) Technical (4.) Administrative






37. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






38. Used to determine which business processes are the most critical - by ranking them in order of criticality






39. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






40. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






41. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






42. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






43. 1.) Executive Support (2.) Well-defined roles and responsibilities.






44. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






45. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






46. An audit that is performed in support of an anticipated or active legal proceeding.






47. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






48. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






49. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






50. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.