Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Access controls (2.) Encryption (3.) Audit logging






2. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






3. Subjective sampling is used when the auditor wants to _________________________.






4. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






5. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






6. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






7. (1.) General (2.) Application






8. IT Governance is most concerned with ________.






9. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






10. What type of testing is performed to determine if control procedures have proper design and are operating properly?






11. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






12. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






13. Consists of two main packet transport protocols: TCP and UDP.






14. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






15. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






16. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






17. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






18. ITIL term used to describe the SDLC.






19. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






20. The sum of all samples divided by the number of samples.






21. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.






22. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






23. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






24. (1.) Physical (2.) Technical (4.) Administrative






25. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






26. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






27. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






28. (1.) Link (2.) Internet (3.) Transport (4.) Application






29. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






30. An audit of a third-party organization that provides services to other organizations.






31. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






32. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review






33. A maturity model that represents the aggregations of other maturity models.






34. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






35. The memory locations in the CPU where arithmetic values are stored.






36. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






37. Used to estimate the effort required to develop a software program.






38. The highest number of errors that can exist without a result being materially misstated.






39. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






40. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






41. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






42. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






43. Handle application processing






44. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






45. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






46. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






47. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






48. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






49. To measure organizational performance and effectiveness against strategic goals.






50. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests