Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






2. Defines internal controls and provides guidance for assessing and improving internal control systems.






3. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






4. Guide program execution through organization of resources and development of clear project objectives.






5. An audit of a third-party organization that provides services to other organizations.






6. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






7. The memory locations in the CPU where arithmetic values are stored.






8. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






9. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






10. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






11. Used to determine which business processes are the most critical - by ranking them in order of criticality






12. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






13. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






14. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






15. To measure organizational performance and effectiveness against strategic goals.






16. IT Governance is most concerned with ________.






17. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






18. Collections of Controls that work together to achieve an entire range of an organization's objectives.






19. (1.) Objectives (2.) Components (3.) Business Units / Areas






20. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






21. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






22. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






23. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






24. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






25. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






26. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






27. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






28. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






29. Consists of two main packet transport protocols: TCP and UDP.






30. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






31. The highest number of errors that can exist without a result being materially misstated.






32. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






33. Concerned with electrical and physical specifications for devices. No frames or packets involved.






34. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






35. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






36. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.






37. ITIL term used to describe the SDLC.






38. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






39. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






40. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






41. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






42. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






43. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






44. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






45. An audit of an IS department's operations and systems.






46. Used to measure the relative maturity of an organization and its processes.






47. Handle application processing






48. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






49. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






50. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.