Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






2. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






3. The inventory of all in-scope business processes and systems






4. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






5. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






6. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they






7. (1.) General (2.) Application






8. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






9. IT Service Management is defined in ___________________ framework.






10. The sum of all samples divided by the number of samples.






11. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






12. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






13. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


14. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






15. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






16. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






17. Gantt: used to display ______________.






18. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






19. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






20. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






21. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






22. The risk that an IS auditor will overlook errors or exceptions during an audit.






23. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






24. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.






25. A collection of two or more servers that is designed to appear as a single server.






26. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






27. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






28. (1.) Physical (2.) Technical (4.) Administrative






29. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






30. Concerned with electrical and physical specifications for devices. No frames or packets involved.






31. Used to translate or transform data from lower layers into formats that the application layer can work with.






32. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun






33. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






34. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






35. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






36. (1.) Automatic (2.) Manual






37. ITIL term used to describe the SDLC.






38. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






39. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






40. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






41. A sampling technique where at least one exception is sought in a population






42. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






43. An audit of an IS department's operations and systems.






44. An audit of operational efficiency.






45. Disasters are generally grouped in terms of type: ______________.






46. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






47. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






48. Used to determine which business processes are the most critical - by ranking them in order of criticality






49. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






50. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.