Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






2. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






3. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






4. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






5. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






6. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






7. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






8. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review






9. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






10. IT Service Management is defined in ___________________ framework.






11. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






12. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






13. (1.) Objectives (2.) Components (3.) Business Units / Areas






14. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






15. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






16. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






17. (1.) Link (2.) Internet (3.) Transport (4.) Application






18. To communication security policies - procedures - and other security-related information to an organization's employees.






19. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






20. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






21. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






22. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






23. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






24. Describes the effect on the business if a process is incapacitated for any appreciable time






25. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






26. (1.) Automatic (2.) Manual






27. (1.) Physical (2.) Technical (4.) Administrative






28. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






29. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






30. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






31. Focuses on: post-event recovery and restoration of services






32. The highest number of errors that can exist without a result being materially misstated.






33. An alternate processing center that contains no information processing equipment.






34. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






35. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






36. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






37. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


38. IT Governance is most concerned with ________.






39. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






40. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






41. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun






42. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






43. 1.) Executive Support (2.) Well-defined roles and responsibilities.






44. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






45. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






46. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.






47. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






48. ITIL term used to describe the SDLC.






49. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






50. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.