Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






2. To measure organizational performance and effectiveness against strategic goals.






3. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






4. The maximum period of downtime for a process or application






5. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






6. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






7. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






8. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






9. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg






10. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






11. (1.) Physical (2.) Technical (4.) Administrative






12. IT Governance is most concerned with ________.






13. A collection of two or more servers that is designed to appear as a single server.






14. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






15. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






16. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






17. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






18. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






19. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






20. What type of testing is performed to determine if control procedures have proper design and are operating properly?






21. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






22. Used to estimate the effort required to develop a software program.






23. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






24. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






25. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






26. The memory locations in the CPU where arithmetic values are stored.






27. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






28. (1.) Automatic (2.) Manual






29. (1.) Objectives (2.) Components (3.) Business Units / Areas






30. Consists of two main packet transport protocols: TCP and UDP.






31. Delivery of packets from one station to another - on the same network or on different networks.






32. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






33. (1.) Link (2.) Internet (3.) Transport (4.) Application






34. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






35. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






36. IT Service Management is defined in ___________________ framework.






37. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






38. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






39. To communication security policies - procedures - and other security-related information to an organization's employees.






40. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






41. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






42. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






43. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






44. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






45. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






46. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.






47. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






48. Focuses on: post-event recovery and restoration of services






49. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






50. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests