Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






2. An audit of a third-party organization that provides services to other organizations.






3. PERT: shows the ______________ critical path.






4. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






5. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






6. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






7. Used to estimate the effort required to develop a software program.






8. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






9. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






10. Consists of two main packet transport protocols: TCP and UDP.






11. Handle application processing






12. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






13. Disasters are generally grouped in terms of type: ______________.






14. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






15. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they






16. Subjective sampling is used when the auditor wants to _________________________.






17. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






18. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






19. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






20. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






21. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






22. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






23. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






24. An audit of an IS department's operations and systems.






25. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






26. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






27. To communication security policies - procedures - and other security-related information to an organization's employees.






28. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






29. Used to measure the relative maturity of an organization and its processes.






30. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






31. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






32. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






33. The risk that an IS auditor will overlook errors or exceptions during an audit.






34. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






35. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






36. A maturity model that represents the aggregations of other maturity models.






37. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






38. IT Governance is most concerned with ________.






39. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






40. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






41. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






42. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






43. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






44. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






45. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






46. Guide program execution through organization of resources and development of clear project objectives.






47. The means by which management establishes and measures processes by which organizational objectives are achieved






48. The highest number of errors that can exist without a result being materially misstated.






49. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






50. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act