Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A maturity model that represents the aggregations of other maturity models.






2. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






3. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP






4. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






5. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






6. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






7. An alternate processing center that contains no information processing equipment.






8. Concerned with electrical and physical specifications for devices. No frames or packets involved.






9. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






10. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






11. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






12. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






13. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






14. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






15. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






16. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






17. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






18. Used to estimate the effort required to develop a software program.






19. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






20. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






21. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






22. The sum of all samples divided by the number of samples.






23. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






24. An audit that is performed in support of an anticipated or active legal proceeding.






25. The risk that an IS auditor will overlook errors or exceptions during an audit.






26. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






27. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






28. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






29. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






30. The inventory of all in-scope business processes and systems






31. Used to translate or transform data from lower layers into formats that the application layer can work with.






32. Support the functioning of the application controls






33. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






34. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






35. One of a database table's fields - whose value is unique.






36. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






37. PERT: shows the ______________ critical path.






38. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






39. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






40. The means by which management establishes and measures processes by which organizational objectives are achieved






41. The memory locations in the CPU where arithmetic values are stored.






42. Used to measure the relative maturity of an organization and its processes.






43. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.






44. To measure organizational performance and effectiveness against strategic goals.






45. (1.) Access controls (2.) Encryption (3.) Audit logging






46. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






47. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






48. An audit of a third-party organization that provides services to other organizations.






49. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






50. Lowest layer. Delivers messages (frames) from one station to another vial local network.