Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






2. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






3. Collections of Controls that work together to achieve an entire range of an organization's objectives.






4. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






5. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






6. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.






7. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






8. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






9. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






10. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






11. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






12. The memory locations in the CPU where arithmetic values are stored.






13. An audit of a third-party organization that provides services to other organizations.






14. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






15. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






16. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






17. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






18. Used to estimate the effort required to develop a software program.






19. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






20. The maximum period of downtime for a process or application






21. (1.) Physical (2.) Technical (4.) Administrative






22. ITIL term used to describe the SDLC.






23. What type of testing is performed to determine if control procedures have proper design and are operating properly?






24. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






25. An alternate processing center that contains no information processing equipment.






26. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






27. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






28. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






29. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






30. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






31. (1.) Objectives (2.) Components (3.) Business Units / Areas






32. Concerned with electrical and physical specifications for devices. No frames or packets involved.






33. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






34. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






35. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






36. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






37. The first major task in a disaster recovery or business continuity planning project.






38. The inventory of all in-scope business processes and systems






39. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






40. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






41. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






42. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






43. PERT: shows the ______________ critical path.






44. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






45. A representation of how closely a sample represents an entire population.






46. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






47. IT Governance is most concerned with ________.






48. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






49. Contains programs that communicate directly with the end user.






50. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests