Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret






2. The memory locations in the CPU where arithmetic values are stored.






3. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






4. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






5. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review






6. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






7. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






8. ITIL term used to describe the SDLC.






9. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






10. Contains programs that communicate directly with the end user.






11. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






12. Used to measure the relative maturity of an organization and its processes.






13. IT Service Management is defined in ___________________ framework.






14. The highest number of errors that can exist without a result being materially misstated.






15. An audit that is performed in support of an anticipated or active legal proceeding.






16. A sampling technique where at least one exception is sought in a population






17. Handle application processing






18. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






19. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






20. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






21. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






22. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






23. An audit of a third-party organization that provides services to other organizations.






24. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






25. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






26. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






27. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






28. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






29. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






30. The main hardware component of a computer system - which executes instructions in computer programs.






31. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






32. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






33. A representation of how closely a sample represents an entire population.






34. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






35. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






36. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






37. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






38. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






39. Describes the effect on the business if a process is incapacitated for any appreciable time






40. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






41. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






42. The inventory of all in-scope business processes and systems






43. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






44. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors






45. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






46. Concerned with electrical and physical specifications for devices. No frames or packets involved.






47. An alternate processing center that contains no information processing equipment.






48. Lowest layer. Delivers messages (frames) from one station to another vial local network.






49. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun






50. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.