Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






2. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






3. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






4. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






5. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






6. Consists of two main packet transport protocols: TCP and UDP.






7. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






8. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






9. One of a database table's fields - whose value is unique.






10. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






11. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






12. Delivery of packets from one station to another - on the same network or on different networks.






13. The main hardware component of a computer system - which executes instructions in computer programs.






14. (1.) TCP (2.) UDP






15. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






16. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






17. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






18. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






19. To measure organizational performance and effectiveness against strategic goals.






20. An audit of an IS department's operations and systems.






21. Concerned with electrical and physical specifications for devices. No frames or packets involved.






22. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






23. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






24. An audit that combines an operational audit and a financial audit.






25. An audit of operational efficiency.






26. IT Service Management is defined in ___________________ framework.






27. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






28. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






29. What type of testing is performed to determine if control procedures have proper design and are operating properly?






30. (1.) Automatic (2.) Manual






31. The inventory of all in-scope business processes and systems






32. Defines internal controls and provides guidance for assessing and improving internal control systems.






33. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






34. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






35. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






36. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review






37. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






38. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






39. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






40. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






41. IT Governance is most concerned with ________.






42. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






43. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






44. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






45. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






46. Handle application processing






47. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






48. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret






49. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






50. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug