Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






2. The highest number of errors that can exist without a result being materially misstated.






3. A representation of how closely a sample represents an entire population.






4. (1.) General (2.) Application






5. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






6. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






7. Handle application processing






8. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






9. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






10. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






11. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






12. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






13. What type of testing is performed to determine if control procedures have proper design and are operating properly?






14. One of a database table's fields - whose value is unique.






15. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






16. Framework for auditing and measuring IT Service Management Processes.






17. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






18. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






19. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






20. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






21. (1.) Automatic (2.) Manual






22. An audit that combines an operational audit and a financial audit.






23. The memory locations in the CPU where arithmetic values are stored.






24. The risk that an IS auditor will overlook errors or exceptions during an audit.






25. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






26. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






27. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






28. The maximum period of downtime for a process or application






29. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






30. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






31. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






32. 1.) Executive Support (2.) Well-defined roles and responsibilities.






33. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






34. To communication security policies - procedures - and other security-related information to an organization's employees.






35. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


36. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






37. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






38. IT Governance is most concerned with ________.






39. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






40. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






41. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






42. Describes the effect on the business if a process is incapacitated for any appreciable time






43. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.






44. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






45. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






46. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






47. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






48. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






49. (1.) Objectives (2.) Components (3.) Business Units / Areas






50. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?