Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






2. Disasters are generally grouped in terms of type: ______________.






3. Collections of Controls that work together to achieve an entire range of an organization's objectives.






4. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






5. Concerned with electrical and physical specifications for devices. No frames or packets involved.






6. (1.) Physical (2.) Technical (4.) Administrative






7. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






8. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






9. (1.) Objectives (2.) Components (3.) Business Units / Areas






10. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






11. A representation of how closely a sample represents an entire population.






12. Used to estimate the effort required to develop a software program.






13. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






14. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






15. The maximum period of downtime for a process or application






16. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


17. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






18. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






19. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






20. Used to determine which business processes are the most critical - by ranking them in order of criticality






21. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






22. The sum of all samples divided by the number of samples.






23. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






24. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






25. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






26. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.






27. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






28. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






29. An audit that combines an operational audit and a financial audit.






30. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






31. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.






32. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






33. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






34. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






35. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






36. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






37. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






38. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






39. The first major task in a disaster recovery or business continuity planning project.






40. An alternate processing center that contains no information processing equipment.






41. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






42. Gantt: used to display ______________.






43. To communication security policies - procedures - and other security-related information to an organization's employees.






44. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






45. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






46. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






47. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






48. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






49. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






50. Handle application processing