Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






2. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






3. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






4. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






5. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






6. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






7. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






8. An audit that is performed in support of an anticipated or active legal proceeding.






9. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






10. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






11. An audit of an IS department's operations and systems.






12. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






13. Used to translate or transform data from lower layers into formats that the application layer can work with.






14. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






15. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






16. A collection of two or more servers that is designed to appear as a single server.






17. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






18. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






19. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






20. Describes the effect on the business if a process is incapacitated for any appreciable time






21. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






22. The highest number of errors that can exist without a result being materially misstated.






23. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






24. (1.) General (2.) Application






25. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






26. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






27. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






28. Subjective sampling is used when the auditor wants to _________________________.






29. A sampling technique where at least one exception is sought in a population






30. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)






31. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






32. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






33. An alternate processing center that contains no information processing equipment.






34. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






35. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






36. IT Service Management is defined in ___________________ framework.






37. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






38. (1.) Objectives (2.) Components (3.) Business Units / Areas






39. (1.) Access controls (2.) Encryption (3.) Audit logging






40. The first major task in a disaster recovery or business continuity planning project.






41. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






42. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






43. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






44. Consists of two main packet transport protocols: TCP and UDP.






45. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






46. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






47. IT Governance is most concerned with ________.






48. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






49. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






50. Gantt: used to display ______________.