Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






2. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






3. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






4. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






5. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






6. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






7. Defines internal controls and provides guidance for assessing and improving internal control systems.






8. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






9. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






10. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






11. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






12. What type of testing is performed to determine if control procedures have proper design and are operating properly?






13. The highest number of errors that can exist without a result being materially misstated.






14. Used to determine which business processes are the most critical - by ranking them in order of criticality






15. A maturity model that represents the aggregations of other maturity models.






16. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they






17. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






18. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






19. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






20. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






21. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






22. Delivery of packets from one station to another - on the same network or on different networks.






23. The means by which management establishes and measures processes by which organizational objectives are achieved






24. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






25. Framework for auditing and measuring IT Service Management Processes.






26. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






27. To measure organizational performance and effectiveness against strategic goals.






28. Gantt: used to display ______________.






29. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






30. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






31. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






32. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






33. A collection of two or more servers that is designed to appear as a single server.






34. IT Service Management is defined in ___________________ framework.






35. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






36. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






37. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






38. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






39. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






40. (1.) Automatic (2.) Manual






41. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






42. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






43. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






44. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






45. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






46. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






47. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






48. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






49. An audit of a third-party organization that provides services to other organizations.






50. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.