Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






2. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






3. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






4. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






5. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






6. Used to translate or transform data from lower layers into formats that the application layer can work with.






7. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






8. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






9. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






10. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






11. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






12. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






13. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






14. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






15. Consists of two main packet transport protocols: TCP and UDP.






16. Delivery of packets from one station to another - on the same network or on different networks.






17. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






18. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






19. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






20. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






21. Handle application processing






22. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






23. (1.) Objectives (2.) Components (3.) Business Units / Areas






24. Used to estimate the effort required to develop a software program.






25. What type of testing is performed to determine if control procedures have proper design and are operating properly?






26. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






27. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






28. IT Governance is most concerned with ________.






29. Used to determine which business processes are the most critical - by ranking them in order of criticality






30. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance






31. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






32. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review






33. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






34. Focuses on: post-event recovery and restoration of services






35. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






36. Gantt: used to display ______________.






37. The means by which management establishes and measures processes by which organizational objectives are achieved






38. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






39. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.






40. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






41. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






42. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






43. (1.) General (2.) Application






44. Defines internal controls and provides guidance for assessing and improving internal control systems.






45. To measure organizational performance and effectiveness against strategic goals.






46. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






47. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






48. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






49. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






50. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.