Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit of an IS department's operations and systems.






2. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






3. One of a database table's fields - whose value is unique.






4. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






5. Delivery of packets from one station to another - on the same network or on different networks.






6. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






7. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






8. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






9. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






10. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






11. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






12. (1.) Access controls (2.) Encryption (3.) Audit logging






13. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






14. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






15. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






16. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






17. An audit that is performed in support of an anticipated or active legal proceeding.






18. The means by which management establishes and measures processes by which organizational objectives are achieved






19. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






20. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






21. The memory locations in the CPU where arithmetic values are stored.






22. The main hardware component of a computer system - which executes instructions in computer programs.






23. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






24. Used to translate or transform data from lower layers into formats that the application layer can work with.






25. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.






26. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






27. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






28. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






29. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






30. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






31. Used to estimate the effort required to develop a software program.






32. Focuses on: post-event recovery and restoration of services






33. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






34. Lowest layer. Delivers messages (frames) from one station to another vial local network.






35. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






36. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






37. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






38. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






39. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


40. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






41. Defines internal controls and provides guidance for assessing and improving internal control systems.






42. A representation of how closely a sample represents an entire population.






43. (1.) Automatic (2.) Manual






44. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






45. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






46. The highest number of errors that can exist without a result being materially misstated.






47. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






48. Describes the effect on the business if a process is incapacitated for any appreciable time






49. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






50. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes