Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






2. To communication security policies - procedures - and other security-related information to an organization's employees.






3. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?






4. (1.) Link (2.) Internet (3.) Transport (4.) Application






5. IT Service Management is defined in ___________________ framework.






6. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






7. (1.) Access controls (2.) Encryption (3.) Audit logging






8. PERT: shows the ______________ critical path.






9. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






10. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






11. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






12. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






13. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






14. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






15. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






16. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






17. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






18. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






19. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






20. Used to determine which business processes are the most critical - by ranking them in order of criticality






21. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






22. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






23. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






24. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






25. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






26. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






27. Defines internal controls and provides guidance for assessing and improving internal control systems.






28. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






29. A collection of two or more servers that is designed to appear as a single server.






30. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






31. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






32. The maximum period of downtime for a process or application






33. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






34. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






35. The risk that an IS auditor will overlook errors or exceptions during an audit.






36. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






37. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






38. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






39. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






40. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






41. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






42. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






43. Focuses on: post-event recovery and restoration of services






44. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors






45. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






46. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






47. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






48. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






49. A sampling technique where at least one exception is sought in a population






50. (1.) Automatic (2.) Manual







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests