Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






2. Contains programs that communicate directly with the end user.






3. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






4. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






5. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






6. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






7. IT Service Management is defined in ___________________ framework.






8. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






9. One of a database table's fields - whose value is unique.






10. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






11. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






12. The means by which management establishes and measures processes by which organizational objectives are achieved






13. An audit that is performed in support of an anticipated or active legal proceeding.






14. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






15. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






16. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






17. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






18. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






19. Focuses on: post-event recovery and restoration of services






20. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






21. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






22. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






23. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






24. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






25. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






26. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






27. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide






28. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






29. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






30. An audit that combines an operational audit and a financial audit.






31. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






32. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.






33. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






34. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






35. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.






36. (1.) Objectives (2.) Components (3.) Business Units / Areas






37. To communication security policies - procedures - and other security-related information to an organization's employees.






38. 1.) Executive Support (2.) Well-defined roles and responsibilities.






39. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






40. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors






41. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






42. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.






43. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






44. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records






45. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






46. A maturity model that represents the aggregations of other maturity models.






47. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






48. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






49. Delivery of packets from one station to another - on the same network or on different networks.






50. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog