Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






2. IT Governance is most concerned with ________.






3. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






4. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






5. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






6. Framework for auditing and measuring IT Service Management Processes.






7. A representation of how closely a sample represents an entire population.






8. (1.) General (2.) Application






9. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample






10. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






11. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






12. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






13. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






14. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






15. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






16. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






17. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.






18. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they






19. To communication security policies - procedures - and other security-related information to an organization's employees.






20. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






21. The inventory of all in-scope business processes and systems






22. ITIL term used to describe the SDLC.






23. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






24. An audit of operational efficiency.






25. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






26. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






27. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






28. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






29. The main hardware component of a computer system - which executes instructions in computer programs.






30. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






31. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






32. The sum of all samples divided by the number of samples.






33. Subjective sampling is used when the auditor wants to _________________________.






34. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






35. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






36. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






37. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






38. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






39. Delivery of packets from one station to another - on the same network or on different networks.






40. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number






41. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






42. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






43. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






44. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






45. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






46. (1.) Objectives (2.) Components (3.) Business Units / Areas






47. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






48. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






49. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






50. Consists of two main packet transport protocols: TCP and UDP.