Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An alternate processing center that contains no information processing equipment.






2. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






3. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






4. (1.) General (2.) Application






5. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






6. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






7. (1.) Automatic (2.) Manual






8. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






9. Defines internal controls and provides guidance for assessing and improving internal control systems.






10. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






11. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC






12. The memory locations in the CPU where arithmetic values are stored.






13. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






14. Guide program execution through organization of resources and development of clear project objectives.






15. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






16. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






17. Concerned with electrical and physical specifications for devices. No frames or packets involved.






18. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






19. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






20. The sum of all samples divided by the number of samples.






21. (1.) Access controls (2.) Encryption (3.) Audit logging






22. (1.) Physical (2.) Technical (4.) Administrative






23. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.






24. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






25. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






26. (1.) Objectives (2.) Components (3.) Business Units / Areas






27. Framework for auditing and measuring IT Service Management Processes.






28. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






29. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






30. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because






31. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






32. Used to measure the relative maturity of an organization and its processes.






33. To communication security policies - procedures - and other security-related information to an organization's employees.






34. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






35. The risk that an IS auditor will overlook errors or exceptions during an audit.






36. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






37. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






38. One of a database table's fields - whose value is unique.






39. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






40. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






41. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review






42. Collections of Controls that work together to achieve an entire range of an organization's objectives.






43. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






44. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






45. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






46. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






47. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






48. The main hardware component of a computer system - which executes instructions in computer programs.






49. Used to estimate the effort required to develop a software program.






50. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.