Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






2. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes






3. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






4. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






5. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






6. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






7. To measure organizational performance and effectiveness against strategic goals.






8. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






9. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






10. Concerned with electrical and physical specifications for devices. No frames or packets involved.






11. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event






12. Used to translate or transform data from lower layers into formats that the application layer can work with.






13. One of a database table's fields - whose value is unique.






14. Delivery of packets from one station to another - on the same network or on different networks.






15. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






16. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






17. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new






18. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.






19. A maturity model that represents the aggregations of other maturity models.






20. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






21. (1.) Objectives (2.) Components (3.) Business Units / Areas






22. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






23. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.






24. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






25. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






26. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






27. (1.) Link (2.) Internet (3.) Transport (4.) Application






28. Defines internal controls and provides guidance for assessing and improving internal control systems.






29. Used to estimate the effort required to develop a software program.






30. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






31. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






32. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






33. The first major task in a disaster recovery or business continuity planning project.






34. Guide program execution through organization of resources and development of clear project objectives.






35. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






36. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






37. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






38. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






39. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






40. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






41. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






42. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






43. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)






44. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






45. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






46. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP






47. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






48. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.






49. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






50. The highest number of errors that can exist without a result being materially misstated.