Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






2. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug






3. The first major task in a disaster recovery or business continuity planning project.






4. The memory locations in the CPU where arithmetic values are stored.






5. The highest number of errors that can exist without a result being materially misstated.






6. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret






7. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






8. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






9. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






10. Delivery of packets from one station to another - on the same network or on different networks.






11. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.






12. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






13. To communication security policies - procedures - and other security-related information to an organization's employees.






14. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






15. Focuses on: post-event recovery and restoration of services






16. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.






17. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.






18. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg






19. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP






20. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






21. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






22. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






23. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






24. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review






25. An audit of operational efficiency.






26. (1.) TCP (2.) UDP






27. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






28. A representation of how closely a sample represents an entire population.






29. (1.) Link (2.) Internet (3.) Transport (4.) Application






30. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






31. The inventory of all in-scope business processes and systems






32. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






33. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they






34. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






35. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






36. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






37. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






38. Used to measure the relative maturity of an organization and its processes.






39. One of a database table's fields - whose value is unique.






40. Used to estimate the effort required to develop a software program.






41. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations






42. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






43. An audit that is performed in support of an anticipated or active legal proceeding.






44. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






45. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






46. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






47. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






48. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






49. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






50. Handle application processing