Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified






2. ITIL term used to describe the SDLC.






3. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie






4. Lowest layer. Delivers messages (frames) from one station to another vial local network.






5. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






6. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






7. Delivery of packets from one station to another - on the same network or on different networks.






8. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






9. (1.) Access controls (2.) Encryption (3.) Audit logging






10. An audit of operational efficiency.






11. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






12. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






13. Focuses on: post-event recovery and restoration of services






14. Used to estimate the effort required to develop a software program.






15. A technique that is used to select a portion of a population when it is not feasible to test an entire population.






16. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.






17. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






18. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






19. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






20. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






21. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






22. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






23. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






24. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.






25. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.






26. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






27. Support the functioning of the application controls






28. Concerned with electrical and physical specifications for devices. No frames or packets involved.






29. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






30. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






31. Used to determine which business processes are the most critical - by ranking them in order of criticality






32. The sum of all samples divided by the number of samples.






33. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






34. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






35. (1.) Physical (2.) Technical (4.) Administrative






36. One of a database table's fields - whose value is unique.






37. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






38. (1.) Link (2.) Internet (3.) Transport (4.) Application






39. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






40. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






41. The highest number of errors that can exist without a result being materially misstated.






42. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.






43. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






44. To communication security policies - procedures - and other security-related information to an organization's employees.






45. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






46. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






47. An audit that is performed in support of an anticipated or active legal proceeding.






48. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP






49. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.






50. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.