Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.






2. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






3. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.






4. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






5. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.






6. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity






7. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






8. IT Service Management is defined in ___________________ framework.






9. The maximum period of downtime for a process or application






10. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






11. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






12. Disasters are generally grouped in terms of type: ______________.






13. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.






14. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.






15. Used to determine which business processes are the most critical - by ranking them in order of criticality






16. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk






17. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






18. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components






19. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






20. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






21. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.






22. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






23. An audit that combines an operational audit and a financial audit.






24. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






25. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






26. One of a database table's fields - whose value is unique.






27. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






28. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.






29. A representation of how closely a sample represents an entire population.






30. Framework for auditing and measuring IT Service Management Processes.






31. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






32. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






33. Delivery of packets from one station to another - on the same network or on different networks.






34. A maturity model that represents the aggregations of other maturity models.






35. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






36. An audit of an IS department's operations and systems.






37. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






38. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.






39. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine






40. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






41. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.






42. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana






43. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.






44. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






45. Focuses on: post-event recovery and restoration of services






46. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






47. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






48. An audit of a third-party organization that provides services to other organizations.






49. (1.) General (2.) Application






50. (1.) Link (2.) Internet (3.) Transport (4.) Application







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests