Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A maturity model that represents the aggregations of other maturity models.






2. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






3. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






4. ITIL term used to describe the SDLC.






5. Used to determine which business processes are the most critical - by ranking them in order of criticality






6. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.






7. IT Governance is most concerned with ________.






8. To measure organizational performance and effectiveness against strategic goals.






9. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






10. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.






11. IT Service Management is defined in ___________________ framework.






12. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management






13. Focuses on: post-event recovery and restoration of services






14. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg






15. The sum of all samples divided by the number of samples.






16. The main hardware component of a computer system - which executes instructions in computer programs.






17. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.






18. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






19. (1.) TCP (2.) UDP






20. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved






21. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient






22. Collections of Controls that work together to achieve an entire range of an organization's objectives.






23. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






24. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider






25. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac






26. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






27. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






28. (1.) General (2.) Application






29. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






30. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






31. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning






32. The highest number of errors that can exist without a result being materially misstated.






33. An audit of a third-party organization that provides services to other organizations.






34. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






35. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






36. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






37. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






38. Framework for auditing and measuring IT Service Management Processes.






39. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.






40. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.






41. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act






42. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






43. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






44. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.






45. Gantt: used to display ______________.






46. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.






47. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.






48. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.






49. (1.) Objectives (2.) Components (3.) Business Units / Areas






50. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk