Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.






2. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation






3. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog






4. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.






5. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






6. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom






7. The memory locations in the CPU where arithmetic values are stored.






8. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review






9. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)






10. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them






11. Support the functioning of the application controls






12. Disasters are generally grouped in terms of type: ______________.






13. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS






14. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






15. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.






16. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc






17. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






18. Lowest layer. Delivers messages (frames) from one station to another vial local network.






19. (1.) Developers (2.) Architects (3.) Analysts (4.) Users






20. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






21. The sum of all samples divided by the number of samples.






22. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.






23. Gantt: used to display ______________.






24. (1.) Automatic (2.) Manual






25. An audit of operational efficiency.






26. IT Governance is most concerned with ________.






27. The risk that an IS auditor will overlook errors or exceptions during an audit.






28. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






29. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?






30. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?






31. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.






32. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk






33. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications






34. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication






35. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the






36. Used to determine which business processes are the most critical - by ranking them in order of criticality






37. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






38. Describes the effect on the business if a process is incapacitated for any appreciable time






39. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co






40. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.






41. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






42. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review






43. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.






44. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose






45. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.






46. (1.) Link (2.) Internet (3.) Transport (4.) Application






47. The inventory of all in-scope business processes and systems






48. An estimate that expresses the percent of errors or exceptions that may exist in an entire population






49. Contains programs that communicate directly with the end user.






50. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools