Test your basic knowledge |

CISA: Certified Information Systems Auditor

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.






2. An audit of a third-party organization that provides services to other organizations.






3. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.






4. Handle application processing






5. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret






6. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up






7. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.






8. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices






9. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.






10. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.






11. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools






12. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.






13. Support the functioning of the application controls






14. ITIL term used to describe the SDLC.






15. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.






16. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


17. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery






18. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.






19. The memory locations in the CPU where arithmetic values are stored.






20. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.






21. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance






22. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment






23. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation






24. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.






25. Used to measure the relative maturity of an organization and its processes.






26. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they






27. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls






28. The highest number of errors that can exist without a result being materially misstated.






29. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)






30. The maximum period of downtime for a process or application






31. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?






32. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.






33. Concerned with electrical and physical specifications for devices. No frames or packets involved.






34. Delivery of packets from one station to another - on the same network or on different networks.






35. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration






36. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.






37. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP






38. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25






39. Describes the effect on the business if a process is incapacitated for any appreciable time






40. Consists of two main packet transport protocols: TCP and UDP.






41. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.






42. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)






43. Gantt: used to display ______________.






44. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.






45. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase






46. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences






47. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect






48. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.






49. Used to estimate the effort required to develop a software program.






50. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample