CISA Certified Information Systems Auditor Certification Practice Test

The use of statistical sampling procedures helps minimize:

Options are :

  • Detection risk (Correct)
  • Propose new controls
  • Controls risk
  • Business risk

Answer : Detection risk

Company.com has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern?

Options are :

  • Acceptance testing is to be managed by users.
  • A quality plan is not part of the contracted deliverables (Correct)
  • Prototyping is being used to confirm that the system meets business requirements.
  • Not all business functions will be available on initial implementation.

Answer : A quality plan is not part of the contracted deliverables

How does the process of systems auditing benefit from using a risk-based approach to audit planning?

Options are :

  • Auditing resources are allocated to the areas of highest concern. (Correct)
  • Controls testing is more thorough.
  • Controls testing starts earlier
  • Auditing risk is reduced.

Answer : Auditing resources are allocated to the areas of highest concern.

A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and:

Options are :

  • waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using the sender's database.
  • dials back to the user machine based on the user id and password using a telephone number provided by the user during this connection.
  • waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using its database.
  • dials back to the user machine based on the user id and password using a telephone number from its database. (Correct)

Answer : dials back to the user machine based on the user id and password using a telephone number from its database.

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

Options are :

  • A substantive test of program library controls
  • A compliance test of the program compiler controls
  • A substantive test of the program compiler controls
  • A compliance test of program library controls (Correct)

Answer : A compliance test of program library controls

Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them?

Options are :

  • Management information systems
  • A neural network (Correct)
  • Database management software
  • Computer assisted audit techniques

Answer : A neural network

For which of the following applications would rapid recovery be MOST crucial?

Options are :

  • Regulatory reporting
  • Corporate planning
  • Point-of-sale system (Correct)
  • Departmental chargeback

Answer : Point-of-sale system

Which of the following network configuration options contains a direct link between any two host machines?

Options are :

  • Star
  • Completely connected (mesh) (Correct)
  • Bus
  • Ring

Answer : Completely connected (mesh)

Which of the following data validation edits is effective in detecting transposition and transcription errors?

Options are :

  • Check digit (Correct)
  • Validity check
  • Range check
  • Duplicate check

Answer : Check digit

A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing?

Options are :

  • Configuration management
  • Unit testing
  • Integration testing (Correct)
  • Design walk-throughs

Answer : Integration testing

Which of the following translates e-mail formats from one network to another so that the message can travel through all the networks?

Options are :

  • Concentrator/multiplexor
  • Protocol converter
  • Front-end communication processor
  • Gateway (Correct)

Answer : Gateway

After an IS auditor has identified threats and potential impacts, the auditor should

Options are :

  • Report on existing controls
  • Identify and evaluate the existing controls (Correct)
  • Conduct a business impact analysis (BIA)
  • Propose new controls

Answer : Identify and evaluate the existing controls

An IS auditor reviewing the key roles and responsibilities of the database administrator (DBA) is LEAST likely to expect the job description of the DBA to include:

Options are :

  • liaising with users in developing data model.
  • defining the conceptual schemA.
  • mapping data model with the internal schemA. (Correct)
  • defining security and integrity checks.

Answer : mapping data model with the internal schemA.

What is the primary objective of a control self-assessment (CSA) program?

Options are :

  • Elimination of the audit responsibility
  • Enhancement of the audit responsibility (Correct)
  • Replacement of the audit responsibility
  • Integrity of the audit responsibility

Answer : Enhancement of the audit responsibility

Which of the following is MOST likely to result from a business process reengineering (BPR) project?

Options are :

  • A weaker organizational structures and less accountability
  • An increased number of people using technology (Correct)
  • Increased information protection (IP) risk will increase
  • Significant cost savings, through a reduction in the complexity of information technology

Answer : An increased number of people using technology

A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it can:

Options are :

  • Increase audit accuracy
  • Reduce audit time (Correct)
  • Reduce audit costs
  • Identify high-risk areas that might need a detailed review later

Answer : Reduce audit time

Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks?

Options are :

  • Protocol converter
  • Front end processor (Correct)
  • Spool
  • Cluster controller

Answer : Front end processor

A data administrator is responsible for:

Options are :

  • developing data dictionary system software.
  • maintaining database system software.
  • defining data elements, data names and their relationship. (Correct)
  • developing physical database structures.

Answer : defining data elements, data names and their relationship.

An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST cost effective test of the DRP?

Options are :

  • Paper test
  • Regression test
  • Preparedness test (Correct)
  • Full operational test

Answer : Preparedness test

In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the

Options are :

  • subject CA.
  • registration authority (RA). (Correct)
  • policy management authority.
  • issuing certification authority (CA).

Answer : registration authority (RA).

Which of the following is a benefit of using callback devices?

Options are :

  • Can be used in a switchboard environment
  • Permit unlimited user mobility
  • Provide an audit trail (Correct)
  • Allow call forwarding

Answer : Provide an audit trail

To affix a digital signature to a message, the sender must first create a message digest by applying a cryptographic hashing algorithm against:

Options are :

  • any arbitrary part of the message and thereafter enciphering the message digest using the sender's private key.
  • the entire message and thereafter enciphering the message using the sender's private key
  • the entire message and thereafter enciphering the message digest using the sender's private key (Correct)
  • the entire message and thereafter enciphering the message along with the message digest using the sender's private key.

Answer : the entire message and thereafter enciphering the message digest using the sender's private key

Which of the following is a dynamic analysis tool for the purpose of testing software modules?

Options are :

  • Desk checking
  • Blackbox test (Correct)
  • Structured walk-through
  • Design and code

Answer : Blackbox test

The initial step in establishing an information security program is the:

Options are :

  • development and implementation of an information security standards manual
  • purchase of security access control software.
  • performance of a comprehensive security control review by the IS auditor.
  • adoption of a corporate information security policy statement. (Correct)

Answer : adoption of a corporate information security policy statement.

A control that detects transmission errors by appending calculated bits onto the end of each segment of data is known as a:

Options are :

  • check digits.
  • redundancy check (Correct)
  • parity check.
  • reasonableness check.

Answer : redundancy check

Structured programming is BEST described as a technique that:

Options are :

  • makes the readable coding reflect as closely as possible the dynamic execution of the program
  • reduces the maintenance time of programs by the use of small-scale program modules. (Correct)
  • provides knowledge of program functions to other programmers via peer reviews.
  • controls the coding and testing of the high-level functions of the program in the development process.

Answer : reduces the maintenance time of programs by the use of small-scale program modules.

A database administrator is responsible for:

Options are :

  • establishing ground rules for ensuring data integrity and security.
  • establishing operational standards for the data dictionary.
  • defining data ownership
  • creating the logical and physical database. (Correct)

Answer : creating the logical and physical database.

Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?

Options are :

  • Check digit
  • Reasonableness check
  • Completeness check (Correct)
  • Existence check

Answer : Completeness check

Set 1 : Certified Information Systems Auditor
Set 2 : Certified Information Systems Auditor
Set 3 : Certified Information Systems Auditor
Set 4 : Certified Information Systems Auditor
Set 5 : Certified Information Systems Auditor
Set 6 : Certified Information Systems Auditor

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions