CISA Certified Information Systems Auditor Certification Practice Test

Library control software restricts source code to:

Options are :

  • Write-only access
  • Full access
  • Read-write access
  • Read-only access (Correct)

Answer : Read-only access

What is an edit check to determine whether a field contains valid data?

Options are :

  • Reasonableness check
  • Accuracy check
  • Redundancy check
  • Completeness check (Correct)

Answer : Completeness check

What type of BCP test uses actual resources to simulate a system crash and validate the plan's effectiveness?

Options are :

  • . Preparedness (Correct)
  • Parallel
  • Paper
  • Walk-through

Answer : . Preparedness

Whenever an application is modified, what should be tested to determine the full impact of the change? Choose the BEST answer.

Options are :

  • All programs, including interface systems with other applications or systems
  • Interface systems with other applications or systems
  • Mission-critical functions and any interface systems with other applications or systems
  • The entire program, including any interface systems with other applications or systems (Correct)

Answer : The entire program, including any interface systems with other applications or systems

______________ risk analysis is not always possible because the IS auditor is attempting to calculate risk using no quantifiable threats and potential losses. In this event, a ______________ risk assessment is more appropriate. Fill in the blanks.

Options are :

  • Quantitative; subjective
  • Quantitative; qualitative (Correct)
  • Residual; subjective
  • Qualitative; quantitative

Answer : Quantitative; qualitative

If an IS auditor observes that individual modules of a system perform correctly in development project tests, the auditor should inform management of the positive results and recommend further:

Options are :

  • Comprehensive integration testing (Correct)
  • Full regression testing
  • Full unit testing
  • Documentation development

Answer : Comprehensive integration testing

When are benchmarking partners identified within the benchmarking process?

Options are :

  • In the development stage
  • In the design stage
  • In the research stage (Correct)
  • In the testing stage

Answer : In the research stage

Which of the following is of greatest concern to the IS auditor?

Options are :

  • Failure to prevent a successful attack on the network
  • Failure to recover from a successful attack on the network
  • Failure to report a successful attack on the network (Correct)
  • Failure to detect a successful attack on the network

Answer : Failure to report a successful attack on the network

When storing data archives off-site, what must be done with the data to ensure data completeness?

Options are :

  • The data must be normalized.
  • The data must be parallel-tested.
  • The data must be synchronized. (Correct)
  • The data must be validated

Answer : The data must be synchronized.

What is often the most difficult part of initial efforts in application development? Choose the BEST answer

Options are :

  • Planning security
  • Determining time and resource requirements (Correct)
  • Configuring hardware
  • Configuring software

Answer : Determining time and resource requirements

Parity bits are a control used to validate:

Options are :

  • Data completeness (Correct)
  • Data authentication
  • Data accuracy
  • Data source

Answer : Data completeness

Network environments often add to the complexity of program-to-program communication, making the implementation and maintenance of application systems more difficult. True or false?

Options are :

  • FALSE
  • TRUE (Correct)

Answer : TRUE

Who assumes ownership of a systems-development project and the resulting system?

Options are :

  • Project steering committee
  • User management (Correct)
  • Systems developers
  • IT management

Answer : User management

When is regression testing used to determine whether new application changes have introduced any errors in the remaining unchanged code?

Options are :

  • In change management
  • In program feasibility studies
  • In program development
  • In program development and change management (Correct)

Answer : In program development and change management

What is a reliable technique for estimating the scope and cost of a software-development project?

Options are :

  • Feature point analysis (FPA)
  • GANTT
  • Function point analysis (FPA) (Correct)
  • PERT

Answer : Function point analysis (FPA)

Although BCP and DRP are often implemented and tested by middle management and end users, the ultimate responsibility and accountability for the plans remain with executive management, such as the _______________. (fill-in-the-blank)

Options are :

  • Financial auditor
  • Security administrator
  • Systems auditor
  • Board of directors (Correct)

Answer : Board of directors

Of the three major types of off-site processing facilities, what type is characterized by at least providing for electricity and HVAC?

Options are :

  • Hot site
  • Cold site (Correct)
  • Warm site
  • Alternate site

Answer : Cold site

Obtaining user approval of program changes is very effective for controlling application changes and maintenance. True or false?

Options are :

  • TRUE (Correct)
  • FALSE

Answer : TRUE

An intentional or unintentional disclosure of a password is likely to be evident within control logs. True or false?

Options are :

  • TRUE
  • FALSE (Correct)

Answer : FALSE

Fourth-Generation Languages (4GLs) are most appropriate for designing the application's graphical user interface (GUI). They are inappropriate for designing any intensive data-calculation procedures. True or false?

Options are :

  • TRUE (Correct)
  • FALSE

Answer : TRUE

What can be used to help identify and investigate unauthorized transactions? Choose the BEST answer.

Options are :

  • Data-mining techniques (Correct)
  • Reasonableness checks
  • Postmortem review
  • Expert systems

Answer : Data-mining techniques

What is a primary high-level goal for an auditor who is reviewing a system development project?

Options are :

  • To ensure that proper approval for the project has been obtained
  • To ensure that business objectives are achieved (Correct)
  • To ensure that programming and processing environments are segregated
  • To ensure that projects are monitored and administrated effectively

Answer : To ensure that business objectives are achieved

What influences decisions regarding criticality of assets?

Options are :

  • The business criticality of the data to be protected
  • The business criticality of the data to be protected, and the scope of the impact upon the organization as a whole (Correct)
  • Internal corporate politics
  • The business impact analysis

Answer : The business criticality of the data to be protected, and the scope of the impact upon the organization as a whole

Which type of major BCP test only requires representatives from each operational area to meet to review the plan?

Options are :

  • Paper
  • Parallel
  • Walk-thorough (Correct)
  • Preparedness

Answer : Walk-thorough

Which of the following is a program evaluation review technique that considers different scenarios for planning and control projects?

Options are :

  • PERT (Correct)
  • GANTT
  • Function Point Analysis (FPA)
  • Rapid Application Development (RAD)

Answer : PERT

The quality of the metadata produced from a data warehouse is _______________ in the warehouse's design. Choose the BEST answer.

Options are :

  • The most important consideration (Correct)
  • Independent of the quality of the warehoused databases
  • Of secondary importance to data warehouse content
  • Often hard to determine because the data is derived from a heterogeneous data environment

Answer : The most important consideration

Any changes in systems assets, such as replacement of hardware, should be immediately recorded within the assets inventory of which of the following? Choose the BEST answer.

Options are :

  • IT strategic plan
  • Business impact analysis
  • Incident response plan
  • Business continuity plan (Correct)

Answer : Business continuity plan

Which of the following can help detect transmission errors by appending specially calculated bits onto the end of each segment of data?

Options are :

  • Completeness check
  • Parity check
  • Accuracy check
  • Redundancy check (Correct)

Answer : Redundancy check

Which of the following is the MOST critical step in planning an audit?

Options are :

  • Testing controls
  • Identifying high-risk audit targets (Correct)
  • Implementing a prescribed auditing framework such as COBIT
  • Identifying current controls

Answer : Identifying high-risk audit targets

What is/are used to measure and ensure proper network capacity management and availability of services? Choose the BEST answer.

Options are :

  • Syslog reporting
  • IT strategic planning
  • Network component redundancy
  • Network performance-monitoring tools (Correct)

Answer : Network performance-monitoring tools

Which of the following is of greatest concern when performing an IS audit?

Options are :

  • Users' ability to indirectly modify the database
  • Users' ability to directly view the database
  • Users' ability to directly modify the database (Correct)
  • Users' ability to submit queries to the database

Answer : Users' ability to directly modify the database

Rather than simply reviewing the adequacy of access control, appropriateness of access policies, and effectiveness of safeguards and procedures, the IS auditor is more concerned with effectiveness and utilization of assets. True or false?

Options are :

  • FALSE (Correct)
  • TRUE

Answer : FALSE

Proper segregation of duties does not prohibit a quality control administrator from also being responsible for change control and problem management. True or false?

Options are :

  • FALSE
  • TRUE (Correct)

Answer : TRUE

Organizations should use off-site storage facilities to maintain _________________ (fill in the blank) of current and critical information within backup files. Choose the BEST answer.

Options are :

  • Redundancy (Correct)
  • . Integrity
  • Concurrency
  • Confidentiality

Answer : Redundancy

Which of the following fire-suppression methods is considered to be the most environmentally friendly?

Options are :

  • Halon gas
  • Deluge sprinklers
  • Wet-pipe sprinklers
  • Dry-pipe sprinklers (Correct)

Answer : Dry-pipe sprinklers

Which of the following are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem? Choose the BEST answer.

Options are :

  • Expert systems
  • Multitasking applications
  • Neural networks (Correct)
  • Integrated synchronized systems

Answer : Neural networks

What should IS auditors always check when auditing password files?

Options are :

  • That password files are encrypted (Correct)
  • That password files are not accessible over the network
  • That deleting password files is protected
  • That password files are archived

Answer : That password files are encrypted

What process allows IS management to determine whether the activities of the organization differ from the planned or expected levels? Choose the BEST answer.

Options are :

  • Risk assessment
  • Business impact assessment
  • IS assessment methods D. Key performance indicators (Correct)
  • Key performance indicators (KPIs)

Answer : IS assessment methods D. Key performance indicators

Set 1 : Certified Information Systems Auditor
Set 2 : Certified Information Systems Auditor
Set 3 : Certified Information Systems Auditor
Set 4 : Certified Information Systems Auditor
Set 5 : Certified Information Systems Auditor
Set 6 : Certified Information Systems Auditor

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions