CISA Certification Test! Trivia Questions Quiz

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By AdewumiKoju

AdewumiKoju

Community Contributor

Quizzes Created: 810 | Total Attempts: 987,351

Questions: 10 | Attempts: 557 | Updated: Mar 22, 2023

Questions

Settings

Create your own Quiz

Share on Facebook Share on Twitter Share on Whatsapp Share on Pinterest Share on Email Copy to Clipboard Embed on your website

CISA Certification Test! Trivia Questions Quiz - Quiz

A Certified Information System Auditor is a trained personnel that helps business owners to grow at faster and better. Being a Certified Information System Auditor will give you the tools to save a business from hitting the rock. This quiz is packed with instructions, information, and questions that will help you to better become a competent CISA.

Questions and Answers

1.

The overall business risk of a particular threat can be expressed as:
- A.
  
  The magnitude of the impact of a threat source after exploiting possible loopholes.
- B.
  
  The magnitude of the impact a threat source before exploiting possible loopholes.
- C.
  
  The likelihood of a given threat-source by exploiting a given vulnerability.
- D.
  
  The collective judgment of the risk assessment team.
Correct Answer
A. The magnitude of the impact of a threat source after exploiting possible loopholes.

Explanation
The correct answer is "The magnitude of the impact of a threat source after exploiting possible loopholes." This answer suggests that the overall business risk of a particular threat can be determined by considering the potential impact of the threat source after it has successfully exploited any vulnerabilities or weaknesses in the system. This takes into account the potential damage that could occur once the threat has gained access to sensitive information or resources.

Rate this question:
2.

An IS auditor reviewing access to an application to determine whether the 10 most recent "new user" forms were correctly authorized. This is an example of: (Mark one answer)
- A.
  
  Variable sampling.
- B.
  
  Substantive testing.
- C.
  
  Compliance testing.
- D.
  
  Stop-or-go sampling.
Correct Answer
C. Compliance testing.

Explanation
The IS auditor is reviewing access to an application to determine whether the 10 most recent "new user" forms were correctly authorized. This activity is an example of compliance testing because it aims to assess whether the organization is adhering to the established policies, procedures, and regulations regarding user authorization. Compliance testing focuses on evaluating the effectiveness of controls and ensuring that the organization is in compliance with applicable laws and regulations.

Rate this question:
3.

An IS auditor is using a statistical sample to inventory the tape library. What type of test would this be considered?
- A.
  
  Substantive.
- B.
  
  Compliance
- C.
  
  Integrated
- D.
  
  Continuous audit
Correct Answer
A. Substantive.

Explanation
This test would be considered a substantive test because it is being used to gather evidence about the accuracy and completeness of the tape library inventory. Substantive tests are used to obtain assurance about the financial statement assertions, such as existence, completeness, and valuation.

Rate this question:
4.

Processing controls ensure that data is accurate and complete, and is processed only through which of the following? Choose the BEST answer.
- A.
  
  Documented routines
- B.
  
  Authorised routines.
- C.
  
  Accepted routines
- D.
  
  Approved routines
Correct Answer
B. Authorised routines.

Explanation
Processing controls ensure that data is accurate and complete, and is processed only through authorized routines. Authorized routines refer to processes or procedures that have been approved and granted permission to access and manipulate data. These routines are typically established by management or system administrators to ensure that only authorized personnel or systems can perform specific actions on the data. By using authorized routines, organizations can maintain control over the processing of data and reduce the risk of unauthorized access or manipulation.

Rate this question:
5.

What should be implemented as early as data preparation to support data integrity at the earliest point possible?
- A.
  
  Authentication controls
- B.
  
  Parity bits
- C.
  
  Authorisation controls
- D.
  
  Control totals.
Correct Answer
D. Control totals.

Explanation
Control totals should be implemented as early as data preparation to support data integrity at the earliest point possible. Control totals are used to verify the accuracy and completeness of data by comparing the total of a specific field to a predetermined value. By implementing control totals during data preparation, any discrepancies or errors in the data can be identified and corrected before further processing or analysis. This helps to ensure that the data remains accurate and reliable throughout the entire data lifecycle.

Rate this question:
6.

What is used as a control to detect loss, corruption, or duplication of data?
- A.
  
  Redundancy check
- B.
  
  Reasonableness check
- C.
  
  Hash totals.
- D.
  
  Accuracy check
Correct Answer
C. Hash totals.

Explanation
Hash totals are used as a control to detect loss, corruption, or duplication of data. A hash total is a mathematical value calculated from the data being transmitted or stored. It acts as a unique identifier for the data and can be used to verify its integrity. By comparing the hash total of the received data with the original hash total, any changes or errors in the data can be detected. This makes hash totals an effective method for ensuring the accuracy and reliability of data.

Rate this question:
7.

Business process re-engineering often results in _____ automation, which results in _____ number of people using technology.
- A.
  
  Increased; a fewer
- B.
  
  Increased; the same
- C.
  
  Less; a fewer
- D.
  
  Increased; a greater.
Correct Answer
D. Increased; a greater.

Explanation
Business process re-engineering involves redesigning and improving existing processes to increase efficiency and effectiveness. This often leads to increased automation, where more tasks and steps are automated using technology. As a result, a greater number of people are able to use technology to perform their tasks, leading to increased productivity and efficiency.

Rate this question:
8.

Above almost all other concerns, what often results in the greatest negative impact on the implementation of new application software?
- A.
  
  Lack of user training for the new system.
- B.
  
  Failing to perform user acceptance testing.
- C.
  
  Lack of software documentation and run manuals.
- D.
  
  Insufficient unit, module, and systems testing.
Correct Answer
B. Failing to perform user acceptance testing.

Explanation
Failing to perform user acceptance testing often results in the greatest negative impact on the implementation of new application software. User acceptance testing is crucial in ensuring that the software meets the requirements and expectations of the end-users. Without this testing, there is a high risk of deploying a system that does not meet user needs, leading to user dissatisfaction, decreased productivity, and potential financial losses. User acceptance testing helps identify any issues or discrepancies before the software is fully implemented, allowing for necessary adjustments and improvements to be made.

Rate this question:
9.

When should plans for testing for user acceptance be prepared?
- A.
  
  In the development phase of the systems-development project
- B.
  
  In the feasibility phase of the systems-development project
- C.
  
  In the requirements definition phase of the systems-development project.
- D.
  
  In the design phase of the systems-development project
Correct Answer
C. In the requirements definition phase of the systems-development project.

Explanation
In the requirements definition phase of the systems-development project, plans for testing for user acceptance should be prepared. This is because during this phase, the project team gathers and analyzes the requirements of the system from the user's perspective. By preparing the testing plans at this stage, the team can ensure that the system meets the user's expectations and requirements before proceeding to the development phase. This helps in identifying any gaps or discrepancies in the requirements and allows for adjustments to be made early on in the project lifecycle.

Rate this question:
10.

Data edits are implemented before processing and are considered which of the following?
- A.
  
  Detective integrity controls
- B.
  
  Preventative integrity controls
- C.
  
  Corrective integrity controls
- D.
  
  Deterrent integrity controls.
Correct Answer
A. Detective integrity controls

Explanation
Data edits are implemented before processing and are considered detective integrity controls. Detective integrity controls are designed to identify and detect errors or anomalies in data after they have occurred. In this case, data edits are used to check for errors or inconsistencies in the data before it is processed, allowing any issues to be detected and addressed before further processing takes place. This helps ensure the integrity and accuracy of the data.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 22, 2023

Quiz Edited by
ProProfs Editorial Team
Jun 22, 2019

Quiz Created by
AdewumiKoju

CISA Certification Test! Trivia Questions Quiz

The overall business risk of a particular threat can be expressed as:

An IS auditor reviewing access to an application to determine whether the 10 most recent "new user" forms were correctly authorized. This is an example of: (Mark one answer)

An IS auditor is using a statistical sample to inventory the tape library. What type of test would this be considered?

Processing controls ensure that data is accurate and complete, and is processed only through which of the following? Choose the BEST answer.

What should be implemented as early as data preparation to support data integrity at the earliest point possible?

What is used as a control to detect loss, corruption, or duplication of data?

Business process re-engineering often results in _____ automation, which results in _____ number of people using technology.

Above almost all other concerns, what often results in the greatest negative impact on the implementation of new application software?

When should plans for testing for user acceptance be prepared?

Data edits are implemented before processing and are considered which of the following?

Business process re-engineering often results in _ automation, which results in _ number of people using technology.