Toughest CISA Trivia Quiz For Auditors!

10 Questions

Settings
Toughest CISA Trivia Quiz For Auditors!

Certified Information System Auditors (CISA) is accepted worldwide in all industries. The program is designated for IS audit, control and security. The first Certified Information System Auditors examination was held in 1981. Today, CISA has over 50,000 candidates. Various industries across the globe are beginning to understand the importance of the CISA certification. This quiz will test your knowledge of CISA.


Questions and Answers
  • 1. 
    Which among the following is a risk of cross-training?
    • A. 

       Increases the dependence on one employee

    • B. 

      Does not assist in succession planning

    • C. 

      One employee may know all parts of a system.

    • D. 

      Does not help in achieving continuity in operations

  • 2. 
    Which of the following reduces the potential impact of social engineering attacks?
    • A. 

      Security awareness programs.

    • B. 

      Promoting ethical understanding

    • C. 

      Compliance with regulatory requirements

    • D. 

      Effective performance incentives.

  • 3. 
    An IS auditor reviewing an organization that uses cross-training practices should assess the risk of:
    • A. 

      Dependency on a single person.

    • B. 

      One person knowing all parts of a system. 

    • C. 

      Inadequate succession planning.

    • D. 

      Disruption of operations

  • 4. 
    Which of the following is the BEST performance criterion for evaluating the adequacy of an organization's security awareness training?
    • A. 

      The senior management is aware of critical information assets and demonstrates an adequate concern for their protection

    • B. 

      Job descriptions containing clear statements of accountability for information security. 

    • C. 

      In accordance with the degree of risk and business impact, there is no adequate funding for security efforts

    • D. 

      No actual incidents have occurred that have caused a loss or a public embarrassment.

  • 5. 
    To gain an understanding of the effectiveness of an organization's planning and management of investments in IT assets, an IS auditor should review the:  
    • A. 

      IT balanced scorecard (BSC).

    • B. 

      Enterprise data model.

    • C. 

      IT organizational structure.

    • D. 

      Historical financial statements

  • 6. 
    Which of the following activities performed by a database administrator (DBA) should be performed by a different person?
    • A. 

      Implementing database optimization tools.

    • B. 

      Monitoring database usage.

    • C. 

      Defining backup and recovery procedures.

    • D. 

      Deleting database activity logs.

  • 7. 
    Which of the following reduces the potential impact of social engineering attacks?
    • A. 

      Compliance with regulatory requirements.

    • B. 

      Promoting ethical understanding.

    • C. 

      Security awareness programs.

    • D. 

      Effective performance incentives.

  • 8. 
    An IS auditor should be concerned when a telecommunication analyst:
    • A. 

      Monitors systems performance and tracks problems arising from program changes.

    • B. 

      Reviews in the network load requirements in terms of current and future transaction volumes.

    • C. 

      Access the impact of the network load on terminal response times and network data transfer rates.

    • D. 

      Recommends network balancing procedures and improvements.

  • 9. 
    What should regression testing use to obtain accurate conclusions regarding the effects of changes or corrections to a program, and ensuring that those changes and corrections have not introduced new errors?
    • A. 

      Contrived data

    • B. 

      Independently created data

    • C. 

      Live data

    • D. 

      Data from previous tests.

  • 10. 
    An IS auditor should carefully review the functional requirements in a systems-development project to ensure that the project is designed to:
    • A. 

      Be culturally feasible

    • B. 

      Meet business objectives. 

    • C. 

      Enforce data security

    • D. 

      Be financially feasible