CISA EXAM QUESTIONS WITH
COMPLETE SOLUTIONS
Chapter 1 - correct answer ✔✔
Source code - correct answer ✔✔ uncompiled, archive code
Object code - correct answer ✔✔ compiled code that is distributed and put into production; not
able to be read by humans
Inherent risk - correct answer ✔✔ the risk that an error could occur assuming no compensating
control exist
Control risk - correct answer ✔✔ the risk that an error exists that would not be prevented by
internal controls
Detection risk - correct answer ✔✔ the risk that an error exists, but is not detected. The risk
that an IS auditor may use an inadequate test procedure and conclude that no material error
exists when in fact errors do exist.
Audit risk - correct answer ✔✔ the overall level of risk; the level of risk the auditor is prepared
to accept.
Compliance testing - correct answer ✔✔ determines if controls are being applied in a manner
that complies with mgmt's policies and procedures
,Substantive testing - correct answer ✔✔ evaluates the integrity of individual transactions, data,
and other information.
Regression testing - correct answer ✔✔ used to retest earlier program abends that occurred
during the initial testing phase.
Sociability testing - correct answer ✔✔ to ensure the application works as expected in the
specified environment where other applications run concurrently. Includes testing of interfaces
with other systems.
Parallel testing - correct answer ✔✔ Feeding test data into two systems and comparing the
results.
White box testing - correct answer ✔✔ test the software's program logic.
Black box testing - correct answer ✔✔ Testing the functional operating effectiveness without
regard to internal program structure.
Redundancy check - correct answer ✔✔ detects transmission errors by appending calculated
bits onto the end of each segment of data.
Variable sampling - correct answer ✔✔ used to estimate the average or total value of a
population.
Discovery sampling - correct answer ✔✔ used to determine the probability of finding an
attribute in a population.
Attribute sampling - correct answer ✔✔ selecting items from a population based on a common
attribute. Used for compliance testing.
, Chapter 2 - correct answer ✔✔
Steering Committee - correct answer ✔✔ Appointed by senior management. Serves as a
general review board for projects and acquisitions... not involved in routine operations. The
committee should include representatives from senior management, user management, and
the IS department. Escalates issues to senior management.
Request for Proposal (RFP) - correct answer ✔✔ A document distributed to software vendors
requesting their submission of a proposal to develop or provide a software product. RFP should
include: Project Overview, Key Requirements and Constraints, Scope Limitations, Vendor
questionnaire, customer references, demonstrations, etc.
Quality Assurance - correct answer ✔✔ Check to verify policies are followed.
Quality Control - correct answer ✔✔ Check to verify free from defects.
Bottom-up approach for policy development - correct answer ✔✔ begins by defining
operational-level requirements and policies which are derived and implemented as a result of a
risk assessment.
Chapter 3 - correct answer ✔✔
OSI Model - correct answer ✔✔ All People Seem To Need Dominos Pizza
Layer 7 - Application layer - correct answer ✔✔ The application layer interfaces directly to and
performs common application services for the application processes.
COMPLETE SOLUTIONS
Chapter 1 - correct answer ✔✔
Source code - correct answer ✔✔ uncompiled, archive code
Object code - correct answer ✔✔ compiled code that is distributed and put into production; not
able to be read by humans
Inherent risk - correct answer ✔✔ the risk that an error could occur assuming no compensating
control exist
Control risk - correct answer ✔✔ the risk that an error exists that would not be prevented by
internal controls
Detection risk - correct answer ✔✔ the risk that an error exists, but is not detected. The risk
that an IS auditor may use an inadequate test procedure and conclude that no material error
exists when in fact errors do exist.
Audit risk - correct answer ✔✔ the overall level of risk; the level of risk the auditor is prepared
to accept.
Compliance testing - correct answer ✔✔ determines if controls are being applied in a manner
that complies with mgmt's policies and procedures
,Substantive testing - correct answer ✔✔ evaluates the integrity of individual transactions, data,
and other information.
Regression testing - correct answer ✔✔ used to retest earlier program abends that occurred
during the initial testing phase.
Sociability testing - correct answer ✔✔ to ensure the application works as expected in the
specified environment where other applications run concurrently. Includes testing of interfaces
with other systems.
Parallel testing - correct answer ✔✔ Feeding test data into two systems and comparing the
results.
White box testing - correct answer ✔✔ test the software's program logic.
Black box testing - correct answer ✔✔ Testing the functional operating effectiveness without
regard to internal program structure.
Redundancy check - correct answer ✔✔ detects transmission errors by appending calculated
bits onto the end of each segment of data.
Variable sampling - correct answer ✔✔ used to estimate the average or total value of a
population.
Discovery sampling - correct answer ✔✔ used to determine the probability of finding an
attribute in a population.
Attribute sampling - correct answer ✔✔ selecting items from a population based on a common
attribute. Used for compliance testing.
, Chapter 2 - correct answer ✔✔
Steering Committee - correct answer ✔✔ Appointed by senior management. Serves as a
general review board for projects and acquisitions... not involved in routine operations. The
committee should include representatives from senior management, user management, and
the IS department. Escalates issues to senior management.
Request for Proposal (RFP) - correct answer ✔✔ A document distributed to software vendors
requesting their submission of a proposal to develop or provide a software product. RFP should
include: Project Overview, Key Requirements and Constraints, Scope Limitations, Vendor
questionnaire, customer references, demonstrations, etc.
Quality Assurance - correct answer ✔✔ Check to verify policies are followed.
Quality Control - correct answer ✔✔ Check to verify free from defects.
Bottom-up approach for policy development - correct answer ✔✔ begins by defining
operational-level requirements and policies which are derived and implemented as a result of a
risk assessment.
Chapter 3 - correct answer ✔✔
OSI Model - correct answer ✔✔ All People Seem To Need Dominos Pizza
Layer 7 - Application layer - correct answer ✔✔ The application layer interfaces directly to and
performs common application services for the application processes.
