Topic 2: Exam Pool B
Which of the following is the GREATEST risk resulting from conducting periodic reviews of IT over several years based on the same audit program?
A.
The amount of errors with increase because the routine work promotes r\attentiveness.
B.
Staff turnover in the audit department will increase because fieldwork becomes less interesting.
C.
risk is increased because auditees already know the audit program.
D.
Audit risk is increased because the programs might not be adapted to the organization s current situation.
Audit risk is increased because the programs might not be adapted to the organization s current situation.
During an audit, it is discovered that several suppliers with standing orders have been deleted from the supplier master file Which of the following controls would have BEST evented such an occurrence?
A.
Existence check
B.
Table look-ups
C.
Logical relationship check
D.
Referential integrity developed
Logical relationship check
Which of the following is MOST important for an IS auditor to verify during a disaster recovery audit?
A.
Regular backups are made and stored offsite.
B.
Media are stored in fireproof cabmen.
C.
Disaster recovery tests are carried out.
D.
The disaster recovery plan is updated on a regular basis
Disaster recovery tests are carried out.
Which of the following an IS audit, which of the following types of risk would be MOST critical to communicate to key stakeholders?
A.
inherent
B.
Audit
C.
Residual
D.
Control
Residual
Which of the following is the BEST approach to verify that internal help desk procedures are executed in compliance with policies?
A.
Test a sample of closed tickets.
B.
Benchmark help desk procedures.
C.
Evaluate help desk call metrics.
D.
Interview end users
Test a sample of closed tickets.
An IS auditor is reviewing an organization's sales and purchasing system due to ongoing data quality issues. An analysis of which of the following would provide the MOST useful formation to determine the revenue loss?
A.
Correlation between data errors and loss in value of transaction
B.
Correlation between the number of issues and average downtime
C.
Cost of implementing data validation controls within the system
D.
Comparison of the cost of data acquisition and loss in sales revenue
Correlation between data errors and loss in value of transaction
Which of the following should be of concern to an IS auditor performing a software audit on virtual machines?
A.
Applications have not been approved by the CFO.
B.
Multiple users can access critical applications
C.
Software licensing does not support virtual machines.
D.
Software has been installed on virtual machines by privileged users.
Software licensing does not support virtual machines.
Which of the following would be the PRIMARY benefit of replacing physical keys with an electronic badge system for access to a data center?
A.
Tracking employee work hours
B.
Increasing reliability
C.
Increasing accountability
D.
Maintaining compliance
Increasing accountability
During an audit of the organization's data privacy policy, the IS auditor identified that only some IT application databases have encryption in place. What should be the auditors
FIRST action?
A.
Assess the resources required to implement encryption to unencrypted databases
B.
Review the most recent database penetration testing results
C.
Determine whether compensating controls are in place
D.
Review a comprehensive list of databases with the information they contain.
Determine whether compensating controls are in place
Which of the following is a prerequisite to help ensure that IS hardware and software support the delivery of mission-critical functions?
A.
Control over IS infrastructure expenditure
B.
A comprehensive IS applications architecture
C.
Documented emergency change procedures
D.
An independent audit of the process
An independent audit of the process
Which of the following metrics would be MOST helpful to an IS auditor in evaluating an organizations security incident response management capability?
A.
Number of business interruptions due to IT security incidents per year
B.
Number of malware infections in business applications detected per day
C.
Number of alerts generated by intrusion detection systems (IDS) per minute
D.
Number of IT security incidents reported per month
Number of business interruptions due to IT security incidents per year
MOST effective way to determine if IT is meeting business requirements is to establish:
A.
a capability model.
B.
industry benchmarks
C.
key performance indicators (KPls).
D.
organizational goals.
key performance indicators (KPls).
| Page 15 out of 85 Pages |
| 23456789101112131415161718192021222324252627 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved