Topic 6: Exam Pool (Jul-Aug)
An IS auditor is reviewing an organization's sales and purchasing system due to ongoing data quality issues.
An analysis of which of the following would provide the MOST useful formation to determine the revenue
loss?
A.
Correlation between data errors and loss in value of transaction
B.
Correlation between the number of issues and average downtime
C.
Cost of implementing data validation controls within the system
D.
Comparison of the cost of data acquisition and loss in sales revenue
Correlation between data errors and loss in value of transaction
Which of the following is the BEST way to evaluate the effectiveness of access controls to an internal
network?
A.
Perform a system penetration rest
B.
Test compliance with operating procedures
C.
Review access rights
D.
Review router configuration tables
Perform a system penetration rest
Which of the following would present the GREATEST risk to the effectiveness of a security operations center
for a global financial institution processing transactions 24×7?
A.
Incident response reporting is based on open source software.
B.
Incident response is conducted from a single location during normal business hours.
C.
Correlation of events excludes logs for pre-production systems.
D.
The incident response function is outsourced to a third-party provider.
Incident response is conducted from a single location during normal business hours.
An organization has made a strategic decision to split into separate operating entities to improve profitability.
However, the IT infrastructure remains shared between the entities. Which of the following would BEST help
to
ensure that IS audit still covers key risk areas within the IT environment as part of its annual plan?
A.
Increasing the frequency of risk-based IS audits for each business entity
B.
Revising IS audit plans to focus on IT changes introduced after the split
C.
Conducting an audit of newly introduced IT policies and procedures
D.
Developing a risk-based plan considering each entity’s business processes
D18912E1457D5D1DDCBD40AB3BF70D5D
Revising IS audit plans to focus on IT changes introduced after the split
An organization’s IT security policy states that user ID’s must uniquely identify individual’s and that user
should not disclose their passwords. An IS auditor discovers that several generic user ID’s are being used.
Which of the following is the MOST appropriate course of action for the auditor?
A.
Recommend a change in security policy
B.
Include the finding in the final audit report.
C.
Investigate the noncompliance.
D.
Recommend disciplinary action.
Investigate the noncompliance.
As part of a follow-up of a previous year’s audit, an IS auditor has increased the expected error rate for a
sample. The impact will be:
A.
required sample size increases.
B.
sampling risk decreases.
C.
degree of assurance increases.
D.
standard deviation decreases.
degree of assurance increases.
Due to limited storage capacity, an organization has decided to reduce the actual retention period for media
containing completed low-value transactions. Which of the following is MOST important for the organization
to
ensure?
A.
The policy includes a strong risk-based approach.
B.
The retention period allows for review during the year-end audit.
C.
The total transaction amount has no impact on financial reporting.
D.
The retention period complies with data owner responsibilities.
The policy includes a strong risk-based approach.
A PRIMARY benefit derived by an organization employing control self-assessment (CSA) techniques s that
CSA.
A.
Allow management to relinquish responsibilities of control
B.
Allows IS auditors 10 independently assess risk
C.
Can identify high-risk areas for detailed review
D.
Can be used as a replacement for traditional audits
Can identify high-risk areas for detailed review
A digital signature addresses which of the following concerns?
A.
Unauthorized reading
B.
Message alteration
C.
Message copying
D.
Message theft
Message alteration
During a post-implementation review, a step in determining whether a project met user requirements is to
review the:
A.
completeness of user documentation
B.
integrity of key calculations
C.
effectiveness of user training
D.
change requests initiated after go-live
change requests initiated after go-live
Which of the following is the GREATEST cause for concern when an organization is planning to migrate
business-critical applications to the cloud using a Platform as a Service (PaaS) model?
A.
The organization will not manage operating system patches.
B.
The cloud provider does not offer regional redundancy.
C.
Compliance requirements are not being validated.
D.
Application data will not be encrypted at rest.
Application data will not be encrypted at rest.
Which of the following would be of GREATEST concern to an IS auditor when auditing a small
organization's purchasing department?
A.
The organization lacks a purchasing officer with experience in purchasing activities.
B.
Purchases can be approved after expenses have already been incurred.
C.
Some members of the department can request and approve payments for purchase requests.
D.
Purchasing procedures and processes have not been updated during the past two years.
Purchasing procedures and processes have not been updated during the past two years.
| Page 36 out of 85 Pages |
| 2324252627282930313233343536373839404142434445464748 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved