Topic 1: Exam Pool A
Before concluding that internal controls can be relied upon, the IS auditor should:
A.
document the system of internal control.
B.
conduct tests of compliance
C.
document application controls.
D.
discuss the internal control weaknesses with the auditee
conduct tests of compliance
Management decided to accept the residual risk of an audit finding and not take the recommended actions. The internal. Audit team believes the acceptance is inappropriate and has discussed the situation with executive management. After this discussion, there is still disagreement regarding the decision. Which of the following is the BEST course of action by internal audit.
A.
Report the issue to the audit committee in a joint with execute management for resolution.
B.
Schedule another meeting with executive management to convince them of taking action as recommended.
C.
Document in the audit report that management has accepted the residual risk and take no further action.
D.
Report this matter to the audit committee without notifying executive management.
Report the issue to the audit committee in a joint with execute management for resolution.
An organization using instant messaging to communicate with customers prevent legitimate customers from being impersonated by:
A.
Authentication users before conversation are initiated.
B.
Using firewall to limit network traffic to authorized ports.
C.
Logging conversation.
D.
Using call monitoring
Authentication users before conversation are initiated.
Inherent risk rating are determined by assessing the impact and likelihood of a threat or vulnerability occurring:
A.
Before the risk appetite Is established
B.
After compensating have been applied
C.
After internal controls are taken into account.
D.
Before internal controls are taken into account.
Before internal controls are taken into account.
A disk management system’s PRIMARY function is to:
A.
Provide data on efficient disk usage.
B.
Deny access to disk resident data files.
C.
Monitor disk accesses for analytical review
D.
Provide the method of control for disk usage
Provide the method of control for disk usage
Which of the following is the MOST significant risk associated with peer-to-peer networking technology?
A.
Reduction in staff productivity
B.
Loss of information during transmission
C.
Lack of reliable internet network connections
D.
Lack of central monitoring
Lack of central monitoring
Which of the following is MOST important to include in a contract to outsource data processing that involves customer personally identifiable information (Pit)?
A.
The vendor must comply with the organization is legal and regulatory requirement.
B.
The vendor must provide an independent report of its data processing facilities.
C.
The vendor must compensate the organization if nonperformance occurs.
D.
The vendor must sign a nondisclosure agreement with the organization
The vendor must compensate the organization if nonperformance occurs.
While reviewing a hot site, the IS auditor discovers that one type of hardware platform is not installed. The IS auditor should FIRST
A.
determine the business impact of the absence of the hardware.
B.
establish the lead time for delivery of a new machine
C.
recommend the purchase and installation of hardware at the hot site
D.
report the finding immediately to senior IS management
determine the business impact of the absence of the hardware.
An IS auditor finds the timeliness and depth of information regarding the organization's IT projects varies based on which project manager is assigned. Which of the following recommendations would be A MOST helpful in achieving predictable and repeatableproject management processes?
A.
Alignment of project performance to pay incentives
B.
Adoption of business case and earned value templates
C.
Use of Gantt charts and work breakdown structures
D.
Measurement against defined and documented procedures
Adoption of business case and earned value templates
The IS auditor has identified a potential fraud perpetrated by the network administrator. The IS auditor should:
A.
share the potential audit finding with the security administrator.
B.
issue a report to ensure a timely resolution.
C.
review the audit finding with the audit committee prior to any other discussions
D.
perform more detailed tests prior to disclosing the audit results.
issue a report to ensure a timely resolution.
An organization has established hiring policies and procedures designed specifically to ensure network administrators are well qualified. Which type of control is in place?
A.
Detective
B.
Directive
C.
Corrective
D.
Preventive
Detective
An organization is replacing a mission-critical system. Which of the following is the BEST implementation strategy to mitigate and reduce the risk of system failure?
A.
Stage
B.
Phase
C.
Parallel
D.
Big-bang
Parallel
| Page 6 out of 85 Pages |
| 1234567891011121314151617181920212223242526 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved