Topic 1: Exam Pool A
Which of the following sampling techniques is commonly used in fraud detection when the expected occurrence rate is small and the specific controls are critical?
A.
Random sampling
B.
Discovery sampling
C.
Monetary unit sampling
D.
Stop-or-go sampling
Discovery sampling
Following the sale of a business division, employees will be transferred to a new organization, but they will retain access to IT equipment from the previous employer. An IS auditor has recommended that both organizations agree to and document an acceptableuse policy for the equipment. What type of control has been recommended?
A.
Detective control
B.
Directive control
C.
Preventive control
D.
Corrective control
Detective control
The MAJOR reason for segregating test programs from production programs is to:
A.
provide control over program changes
B.
limit access rights of IS staff to the development environment.
C.
provide the basis for efficient system change management
D.
achieve segregation of duties between IS staff and end users
provide the basis for efficient system change management
Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts payable system. Which of the following is the IS auditor s BEST recommendation for a compensating control?
A.
Restrict payment authorization to senior staff members
B.
Review payment transaction history
C.
Require written authorization for all payment transactions.
D.
Reconcile payment transactions with invoices
Require written authorization for all payment transactions.
Which of the following is the BEST way to facilitate proper follow-up for audit finding?
A.
Conduct a surprise audit to determine whether remediation is in progress
B.
Schedule a follow-up audit for two weeks after the initial audit was completed
C.
Conduct a follow-up audit when findings escalate to incidents
D.
Schedule a follow-up audit based on remediation due dates.
Schedule a follow-up audit for two weeks after the initial audit was completed
Which of the following is the MOST important consideration for building resilient systems?
A.
Eliminating single points of failure
B.
Performing periodic backups
C.
Creating disaster recovery plans
D.
Defining recovery point objectives (RPOs)
Eliminating single points of failure
An auditor is creating an audit program in which the objective is to establish the adequacy of personal data privacy controls in a payroll process. Which of the following would be MOST important to include?
A.
Approval of data changes
B.
User access provisioning
C.
Segregation of duties controls
D.
Audit logging of administrative user activity
Audit logging of administrative user activity
During a network security review the system log indicates an unusually high number of unsuccessful login attempts Which of the following sampling techniques is MOST appropriate for selecting a sample of user IDs for further investigation?
A.
Variable
B.
Monetary unit
C.
Stratified
D.
Attribute
Stratified
Which of the following is the MOST important process to ensure planned IT system changes are completed in an efficient manner?
A.
Incident management
B.
Demand management
C.
Release management
D.
Configuration management
Release management
An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner Which of the following is the auditor s BEST recommendation?
A.
Upgrade hardware to newer technology.
B.
Increase the capacity of existing systems.
C.
Build a virtual environment
D.
Hire temporary contract workers for the IT function.
Build a virtual environment
The IS auditor of a power company finds that the radio link to a remote mountain site is experience systematic outages under specific weather conditions. The communications managers explains that increasing the radio power would require a new license and would help. What is the MOST appropriate action by the IS auditor?
A.
Recommend that the site s hardware be upgraded to record data during outages.
B.
Gather additional information to identify threats vulnerabilities and impact.
C.
Review the installation license, permissions and associated costs.
D.
Recommend that the site's data collection and transmission be non-interruptible.
Gather additional information to identify threats vulnerabilities and impact.
What is the GREASTEST concern for an IS auditory reviewing contracts for licensed software that executes a critical business process?
A.
The contract does not contain a right-to-audit clause.
B.
Software escrow not negotiated.
C.
Several vendor deliveries missed the commitment data.
D.
An operational level agreement (OLA) was not negotiated.
Software escrow not negotiated.
| Page 9 out of 85 Pages |
| 1234567891011121314151617181920212223242526 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved