Package deal
CISA Exam Review Questions & 100% Correct Answers
CISA Exam Review Questions & 100% Correct Answers
[Show more]CISA Exam Review Questions & 100% Correct Answers
[Show more]Information system auditors have identified separation of duties in enterprise 
resource planning (ERP) systems. 
Which of the following is the best way to prevent repetitive configuration from 
occurring? 
A. Use a role-based model to grant user access 
B. Regularly monitor access rights 
C. Corr...
Preview 2 out of 7 pages
Add to cartInformation system auditors have identified separation of duties in enterprise 
resource planning (ERP) systems. 
Which of the following is the best way to prevent repetitive configuration from 
occurring? 
A. Use a role-based model to grant user access 
B. Regularly monitor access rights 
C. Corr...
Audit Charter 
 :~~ An overarching document that covers the entire scope of the audit 
activities in an entity. (Purpose, responsibility, authority, and 
accountability). An engagement letter is more focused on a particular audit 
exercise that is sought to be initiated in an organization with a ...
Preview 2 out of 13 pages
Add to cartAudit Charter 
 :~~ An overarching document that covers the entire scope of the audit 
activities in an entity. (Purpose, responsibility, authority, and 
accountability). An engagement letter is more focused on a particular audit 
exercise that is sought to be initiated in an organization with a ...
In a public key infrastructure (PKI), which of the following may be relied upon to 
prove that an online transaction was authorized by a specific customer? 
Correct A. Nonrepudiation 
B. Encryption 
C. Authentication 
D. Integrity 
. 
 :~~ You are correct, the answer is A. 
A. Nonrepudiation, achi...
Preview 4 out of 286 pages
Add to cartIn a public key infrastructure (PKI), which of the following may be relied upon to 
prove that an online transaction was authorized by a specific customer? 
Correct A. Nonrepudiation 
B. Encryption 
C. Authentication 
D. Integrity 
. 
 :~~ You are correct, the answer is A. 
A. Nonrepudiation, achi...
Which of the following best describes a baseline document? 
a. A PCI industry standard requiring a 15-minute session timeout 
b. Installation step recommendations from the vendor for an Active Directory 
server 
c. A network topography diagram of the Active Directory forest 
d. Security configurati...
Preview 4 out of 55 pages
Add to cartWhich of the following best describes a baseline document? 
a. A PCI industry standard requiring a 15-minute session timeout 
b. Installation step recommendations from the vendor for an Active Directory 
server 
c. A network topography diagram of the Active Directory forest 
d. Security configurati...
An IS auditor is reviewing access to an application to determine whether the 10 
most recent "new user" forms were correctly authorized. This is an example of: 
 :~~ compliance testing. 
The decisions and actions of an IS auditor are MOST likely to affect which of the 
following risks? 
 :~~ Det...
Preview 3 out of 16 pages
Add to cartAn IS auditor is reviewing access to an application to determine whether the 10 
most recent "new user" forms were correctly authorized. This is an example of: 
 :~~ compliance testing. 
The decisions and actions of an IS auditor are MOST likely to affect which of the 
following risks? 
 :~~ Det...
Where in the Word program window can you find the top and bottom margins? 
 :~~ vertical ruler 
What is an interactive object that you use to customize a document with your own 
information called? 
 :~~ content control 
In the accompanying figure, the text labeled 3 is ____. 
 :~~ Justified 
Press...
Preview 3 out of 17 pages
Add to cartWhere in the Word program window can you find the top and bottom margins? 
 :~~ vertical ruler 
What is an interactive object that you use to customize a document with your own 
information called? 
 :~~ content control 
In the accompanying figure, the text labeled 3 is ____. 
 :~~ Justified 
Press...
You can use a ___ function to return a value from a table that is based on an 
approximate match lookup. 
 :~~ VLOOKUP 
The ___ error value means that a value is not available to a function or formula. 
 :~~ #N/A 
If you are creating a calculated column or formula within an Excel table, you can 
u...
Preview 2 out of 6 pages
Add to cartYou can use a ___ function to return a value from a table that is based on an 
approximate match lookup. 
 :~~ VLOOKUP 
The ___ error value means that a value is not available to a function or formula. 
 :~~ #N/A 
If you are creating a calculated column or formula within an Excel table, you can 
u...
An IS auditor is conducting a compliance test to determine whether controls 
support management policies and procedures. The test will assist the IS auditor to 
determine: 
 :~~ That the control is operating as designed 
Compliance tests can be used to test the existence and effectiveness of a de...
Preview 4 out of 65 pages
Add to cartAn IS auditor is conducting a compliance test to determine whether controls 
support management policies and procedures. The test will assist the IS auditor to 
determine: 
 :~~ That the control is operating as designed 
Compliance tests can be used to test the existence and effectiveness of a de...
Source code 
 :~~ uncompiled, archive code 
Object code 
 :~~ compiled code that is distributed and put into production; not able to 
be read by humans 
Inherent risk 
 :~~ the risk that an error could occur assuming no compensating control 
exist 
Control risk 
 :~~ the risk that an error exists ...
Preview 4 out of 43 pages
Add to cartSource code 
 :~~ uncompiled, archive code 
Object code 
 :~~ compiled code that is distributed and put into production; not able to 
be read by humans 
Inherent risk 
 :~~ the risk that an error could occur assuming no compensating control 
exist 
Control risk 
 :~~ the risk that an error exists ...
5 Tasks within the domain covering the process of auditing information systems 
 :~~ 1. Develop and implement a risk-based IT audit strategy in compliance 
with IT audit standards to ensure that key areas are included 
2. Plan specific audits to determine whether information systems are protected, ...
Preview 4 out of 103 pages
Add to cart5 Tasks within the domain covering the process of auditing information systems 
 :~~ 1. Develop and implement a risk-based IT audit strategy in compliance 
with IT audit standards to ensure that key areas are included 
2. Plan specific audits to determine whether information systems are protected, ...
A company with a limited budget has a recovery time objective (RTO) of 72 hours 
and a recovery point objective (RPO) of 24 hours. Which of the following would 
BEST meet the requirements of the business? 
Select an answer: 
A. 
A hot site 
B. 
A cold site 
C. 
A mirrored site 
D. 
A warm site...
Preview 4 out of 161 pages
Add to cartA company with a limited budget has a recovery time objective (RTO) of 72 hours 
and a recovery point objective (RPO) of 24 hours. Which of the following would 
BEST meet the requirements of the business? 
Select an answer: 
A. 
A hot site 
B. 
A cold site 
C. 
A mirrored site 
D. 
A warm site...
An organization is proposing to establish a wireless local area network (WLAN). 
Management asks the IS auditor to recommend security controls for the WLAN. 
Which of the following would be the MOST appropriate recommendation? 
Select an answer: 
A. 
Physically secure wireless access points to pr...
Preview 4 out of 152 pages
Add to cartAn organization is proposing to establish a wireless local area network (WLAN). 
Management asks the IS auditor to recommend security controls for the WLAN. 
Which of the following would be the MOST appropriate recommendation? 
Select an answer: 
A. 
Physically secure wireless access points to pr...
Digital signatures require the: 
Select an answer: 
A. 
signer to have a public key and the receiver to have a private key. 
B. 
signer to have a private key and the receiver to have a public key. 
C. 
signer and receiver to have a public key. 
D. 
signer and receiver to have a private key. 
 :~...
Preview 4 out of 152 pages
Add to cartDigital signatures require the: 
Select an answer: 
A. 
signer to have a public key and the receiver to have a private key. 
B. 
signer to have a private key and the receiver to have a public key. 
C. 
signer and receiver to have a public key. 
D. 
signer and receiver to have a private key. 
 :~...
The PRIMARY advantage of a continuous audit approach is that it: 
Select an answer: 
A. does not require an IS auditor to collect evidence on system reliability while 
processing is taking place. 
B. requires the IS auditor to review and follow up immediately on all information 
collected. 
C. ca...
Preview 4 out of 870 pages
Add to cartThe PRIMARY advantage of a continuous audit approach is that it: 
Select an answer: 
A. does not require an IS auditor to collect evidence on system reliability while 
processing is taking place. 
B. requires the IS auditor to review and follow up immediately on all information 
collected. 
C. ca...
Sharing risk is a key factor in which of the following methods of managing risk? 
Select an answer: 
A. 
Transferring risk 
B. 
Tolerating risk 
C. 
Terminating risk 
D. 
Treating risk 
 CORRECT A. Transferring risk (e.g., by taking an insurance policy) is a way 
to share risk. 
B. Tolerating r...
Preview 4 out of 149 pages
Add to cartSharing risk is a key factor in which of the following methods of managing risk? 
Select an answer: 
A. 
Transferring risk 
B. 
Tolerating risk 
C. 
Terminating risk 
D. 
Treating risk 
 CORRECT A. Transferring risk (e.g., by taking an insurance policy) is a way 
to share risk. 
B. Tolerating r...
The internal audit department has written some scripts that are used for 
continuous auditing of some information systems. The IT department has asked for 
copies of the scripts so that they can use them for setting up a continuous 
monitoring process on key systems. Would sharing these scripts wi...
Preview 4 out of 149 pages
Add to cartThe internal audit department has written some scripts that are used for 
continuous auditing of some information systems. The IT department has asked for 
copies of the scripts so that they can use them for setting up a continuous 
monitoring process on key systems. Would sharing these scripts wi...
An IS auditor is reviewing the software development process for an organization. 
Which of the following functions would be appropriate for the end users to 
perform? 
Select an answer: 
A. 
Program output testing 
B. 
System configuration 
C. 
Program logic specification 
D. 
Performance tuni...
Preview 4 out of 156 pages
Add to cartAn IS auditor is reviewing the software development process for an organization. 
Which of the following functions would be appropriate for the end users to 
perform? 
Select an answer: 
A. 
Program output testing 
B. 
System configuration 
C. 
Program logic specification 
D. 
Performance tuni...
Who is responsible for imposing an IT governance model encompassing IT strategy, 
information security, and formal enterprise architectural mandates? 
 :~~ IT executives and the Board of Directors 
The party that performs strategic planning, addresses near-term and long-term 
requirements aligning...
Preview 4 out of 38 pages
Add to cartWho is responsible for imposing an IT governance model encompassing IT strategy, 
information security, and formal enterprise architectural mandates? 
 :~~ IT executives and the Board of Directors 
The party that performs strategic planning, addresses near-term and long-term 
requirements aligning...
Which of the following BEST describes the purpose of performing a risk assessment 
in the planning phase of an IS audit? 
A. 
To establish adequate staffing requirements to complete the IS audit 
B. 
To provide reasonable assurance that all material items will be addressed 
C. 
To determine the ...
Preview 4 out of 67 pages
Add to cartWhich of the following BEST describes the purpose of performing a risk assessment 
in the planning phase of an IS audit? 
A. 
To establish adequate staffing requirements to complete the IS audit 
B. 
To provide reasonable assurance that all material items will be addressed 
C. 
To determine the ...
In auditing a database environment, an IS auditor will be MOST concerned if the 
database administrator (DBA) is performing which of the following functions? 
Select an answer: 
A. 
Performing database changes according to change management procedures 
B. 
Installing patches or upgrades to the op...
Preview 4 out of 152 pages
Add to cartIn auditing a database environment, an IS auditor will be MOST concerned if the 
database administrator (DBA) is performing which of the following functions? 
Select an answer: 
A. 
Performing database changes according to change management procedures 
B. 
Installing patches or upgrades to the op...
To minimize the cost of a software project, quality management techniques 
should be applied: 
Select an answer: 
A. 
as close to their writing (i.e., point of origination) as possible. 
B. 
primarily at project start to ensure that the project is established in accordance 
with organizational g...
Preview 4 out of 154 pages
Add to cartTo minimize the cost of a software project, quality management techniques 
should be applied: 
Select an answer: 
A. 
as close to their writing (i.e., point of origination) as possible. 
B. 
primarily at project start to ensure that the project is established in accordance 
with organizational g...
An IS auditor reviewing an outsourcing contract of IT facilities would expect it to 
define the: 
Select an answer: 
A. 
hardware configuration. 
B. 
access control software. 
C. 
ownership of intellectual property. 
D. 
application development methodology. 
 :~~ You are correct, the answer is ...
Preview 4 out of 155 pages
Add to cartAn IS auditor reviewing an outsourcing contract of IT facilities would expect it to 
define the: 
Select an answer: 
A. 
hardware configuration. 
B. 
access control software. 
C. 
ownership of intellectual property. 
D. 
application development methodology. 
 :~~ You are correct, the answer is ...
What is the definition of audit? 
 :~~ Auditing is a detailed and specific evaluation of a process, procedure, 
organization, job function, or system, in which results are gathered and 
reported. 
What is the purpose of ethics? 
 :~~ To mandate the professional and personal conduct of auditors 
Ac...
Preview 3 out of 16 pages
Add to cartWhat is the definition of audit? 
 :~~ Auditing is a detailed and specific evaluation of a process, procedure, 
organization, job function, or system, in which results are gathered and 
reported. 
What is the purpose of ethics? 
 :~~ To mandate the professional and personal conduct of auditors 
Ac...
Most important step in risk analysis is to identify 
a. Competitors 
b. controls 
c. vulnerabilities 
d. liabilities 
 :~~ c. vulnerabilities 
In a risk based audit planning, an IS auditor's first step is to identify: 
a. responsibilities of stakeholders 
b. high-risk areas within the organization ...
Preview 4 out of 175 pages
Add to cartMost important step in risk analysis is to identify 
a. Competitors 
b. controls 
c. vulnerabilities 
d. liabilities 
 :~~ c. vulnerabilities 
In a risk based audit planning, an IS auditor's first step is to identify: 
a. responsibilities of stakeholders 
b. high-risk areas within the organization ...
Audit Charter 
 :~~ a formal document that contains: 
 1. scope of the audit functions 
 2. authority of the audit functions 
 3. responsibility of the audit functions 
Audit Universe 
 :~~ An inventory of all the functions/processes/units under the 
organization 
Qualitative Risk Assessment 
 :~~...
Preview 2 out of 8 pages
Add to cartAudit Charter 
 :~~ a formal document that contains: 
 1. scope of the audit functions 
 2. authority of the audit functions 
 3. responsibility of the audit functions 
Audit Universe 
 :~~ An inventory of all the functions/processes/units under the 
organization 
Qualitative Risk Assessment 
 :~~...
Abend 
 :~~ An abnormal end to a computer job; termination of a task prior to its 
completion because of an error condition that cannot be resolved by 
recovery facilities while the task is executing. 
Acceptable interruption window 
 :~~ The maximum period of time that a system can be unavailable...
Preview 4 out of 262 pages
Add to cartAbend 
 :~~ An abnormal end to a computer job; termination of a task prior to its 
completion because of an error condition that cannot be resolved by 
recovery facilities while the task is executing. 
Acceptable interruption window 
 :~~ The maximum period of time that a system can be unavailable...
Abend * 
 :~~ An abnormal end to a computer job; termination of a task prior to its 
completion because of an error condition that cannot be resolved by 
recovery facilities while the task is executing. 
Acceptable use policy 
 :~~ A policy that establishes an agreement between users and the 
ent...
Preview 4 out of 224 pages
Add to cartAbend * 
 :~~ An abnormal end to a computer job; termination of a task prior to its 
completion because of an error condition that cannot be resolved by 
recovery facilities while the task is executing. 
Acceptable use policy 
 :~~ A policy that establishes an agreement between users and the 
ent...
Audit 
 :~~ Formal examination of information systems to ensure compliance and 
effectiveness. 
Assurance 
 :~~ Confirmation of compliance with laws, regulations, and policies. 
Information assets 
 :~~ Valuable data and information within an organization. 
Control framework 
 :~~ Structure of cont...
Preview 2 out of 7 pages
Add to cartAudit 
 :~~ Formal examination of information systems to ensure compliance and 
effectiveness. 
Assurance 
 :~~ Confirmation of compliance with laws, regulations, and policies. 
Information assets 
 :~~ Valuable data and information within an organization. 
Control framework 
 :~~ Structure of cont...
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Stuvia is a marketplace, so you are not buying this document from us, but from seller ExamArsenal. Stuvia facilitates payment to the seller.
No, you only buy these notes for $143.60. You're not tied to anything after your purchase.
4.6 stars on Google & Trustpilot (+1000 reviews)
67163 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now