CISA Studying Verified Exam Questions
and Answers
Which of the following BEST describes the purpose of performing a risk assessment in the
planning phase of an IS audit?
A.
To establish adequate staffing requirements to complete the IS audit
B.
To provide reasonable assurance that all materi...
Which of the following BEST describes the purpose of performing a risk assessment in the
planning phase of an IS audit?
A.
To establish adequate staffing requirements to complete the IS audit
B.
To provide reasonable assurance that all material items will be addressed
C.
To determine the skills required to perform the IS audit
Incorrect D.
To develop the audit program and procedures to perform the IS audit - answer✔✔You answered
D. The correct answer is B.
A. A risk assessment does not directly influence staffing requirements.
B. A risk assessment helps focus the audit procedures on the highest risk areas included in the
scope of the audit. The concept of reasonable assurance is important as well.
C. A risk assessment does not identify the skills required to perform an IS audit.
D. A risk assessment is not used in the development of the audit program and procedures.
Which of the following controls would BEST detect intrusion?
A.
User IDs and user privileges are granted through authorized procedures.
B.
Automatic logoff is used when a workstation is inactive for a particular period of time.
Incorrect C.
Automatic logoff of the system occurs after a specified number of unsuccessful attempts.
D.
Unsuccessful logon attempts are monitored by the security administrator. - answer✔✔You
answered C. The correct answer is D.
A. User IDs and the granting of user privileges define a policy. This is a type of administrative or
managerial control that may prevent intrusion but would not detect it.
B. Automatic logoff is a method of preventing access through unattended or inactive terminals,
but is not a detective control.
C. Unsuccessful attempts to log on are a method for preventing intrusion, not detecting it.
D. Intrusion is detected by the active monitoring and review of unsuccessful logon attempts.
Which testing approach is MOST appropriate to ensure that internal application interface errors
are identified as soon as possible?
A.
Bottom-up testing
B.
Sociability testing
C.
Top-down testing
Incorrect D.
System testing - answer✔✔You answered D. The correct answer is C.
A. A bottom-up approach to testing begins with atomic units, such as programs and modules, and
works upward until a complete system test has taken place.
B. Sociability testing takes place at a later stage in the development process.
C. The top-down approach to testing ensures that interface errors are detected early and that
testing of major functions is conducted early.
D. System tests take place at a later stage in the development process.
An IS auditor has been asked by management to review a potentially fraudulent transaction. The
PRIMARY focus of an IS auditor while evaluating the transaction should be to:
maintain impartiality while evaluating the transaction.
B.
ensure that the independence of an IS auditor is maintained.
C.
assure that the integrity of the evidence is maintained.
Incorrect D.
assess all relevant evidence for the transaction. - answer✔✔You answered D. The correct answer
is C.
A. Although it is important for an IS auditor to be impartial, in this case it is more critical that the
evidence be preserved.
B. Although it is important for an IS auditor to maintain independence, in this case it is more
critical that the evidence be preserved.
C. The IS auditor has been requested to perform an investigation to capture evidence which may
be used for legal purposes, and therefore, maintaining the integrity of the evidence should be the
foremost goal. Improperly handled computer evidence is subject to being ruled inadmissible in a
court of law.
D. While it is also important to assess all relevant evidence, it is more important to maintain the
chain of custody, which ensures the integrity of evidence.
Which of the following is an object-oriented technology characteristic that permits an enhanced
degree of security over data?
A.
Inheritance
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
