Cisa exam stuvia 2024 - Study guides, Class notes & Summaries

Chapter 1 - ANSWER Source code - ANSWERuncompiled, archive code Object code - ANSWERcompiled code that is distributed and put into production; not able to be read by humans Inherent risk - ANSWERthe risk that an error could occur assuming no compensating control exist Control risk - ANSWERthe risk that an error exists that would not be prevented by internal controls Detection risk - ANSWERthe risk that an error exists, but is not detected. The risk that an IS auditor may use an in...

When evaluating the collective effect of preventive, detective and corrective controls within a process, an IS auditor should be aware of which of the following? A. The point at which controls are exercised as data flow through the system B. Only preventive and detective controls are relevant C. Corrective controls are regarded as compensating D. Classification allows an IS auditor to determine which controls are missing - ANSWERA. An IS auditor who has discovered unauthorized transaction...

Completing a Risk Analysis. - ANSWERWhat is the most important consideration before implementing a new technology? Indemnity Clause - ANSWERWhat is a clause that holds providers financially liable for violations? Agreed upon performance metrics in the SLA - ANSWERWhat is the best reference for vendor's ability to meet its SLA? Integrated Test Facility (ITF) - ANSWERWhat creates a fictitious entity in the database to process test transactions simultaneously with live input Its adva...

Planning, fieldwork/documentation, and reporting/follow-up - ANSWERMajor phases of the typical audit process Audit Charter - ANSWERAn overarching document that covers the entire scope of audit activities in an entire entity. Engagement Letter - ANSWERMore focused on a particular audit exercise that is sought to be initiated in an organization with a specific objective in mind. Short-Term Planning - ANSWERConsiders audit issues that will be covered during the year. Long-Term Planning ...

Which of the following is the BEST preventive control to protect the confidentiality of data on a corporate smartphone in the event it is lost? a) Biometric authentication for the device b) Remote data wipe program c) Encryption of the data stored on the device d) Password for device authentication - ANSWERc) Encryption of the data stored on the device Note the question asks about a PREVENTATIVE control to protect CONFIDENTIALITY. Confidentiality entails the efforts to keep data private, ...