CISA exam

Which of the following audit include specific tests of control to demonstrate adherence to specific regulatory or industry standard?A . Compliance AuditB . Financial AuditC . Operational AuditD . Forensic auditView AnswerAnswer: A Explanation: A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting,...

Which of the following audit risk is related to material errors or misstatements that have occurred that will not be detected by an IS auditor?A . Inherent RiskB . Control RiskC . Detection RiskD . Overall Audit RiskView AnswerAnswer: C Explanation: The risk that material errors or misstatements that have...

Which of the following should be of MOST concern to an IS auditor reviewing the public key infrastructure (PKI) for enterprise e-mail?A . The private key certificate has not been updated.B . The certificate revocation list has not been updated.C . The certificate practice statement has not been published.D ....

An organization is concerned about duplicate vendor payments on a complex system with a high volume of transactions. Which of the following would be MOST helpful to an IS auditor to determine whether duplicate vendor payments exist?A . Computer-assisted techniqueB . Stop-and-go testingC . Statistical samplingD . Judgmental samplingView AnswerAnswer:...

An IS auditor reviewing an organization’s data privacy controls observes that privacy notices do not clearly state how the organization uses customer data for its processing operations. Which of the following data protection principles MUST be implemented to address this gap?A . Maintenance of data integrityB . Access to collected...

Multiple invoices are usually received for individual purchase orders, since purchase orders require staggered delivery dates. Which of the following is the BEST audit technique to test for duplicate payments?A . Run the data on the software programs used to process supplier payments.B . Use generalized audit software on the...

When evaluating the ability of a disaster recovery plan to enable the recovery of IT processing capabilities, it is MOST important for the IS auditor to verify the plan is:A . stored at an offsite locationB . communicated to department headsC . regularly reviewedD . periodically testedView AnswerAnswer: C

An IS auditor discovered abnormalities in a monthly report generated from a system upgraded six months ago. Which of the following should be the auditor’s FIRST course of action?A . Inspect source code for proof of abnormalitiesB . Perform a change management review of the systemC . Schedule an access...

Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?A . Number of false negativesB . Number of false positivesC . Legitimate traffic blocked by the systemD . Reliability of IDS logsView AnswerAnswer: A

When conducting a review of security incident management, an IS auditor found there are no defined escalation processes. All incidents are managed by the service desk. Which of the following should be the auditor’s PRIMARY concern?A . Inefficient use of service desk resourcesB . Management’s lack of high impact incidentsC...