CISA exam

Two servers are deployed in a cluster to run a mission-critical application. To determine whether the system has been designed for optimal efficiency, the IS auditor should verify that:A . the security features in the operating system are all enabledB . the number of disks in the cluster meets minimum...

An IS auditor has discovered that a cloud-based application was not included in an application inventory that was used to confirm the scope of an audit. The business process owner explained that the application will be audited by a third party in the next year. The auditor’s NEXT step should...

Which of the following risk handling technique involves the practice of being proactive so that the risk in question is not realized?A . Risk MitigationB . Risk AcceptanceC . Risk AvoidanceD . Risk transferView AnswerAnswer: C Explanation: Risk avoidance is the practice of coming up with alternatives so that the...

Which of the following testing procedure is used by an auditor to check whether a firm is following the rules and regulations applicable to an activity or practice?A . Compliance testingB . Sanity testingC . Recovery testingD . Substantive testingView AnswerAnswer: A Explanation: Audit undertaken to confirm whether a firm...

Which of the following is the PRIMARY reason for an IS auditor to issue an interim audit report?A . To avoid issuing a final audit reportB . To enable the auditor to complete the engagement in a timely mannerC . To provide feedback to the auditee for timely remediationD ....

Which of the following audit risk is related to material error exist that would not be prevented or detected on timely basis by the system of internal controls?A . Inherent RiskB . Control RiskC . Detection RiskD . Overall Audit RiskView AnswerAnswer: B Explanation: The risk that material error exist...

An IS auditor considering the risks associated with spooling sensitive reports for off-line printing will be the MOST concerned that:A . data can easily be read by operatorsB . data can more easily be amended by unauthorized personsC . unauthorized copies of reports can be printedD . output will be...

A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following IS audit procedures will BEST determine whether unauthorized changes have been made to production programs?A . Review a sample of PCRs for proper approval throughout the program change process.B...

An IS auditor has completed an audit on the organization’s IT strategic planning process. Which of the following findings should be given the HIGHEST priority?A . The IT strategic plan was completed prior to the formulation of the business strategic planB . Assumptions in the IT strategic plan have not...

An internal audit department recently established a quality assurance (QA) program. Which of the following activities is MOST important to include as part of the QA program requirements?A . Ongoing monitoring of the audit activitiesB . Analysis of user satisfaction reports from business lines.C . Feedback from internal audit staffD...