Certified Information Systems Auditor (CISA) Cert Guide Exam Questions and Answers 100% Verified.
5 views 0 purchase
Course
CISA
Institution
CISA
Certified Information Systems Auditor
(CISA) Cert Guide Exam Questions and
Answers 100% Verified.
Which of the following best describes a baseline document?
a. A PCI industry standard requiring a 15-minute session timeout
b. Installation step recommendations from the vendor for an Active Direc...
Certified Information Systems Auditor
(CISA) Cert Guide Exam Questions and
Answers 100% Verified.
Which of the following best describes a baseline document?
a. A PCI industry standard requiring a 15-minute session timeout
b. Installation step recommendations from the vendor for an Active Directory server
c. A network topography diagram of the Active Directory forest
d. Security configuration settings for an Active Directory server - answer✔✔D. A baseline is
correct because it is a platform-specific rule related to the security configuration for an Active
Directory server. Answers A, B, and C are not platform specific.
Which of the following best describes integrated auditing?
a. Integrated auditing places internal control in the hands of management and reduces the time
between the audit and the time of reporting.
b. Integrated auditing combines the operational audit function, the financial audit function, and
the IS audit function.
c. Integrated auditing combines the operational audit function and the IS audit function.
d. Integrated auditing combines the financial audit function and the IS audit function -
answer✔✔B. Integrated auditing is a methodology that combines the operational audit function,
the financial audit function, and the IS audit function. Therefore, Answers C and D are incorrect
because they do not list all three types of functions to be integrated. Answer A is incorrect
because it describes control self-assessment (CSA), which is used to verify the reliability of
internal controls and places internal controls in the hands of management
Which storage of evidence would best preserve the chain of custody of evidence obtained during
an audit?
a. Locked department safe behind card access doors
b. Offsite location, such as home, out of reach by anyone at work
c. Archival at a third-party offsite facility
d. Locked cabinet on the department floor with only one key, in the possession of the auditor -
answer✔✔D. The best choice would be a locked cabinet on the department floor with only one
key, in the possession of the auditor. With only one key in the auditor's possession, there is clear
accountability, and access is limited to one person. Answer A is incorrect because multiple
individuals may still have access to the safe. Answer B is incorrect because it would call into
question the security of the home and the ability to restrict access to family members. Answer C
is incorrect because third-party access cannot be verified in a third-party site, given the way the
facts were presented.
Which of the following best describes risk that can be caused by the failure of internal controls
and can result in a material error?
a. Residual risk
b. Inherent risk
c. Detection risk
d. Control risk - answer✔✔D. A control risk is risk caused by failure of internal controls; it can
result in a material error. Answer A is incorrect because residual risk is the amount of risk the
organization is willing to accept. Answer B is incorrect because inherent risk is the risk that can
occur because of the lack of compensating controls. Combined, inherent risks can create a
material risk. Answer C is incorrect because detection risk is the risk if an auditor does not
design tests in such a way as to detect a material risk
Which of the following is not one of the best techniques for gathering evidence during an audit?
a. Attend board meetings
b. Examine and review actual procedures and processes
c. Verify employee security awareness training and knowledge
d. Examine reporting relationships to verify segregation of duties - answer✔✔A. Attending
board meetings is not one of the best ways to gather evidence during an audit. The best ways to
gather evidence include observing employee activity, examining and reviewing procedures and
processes, verifying employee security awareness training and knowledge, and examining
reporting relationships to verify segregation of duties.
Which of the following is not an advantage of control self-assessment (CSA)?
a. CSA helps provide early detection of risks.
b. CSA is an audit function replacement.
d. CSA provides increased levels of assurance. - answer✔✔B. CSA is not an audit function
replacement. Answers A, C, and D are all advantages of CSA.
If an auditor cannot obtain the material needed to complete an audit, what type of opinion should
the auditor issue?
a. Unqualified opinion
b. Qualified opinion
c. Adverse opinion
d. Disclaimer - answer✔✔D. A disclaimer is used when an auditor cannot obtain appropriate
evidence to base an opinion.
Which of the following is the best example of general control procedures?
a. Internal accounting controls used to safeguard financial records
b. Business continuity and disaster-recovery procedures that provide reasonable assurance that
the organization is secure against disasters
c. Procedures that provide reasonable assurance for the control of access to data and programs
d. Procedures that provide reasonable assurance and have been developed to control and manage
data-processing operations - answer✔✔A. Internal accounting controls used to safeguard
financial records are an example of a general control procedure. Answers B, C, and D all
describe information system control procedures.
Which of the following describes a significant level of risk that the organization is unwilling to
accept?
a. Detection risk
b. Material risk
c. Business risk
d. Irregularities - answer✔✔B. The word material describes a significant level of risk that the
organization is unwilling to accept. Answers A, C, and D do not define the term.
Which of the following is the most accurate description of a substantive test in which the data
represents fake entities such as products, items, or departments?
a. Parallel tests
b. Integrated test facility
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
