100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CISA Practise Question Database Questions & 100% Correct Answers $13.69   Add to cart

Exam (elaborations)

CISA Practise Question Database Questions & 100% Correct Answers

 6 views  0 purchase
  • Course
  • CISA
  • Institution
  • CISA

The PRIMARY advantage of a continuous audit approach is that it: Select an answer: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. requires the IS auditor to review and follow up immediately on all information collected. C. c...

[Show more]

Preview 4 out of 870  pages

  • September 9, 2024
  • 870
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CISA
  • CISA
avatar-seller
ExamArsenal
1 | P a g e | © copyright 2024/2025 | Grade A+




CISA Practise Question Database 2013-
2014 Questions & 100% Correct
Answers
The PRIMARY advantage of a continuous audit approach is that it:

Select an answer:

A. does not require an IS auditor to collect evidence on system reliability while

processing is taking place.

B. requires the IS auditor to review and follow up immediately on all information

collected.

C. can improve system security when used in time-sharing environments that

process a large number of transactions.

D. does not depend on the complexity of an organization's computer systems.


✓ :~~ 1.1. The correct answer is C.

The use of continuous auditing techniques can improve system security when used

in time-sharing environments that process a large number of transactions, but

leave a scarce paper trail. Choice A is incorrect since the continuous audit

approach often does require an IS auditor to collect evidence on system reliability

while processing is taking place. Choice B is incorrect since an IS auditor normally

would review and follow up only on material deficiencies or errors detected.

Choice D is incorrect since the use of continuous audit techniques depends on the

complexity of an organization's computer systems.




Master01 | September, 2024/2025 | Latest update

, 2 | P a g e | © copyright 2024/2025 | Grade A+


Which of the following ensures the availability of transactions in the event of a

disaster?

Select an answer:

A. Send tapes hourly containing transactions offsite.

B. Send tapes daily containing transactions offsite.

C. Capture transactions to multiple storage devices.

D. Transmit transactions offsite in real time.


✓ :~~ 4.10. The correct answer is D.

The only way to ensure availability of all transactions is to perform a real-time

transmission to an offsite facility. Choices A and B are not in real time and,

therefore, would not include all the transactions. Choice C does not ensure

availability at an offsite location.




An organization has outsourced its help desk function. Which of the following

indicators would be the BEST to include in the service level agreement (SLA)?

Select an answer:

A. Overall number of users supported

B. Percentage of incidents solved in the first call

C. Number of incidents reported to the help desk

D. Number of agents answering the phones




Master01 | September, 2024/2025 | Latest update

, 3 | P a g e | © copyright 2024/2025 | Grade A+


✓ :~~ 4.2. You are correct, the answer is B.

Since it is about service level (performance) indicators, the percentage of

incidents solved on the first call is the only option that is relevant. Choices A, C

and D are not quality measures of the help desk service.




Which of the following will MOST successfully identify overlapping key controls in

business application systems?

Select an answer:

A. Reviewing system functionalities that are attached to complex business

processes

B. Submitting test transactions through an integrated test facility (ITF)

C. Replacing manual monitoring with an automated auditing solution

D. Testing controls to validate that they are effective

✓ :~~ The correct answer is C.

As part of the effort to realize continuous audit management (CAM), there are

cases for introducing an automated monitoring and auditing solution. All key

controls need to be clearly aligned for systematic implementation; thus, analysts

have the opportunity to come across unnecessary or overlapping key controls in

existing systems. In general, highly complex business processes may have more key

controls than business areas with less complexity; however, finding, with

certainty, unnecessary controls in complex areas is not always possible. If a well-

thought-out key control structure has been established from the beginning, finding

any overlap in control will not be possible. An ITF is an audit technique to test the


Master01 | September, 2024/2025 | Latest update

, 4 | P a g e | © copyright 2024/2025 | Grade A+


accuracy of the processes in the application system. It may find control flaws in

the application system, but it would be difficult to find the overlap in key controls.

By testing controls to validate whether they are effective, the IS auditor can

identify whether there are overlapping controls; however, the process of

implementing an automated auditing solution would better identify overlapping

controls.




Overall business risk for a particular threat can be expressed as:

Select an answer:

A. a product of the likelihood and magnitude of the impact should a threat

successfully exploit a vulnerability.

B. the magnitude of the impact should a threat source successfully exploit the

vulnerability.

C. the likelihood of a given threat source exploiting a given vulnerability.

D. the collective judgment of the risk assessment team.

✓ :~~ 2-8 The correct answer is A.

Choice A takes into consideration the likelihood and magnitude of the impact and

provides the best measure of the risk to an asset. Choice B provides only the

likelihood of a threat exploiting a vulnerability in the asset but does not provide

the magnitude of the possible damage to the asset. Similarly, choice C considers

only the magnitude of the damage and not the possibility of a threat exploiting a

vulnerability. Choice D defines the risk on an arbitrary basis and is not suitable for




Master01 | September, 2024/2025 | Latest update

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller ExamArsenal. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.69. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

67096 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.69
  • (0)
  Add to cart