100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CISA Study Guide Correct Questions & Answers(GRADED A+) $14.99   Add to cart

Exam (elaborations)

CISA Study Guide Correct Questions & Answers(GRADED A+)

 0 view  0 purchase
  • Course
  • CISA
  • Institution
  • CISA

Most important step in risk analysis is to identify a. Competitors b. controls c. vulnerabilities d. liabilities - ANSWERc. vulnerabilities In a risk based audit planning, an IS auditor's first step is to identify: a. responsibilities of stakeholders b. high-risk areas within the organ...

[Show more]

Preview 4 out of 68  pages

  • November 18, 2024
  • 68
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CISA
  • CISA
avatar-seller
papersbyjol
CISA Study Guide Correct Questions &
Answers(GRADED A+)
Most important step in risk analysis is to identify

a. Competitors
b. controls
c. vulnerabilities
d. liabilities - ANSWERc. vulnerabilities

In a risk based audit planning, an IS auditor's first step is to identify:

a. responsibilities of stakeholders
b. high-risk areas within the organization
c. cost centre
d. profit centre - ANSWERb. high-risk areas within the organization

When developing a risk-based audit strategy, an IS auditor should conduct a risk
assessment to ensure that:

a. segregation of duties to mitigate risks is in place
b. all the relevant vulnerabilities and threats are identified
c. regularity compliance is adhered to
d. business is profitable - ANSWERb. all the relevant vulnerabilities and threats are
identified

While determining the appropriate level of protection for an information asset an IS
auditor should primarily focus on:

a. Criticality of information assets
b. cost of information assets
c. Owner of information asset
d. result of vulnerability assessment - ANSWERa. Criticality of information assets

The decisions and actions of an IS auditor are MOST likely to affect which of the
following risks?

a. Inherent
b. Detection
c. Control
d. Business - ANSWERb. Detection

The risk of an IS auditor certifying existence of proper system and procedures
without using an inadequate test procedure is an example of:

a. internet risk
b. control risk

,c. detection risk
d. audit risk - ANSWERc. Detection risk

Overall business risk for a particular threat can be expressed as:

a. a product of the probability. and impact
b. probability of occurrence
c. magnitude of impact
d. assumption of the risk assessment team - ANSWERa. a product of the probability.
and impact

An IS auditor is evaluating management's risk assessment of information systems.
The IS auditor should FIRST review:

a. the controls already in place
b. the effectiveness of the controls in place
c. mechanism for monitoring the risks related to the assets
d. the threats/vulnerabilities affecting the assets - ANSWERd. the
threats/vulnerabilities affecting the assets

IS auditor identified certain threats and vulnerabilities in a business process. Next,
an IS auditor should:

a. identify stakeholder for that business process
b. identifies information. assets and the underlying systems
c. discloses the threats and impacts to management
d. identifies and evaluates the existing controls - ANSWERd. identifies and evaluates
the existing controls

Major advantaged of risk based approach for audit planning is:

a. Audit planning can be communicated to client in advance
b. Audit activity can be completed within allotted budget
c. use of latest technology for audit activities
d. Appropriate utilisation of resources for high risk areas - ANSWERd. Appropriate
utilisation of resources for high risk areas


An IS auditor is reviewing data centre security review. Which of the following steps
would an IS auditor normally perform FIRST:

a. evaluate physical access controls
b. determine the risks/threats to the data centre site
c. review screening process for hiring security staff
d. evaluate logical access control - ANSWERb. determine the risks/threats to the
data centre site

Risk Assessment approach is more suitable when determining the appropriate level
of protection for an information asset because it ensures:

,a. all information assets are protected
b. a basic level of protection is applied regardless of assets value
c. appropriate levels of protection are applied to information assets
d. only most sensitive information assets are protected - ANSWERc. appropriate
levels of protection are applied to information assets

In a risk-based audit approach, an IS auditor should FIRST complete a(n):

a. inherent risk assessment
b. control risk assessment
c. test of control assessment
d. substantive test assessment - ANSWERa. inherent risk assessment

In planning an audit, the MOST critical step is the identification of the:

a. areas of high risk
b. skill sets of the audit staff
c. test steps in the audit
d. time allotted for the audit - ANSWERa. areas of high risk

Risk assessment process is:

a. subjective
b. objective
c. mathematical
d. statistical - ANSWERa. subjective

The result of risk management process is used for:

a. forecasting profit
b. post implementation review
c. designing controls
d. user acceptance testing - ANSWERc. designing controls

Managing the risk up to acceptable level is tithe responsibility of:

a. risk management team
b. senior business management
c. the chief information officer
d. the chief security officer - ANSWERb. senior business management

Evaluation of IT risks can be done by:

a. finding threats/vulnerabilities associated with current IT assets
b. trend analysis on the basis of past year losses
c. industry benchmark
d. reviewing IT control weaknesses identified in audit reports - ANSWERa. finding
threats/vulnerabilities associated with current IT assets

, An IS auditor is reviewing payroll application. He identified some vulnerability in the
system. What would be the next task?

a. Report the vulnerabilities to the management immediately
b. examine application development process
c. identify threats and likelihood of occurrence
d. recommend for new application - ANSWERc. identify threats and likelihood of
occurrence

Absence of proper security measures represents a (n):

a. threat
b. asset
c. impact
d. vulnerability - ANSWERd. vulnerability

IS auditor is developing a risk management program, the FIRST activity to be
performed is a(n):

a. vulnerability assessment
b. evaluation of control
c. identification of assets
d. gap analysis - ANSWERc. identification of assets

Benefit of development of organizational policies buy bottom-up approach is that
they:

a. covers whole organization
b. is derived as a result of risk assessment
c. will be in line with overall corporate policy
d. ensures consistency across the organization - ANSWERb. is derived as a result of
risk assessment

Risk can be mitigated by:

a. implementing controls
b. insurance
d. audit and certification
d. contracts and service level agreements (SLAs) - ANSWERa. implementing
controls (security and control practices)

Most important factor while evaluating controls is to ensure that the controls:

a. addresses the risk
b. does not reduce productivity
c. is less costly than risk
d. is automotive - ANSWERa. addresses the risk

The susceptibility of a business or process to make an error that is material in
nature, assuming there were no internal controls:

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller papersbyjol. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $14.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75323 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$14.99
  • (0)
  Add to cart