©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
CISA Practise Question Database 2024-2025
with 100% Correct Answers
The PRIMARY advantage of a continuous audit approach is that it:
Select an answer:
A. does not require an IS auditor to collect evidence on system reliability while
processing is taking place.
B. requires the IS auditor to review and follow up immediately on all information
collected.
C. can improve system security when used in time-sharing environments that
process a large number of transactions.
D. does not depend on the complexity of an organization's computer systems. -
Answer✔️✔️-1.1. The correct answer is C.
The use of continuous auditing techniques can improve system security when used
in time-sharing environments that process a large number of transactions, but leave
a scarce paper trail. Choice A is incorrect since the continuous audit approach often
does require an IS auditor to collect evidence on system reliability while
1
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
processing is taking place. Choice B is incorrect since an IS auditor normally
would review and follow up only on material deficiencies or errors detected.
Choice D is incorrect since the use of continuous audit techniques depends on the
complexity of an organization's computer systems.;Which of the following ensures
the availability of transactions in the event of a disaster?
Select an answer:
A. Send tapes hourly containing transactions offsite.
B. Send tapes daily containing transactions offsite.
C. Capture transactions to multiple storage devices.
D. Transmit transactions offsite in real time. - Answer✔️✔️-4.10. The correct answer
is D.
The only way to ensure availability of all transactions is to perform a real-time
transmission to an offsite facility. Choices A and B are not in real time and,
therefore, would not include all the transactions. Choice C does not ensure
availability at an offsite location.;An organization has outsourced its help desk
function. Which of the following indicators would be the BEST to include in the
service level agreement (SLA)?
Select an answer:
2
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
A. Overall number of users supported
B. Percentage of incidents solved in the first call
C. Number of incidents reported to the help desk
D. Number of agents answering the phones - Answer✔️✔️-4.2. You are correct, the
answer is B.
Since it is about service level (performance) indicators, the percentage of incidents
solved on the first call is the only option that is relevant. Choices A, C and D are
not quality measures of the help desk service.;Which of the following will MOST
successfully identify overlapping key controls in business application systems?
Select an answer:
A. Reviewing system functionalities that are attached to complex business
processes
B. Submitting test transactions through an integrated test facility (ITF)
C. Replacing manual monitoring with an automated auditing solution
D. Testing controls to validate that they are effective - Answer✔️✔️-The correct
answer is C.
3
, ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
As part of the effort to realize continuous audit management (CAM), there are
cases for introducing an automated monitoring and auditing solution. All key
controls need to be clearly aligned for systematic implementation; thus, analysts
have the opportunity to come across unnecessary or overlapping key controls in
existing systems. In general, highly complex business processes may have more
key controls than business areas with less complexity; however, finding, with
certainty, unnecessary controls in complex areas is not always possible. If a well-
thought-out key control structure has been established from the beginning, finding
any overlap in control will not be possible. An ITF is an audit technique to test the
accuracy of the processes in the application system. It may find control flaws in the
application system, but it would be difficult to find the overlap in key controls. By
testing controls to validate whether they are effective, the IS auditor can identify
whether there are overlapping controls; however, the process of implementing an
automated auditing solution would better identify overlapping controls.;Overall
business risk for a particular threat can be expressed as:
Select an answer:
A. a product of the likelihood and magnitude of the impact should a threat
successfully exploit a vulnerability.
4
CISA Practise Question Database 2024-2025
with 100% Correct Answers
The PRIMARY advantage of a continuous audit approach is that it:
Select an answer:
A. does not require an IS auditor to collect evidence on system reliability while
processing is taking place.
B. requires the IS auditor to review and follow up immediately on all information
collected.
C. can improve system security when used in time-sharing environments that
process a large number of transactions.
D. does not depend on the complexity of an organization's computer systems. -
Answer✔️✔️-1.1. The correct answer is C.
The use of continuous auditing techniques can improve system security when used
in time-sharing environments that process a large number of transactions, but leave
a scarce paper trail. Choice A is incorrect since the continuous audit approach often
does require an IS auditor to collect evidence on system reliability while
1
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
processing is taking place. Choice B is incorrect since an IS auditor normally
would review and follow up only on material deficiencies or errors detected.
Choice D is incorrect since the use of continuous audit techniques depends on the
complexity of an organization's computer systems.;Which of the following ensures
the availability of transactions in the event of a disaster?
Select an answer:
A. Send tapes hourly containing transactions offsite.
B. Send tapes daily containing transactions offsite.
C. Capture transactions to multiple storage devices.
D. Transmit transactions offsite in real time. - Answer✔️✔️-4.10. The correct answer
is D.
The only way to ensure availability of all transactions is to perform a real-time
transmission to an offsite facility. Choices A and B are not in real time and,
therefore, would not include all the transactions. Choice C does not ensure
availability at an offsite location.;An organization has outsourced its help desk
function. Which of the following indicators would be the BEST to include in the
service level agreement (SLA)?
Select an answer:
2
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
A. Overall number of users supported
B. Percentage of incidents solved in the first call
C. Number of incidents reported to the help desk
D. Number of agents answering the phones - Answer✔️✔️-4.2. You are correct, the
answer is B.
Since it is about service level (performance) indicators, the percentage of incidents
solved on the first call is the only option that is relevant. Choices A, C and D are
not quality measures of the help desk service.;Which of the following will MOST
successfully identify overlapping key controls in business application systems?
Select an answer:
A. Reviewing system functionalities that are attached to complex business
processes
B. Submitting test transactions through an integrated test facility (ITF)
C. Replacing manual monitoring with an automated auditing solution
D. Testing controls to validate that they are effective - Answer✔️✔️-The correct
answer is C.
3
, ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
As part of the effort to realize continuous audit management (CAM), there are
cases for introducing an automated monitoring and auditing solution. All key
controls need to be clearly aligned for systematic implementation; thus, analysts
have the opportunity to come across unnecessary or overlapping key controls in
existing systems. In general, highly complex business processes may have more
key controls than business areas with less complexity; however, finding, with
certainty, unnecessary controls in complex areas is not always possible. If a well-
thought-out key control structure has been established from the beginning, finding
any overlap in control will not be possible. An ITF is an audit technique to test the
accuracy of the processes in the application system. It may find control flaws in the
application system, but it would be difficult to find the overlap in key controls. By
testing controls to validate whether they are effective, the IS auditor can identify
whether there are overlapping controls; however, the process of implementing an
automated auditing solution would better identify overlapping controls.;Overall
business risk for a particular threat can be expressed as:
Select an answer:
A. a product of the likelihood and magnitude of the impact should a threat
successfully exploit a vulnerability.
4
