CISA Study Guide Questions and Answers 100% Verified.
8 views 0 purchase
Course
CISA
Institution
CISA
CISA Study Guide Questions and Answers
100% Verified.
Most important step in risk analysis is to identify
a. Competitors
b. controls
c. vulnerabilities
d. liabilities - answerc. vulnerabilities
In a risk based audit planning, an IS auditor's first step is to identify:
a. responsibilities of...
CISA Study Guide Questions and Answers
100% Verified.
Most important step in risk analysis is to identify
a. Competitors
b. controls
c. vulnerabilities
d. liabilities - answer✔✔c. vulnerabilities
In a risk based audit planning, an IS auditor's first step is to identify:
a. responsibilities of stakeholders
b. high-risk areas within the organization
c. cost centre
d. profit centre - answer✔✔b. high-risk areas within the organization
When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to
ensure that:
a. segregation of duties to mitigate risks is in place
b. all the relevant vulnerabilities and threats are identified
c. regularity compliance is adhered to
d. business is profitable - answer✔✔b. all the relevant vulnerabilities and threats are identified
IS auditor identified certain threats and vulnerabilities in a business process. Next, an IS auditor
should:
a. identify stakeholder for that business process
b. identifies information. assets and the underlying systems
c. discloses the threats and impacts to management
d. identifies and evaluates the existing controls - answer✔✔d. identifies and evaluates the
existing controls
Major advantaged of risk based approach for audit planning is:
a. Audit planning can be communicated to client in advance
b. Audit activity can be completed within allotted budget
c. use of latest technology for audit activities
d. Appropriate utilisation of resources for high risk areas - answer✔✔d. Appropriate utilisation
of resources for high risk areas
While determining the appropriate level of protection for an information asset an IS auditor
should primarily focus on:
a. Criticality of information assets
b. cost of information assets
c. Owner of information asset
d. result of vulnerability assessment - answer✔✔a. Criticality of information assets
The decisions and actions of an IS auditor are MOST likely to affect which of the following
risks?
d. Business - answer✔✔b. Detection
The risk of an IS auditor certifying existence of proper system and procedures without using an
inadequate test procedure is an example of:
a. internet risk
b. control risk
c. detection risk
d. audit risk - answer✔✔c. Detection risk
Overall business risk for a particular threat can be expressed as:
a. a product of the probability. and impact
b. probability of occurrence
c. magnitude of impact
d. assumption of the risk assessment team - answer✔✔a. a product of the probability. and impact
An IS auditor is evaluating management's risk assessment of information systems. The IS auditor
should FIRST review:
a. the controls already in place
b. the effectiveness of the controls in place
c. mechanism for monitoring the risks related to the assets
d. the threats/vulnerabilities affecting the assets - answer✔✔d. the threats/vulnerabilities
affecting the assets
An IS auditor is reviewing data centre security review. Which of the following steps would an IS
auditor normally perform FIRST:
a. evaluate physical access controls
b. determine the risks/threats to the data centre site
c. review screening process for hiring security staff
d. evaluate logical access control - answer✔✔b. determine the risks/threats to the data centre site
Risk Assessment approach is more suitable when determining the appropriate level of protection
for an information asset because it ensures:
a. all information assets are protected
b. a basic level of protection is applied regardless of assets value
c. appropriate levels of protection are applied to information assets
d. only most sensitive information assets are protected - answer✔✔c. appropriate levels of
protection are applied to information assets
In a risk-based audit approach, an IS auditor should FIRST complete a(n):
a. inherent risk assessment
b. control risk assessment
c. test of control assessment
d. substantive test assessment - answer✔✔a. inherent risk assessment
In planning an audit, the MOST critical step is the identification of the:
a. areas of high risk
b. skill sets of the audit staff
c. test steps in the audit
d. time allotted for the audit - answer✔✔a. areas of high risk
Risk assessment process is:
a. subjective
b. objective
c. mathematical
d. statistical - answer✔✔a. subjective
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
