Cisa stuvia 2024 - Study guides, Class notes & Summaries

In a public key infrastructure (PKI), which of the following may be relied upon to prove that an online transaction was authorized by a specific customer? Correct A. Nonrepudiation B. Encryption C. Authentication D. Integrity . - ANSWERYou are correct, the answer is A. A. Nonrepudiation, achieved through the use of digital signatures, prevents the senders from later denying that they generated and sent the message. B. Encryption may protect the data transmitted ove...

Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions? a. Parity check b. Echo check c. Block sum check d. Cyclic redundancy check - ANSWERd. Cyclic redundancy check An employee loses a mobile device resulting in loss of sensitive corporate data. Which of the following would have BEST prevented data leakage? A. Data encryption on the mobile device B. The triggering of remote data wipe capabilities C. Awareness training fo...

Chapter 1 - ANSWER Source code - ANSWERuncompiled, archive code Object code - ANSWERcompiled code that is distributed and put into production; not able to be read by humans Inherent risk - ANSWERthe risk that an error could occur assuming no compensating control exist Control risk - ANSWERthe risk that an error exists that would not be prevented by internal controls Detection risk - ANSWERthe risk that an error exists, but is not detected. The risk that an IS auditor may use an in...

Most important step in risk analysis is to identify a. Competitors b. controls c. vulnerabilities d. liabilities - ANSWERc. vulnerabilities In a risk based audit planning, an IS auditor's first step is to identify: a. responsibilities of stakeholders b. high-risk areas within the organization c. cost centre d. profit centre - ANSWERb. high-risk areas within the organization When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure ...

Al-l The internal audit department wrote some scripts that are used for continuous auditing of some information systems. The IT department asked for copies of the scripts so that they can use them for setting up a continuous monitoring process on key systems. Does sharing these scripts with IT affect the ability of the IS auditors to independently and objectively audit the IT function? A. Sharing the scripts is not permitted because it gives IT the ability to pre-audit systems and avoid an ac...

IT governance is most concerned with A. Security policy B. IT policy C. IT strategy D. IT executive compensation - ANSWERIT Strategy IT governance is the mechanism through which IT strategy is established, controlled, and monitored through the balanced scorecard. Long-term and other strategic decisions are made in the context of IT governance. One of the advantages of outsourcing is A. It permits the organization to focus on core competencies. B. It results in reduced costs. C. It pr...

When evaluating the collective effect of preventive, detective and corrective controls within a process, an IS auditor should be aware of which of the following? A. The point at which controls are exercised as data flow through the system B. Only preventive and detective controls are relevant C. Corrective controls are regarded as compensating D. Classification allows an IS auditor to determine which controls are missing - ANSWERA. An IS auditor who has discovered unauthorized transaction...

Completing a Risk Analysis. - ANSWERWhat is the most important consideration before implementing a new technology? Indemnity Clause - ANSWERWhat is a clause that holds providers financially liable for violations? Agreed upon performance metrics in the SLA - ANSWERWhat is the best reference for vendor's ability to meet its SLA? Integrated Test Facility (ITF) - ANSWERWhat creates a fictitious entity in the database to process test transactions simultaneously with live input Its adva...

Planning, fieldwork/documentation, and reporting/follow-up - ANSWERMajor phases of the typical audit process Audit Charter - ANSWERAn overarching document that covers the entire scope of audit activities in an entire entity. Engagement Letter - ANSWERMore focused on a particular audit exercise that is sought to be initiated in an organization with a specific objective in mind. Short-Term Planning - ANSWERConsiders audit issues that will be covered during the year. Long-Term Planning ...

Audit Charter - ANSWERa formal document that contains: 1. scope of the audit functions 2. authority of the audit functions 3. responsibility of the audit functions Audit Universe - ANSWERAn inventory of all the functions/processes/units under the organization Qualitative Risk Assessment - ANSWERRisk is assessed using qualitative parameters, such as high, medium, and low Quantitative Risk Assessment - ANSWERRisk is assessed using numerical parameters and is quantified Risk Factors...