Last Updated on December 12, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 18

  1. Total billing amounts on invoices are automatically transferred to an organization’s account ledger weekly. During an IS audit, the auditor discovers that one week’s billing is missing from the ledger. Which of the following areas should the auditor examine FIRST?

    • Annual reconciliations
    • Change management
    • Batch processing controls 
    • Module access rights
  2. Which of the following should an IS auditor review FIRST when evaluating incident management procedures?

    • Command center monitoring
    • Root cause analysis steps
    • Prioritization criteria
    • Peer review requirements
  3. Which of the following is MOST important for an IS auditor to understand when planning an IS audit?

    • Inherent risk of auditable areas 
    • Management focus on particular operations
    • Number of high-risk auditable processes
    • Availability of IS audit resources
  4. An IS auditor finds ad hoc vulnerability scanning is in place with no clear alignment to the organization’s wider security threat and vulnerability management program. Which of the following would BEST enable the organization to work toward improvement in this area?

    • Outsourcing the threat and vulnerability management function to a third party
    • Implementing security logging to enhance threat and vulnerability management
    • Using a capability maturity model to identify a path to an optimized program
    • Maintaining a catalog of vulnerabilities that may impact mission-critical systems
  5. Which of the following observations should be of concern to an IS auditor in the fieldwork stage of a procurement audit?

    • Requisitions are being processed by the finance team. 
    • The purchase requester receives notifications of goods delivery.
    • Purchase commitments are made prior to requisitions being approved.
    • Requisitions are being facilitated by a third-party procurement service.
  6. An audit of a database management system found the audit log was not restarted following maintenance. Which of the following is the GREATEST concern to the IS auditor?

    • Changes by the database administrators will not be logged. 
    • The database optimization will be compromised.
    • The database triggers and pointers will not be optimized.
    • Changes by application users will not be logged.
  7. An IS auditor is reviewing an organization’s method to transport sensitive data between offices. Which of the following would cause the auditor MOST concern?

    • The method relies exclusively on the use of digital signatures.
    • The method relies exclusively on the use of asymmetric encryption algorithms.
    • The method relies exclusively on the use of public key infrastructure.
    • The method relies exclusively on the use of symmetric encryption algorithms.
  8. During an integrated audit at a retail bank, an IS auditor is evaluating whether monthly service fees are appropriately charged for business accounts and waived for individual consumer accounts. Which of the following test approaches would utilize data analytics to facilitate the testing?

    • Attempt to charge a monthly service fee to an individual consumer account.
    • Evaluate whether user acceptance testing plans were designed and executed appropriately.
    • Review customer accounts over the last year to determine whether appropriate charges were applied. 
    • Compare the system configuration settings with the business requirements document.
  9. An organization migrated most of its physical servers to virtual ones in its own data center. Which of the following should be of GREATEST concern to an IS auditor reviewing the virtual environment?

    • Hypervisor access control lists are outdated.
    • The configuration management database (CMDB) does not include all virtual machines.
    • Hypervisors have not been updated with the most recent patches.
    • Virtual machine deployments are done without following an approved template.
  10. An audit group is conducting a risk assessment as part of a risk-based audit strategy. To help ensure the risk assessment results are relevant to the organization, it is MOST important to:

    • understand the organization’s objectives and risk appetite. 
    • include operational departments and processes.
    • determine both the inherent risk and detection risk.
    • understand the organization’s controls.
  11. Which of the following auditing techniques would be used to detect the validity of a credit card transaction based on time, location, and date of purchase?

    • Benford’s analysis 
    • Gap analysis
    • Stratified sampling
    • Data mining
  12. Which of the following activities should an IS auditor perform FIRST during an external network security assessment?

    • Exploitation
    • Enumeration 
    • Vulnerability scanning
    • Reconnaissance
  13. An IS auditor observed that most users do not comply with physical access controls. The business manager has explained that the control design is inefficient. What is the auditor’s BEST course of action?

    • Recommend changing the access control process to increase efficiency.
    • Identify the impact of control failure and report the finding with a risk rating. 
    • Redesign and retest the physical access control.
    • Work with management to design and implement a better control.
  14. During a follow-up audit for a finding related to change management, an IS auditor notes that one of the changes sampled was an emergency change, which follows a different process. Which of the following is the auditor’s BEST course of action?

    • Mark the sample as not applicable in the workpaper and move or to testing the next sample. 
    • Select a replacement change for testing.
    • Obtain evidence that the change was approved.
    • Note the sample as a deviation and leave the finding open in the audit tracking log.
  15. In a small organization, an IS auditor finds that security administration and system analysis functions are performed by the same employee. Which of the following is the MOST significant finding?

    • The security policy has not been updated to reflect the situation.
    • The employee’s formal job description has not been updated.
    • The employee has not signed the security policy.
    • The employee’s activities are not independently reviewed.
  16. The PRIMARY purpose of an internal audit department’s quality assurance improvement program is to evaluate which of the following?

    • The adequacy and qualifications of internal audit personnel
    • The effectiveness of the internal audit function 
    • The efficiency of internal audit processes
    • The accuracy of prior-year internal audit results
  17. To BEST determine if a project is successfully addressing business requirements while managing the associated risk, which of the following should an IS auditor expect to find at each significant milestone?

    • Comprehensive end user acceptance testing
    • Formal acceptance by appropriate stakeholders 
    • A revised business impact and risk analysis
    • Post-implementation review with affected parties
  18. An IS auditor has performed an agreed-upon procedures engagement for the organization’s IT steering committee. Which of the following would be the MOST important element to include in the report?

    • Complementary user entity controls
    • Management’s representation on the effectiveness of controls
    • Statement that the engagement followed standards
    • An opinion on the effectiveness of controls
  19. An IS auditor notes that several users have not logged into an application for more than one year. Which of the following would be the BEST audit recommendation?

    • Periodically review the information security policy.
    • Update the termination procedures.
    • Periodically review user access.
    • Delete the affected users’ IDs.
  20. A security review focused on data loss prevention (DLP) revealed the organization has no visibility to data stored in the cloud. What is the IS auditor’s BEST recommendation to address this issue?

    • Implement a file system scanner to discover data stored in the cloud.
    • Utilize a DLP tool on desktops to monitor user activities.
    • Employ a cloud access security broker (CASB).
    • Enhance the firewall at the network perimeter.