Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 80

  1. Which of the following is the GREATEST benefit of utilizing data analytics?

    • Improved communication with management due to more confidence with data results
    • Higher-quality audit evidence due to more representative audit sampling
    • Better risk assessments due to the identification of anomalies and trends
    • Expedient audit planning due to early identification of problem areas and incomplete data
  2. Which of the following is MOST appropriate for measuring a batch processing application’s system performance over time?

    • Throughput
    • Idle time
    • System utilization
    • Uptime
  3. Regression testing should be used during a system development project to ensure that:

    • errors have not been introduced to the system during modification.
    • the test plan is based on an analysis of the impact of past testing.
    • system testing will address high-probability errors.
    • the results of testing are statistically valid.
  4. During an operational audit of a biometric system used to control physical access, which of the following should be of GREATEST concern to an IS auditor?

    • False positives
    • Lack of biometric training
    • User acceptance of biometrics
    • False negatives
  5. Which of the following is the BEST indication that an information security program is aligned with organizational objectives?

    • The information security steering committee sets organizational security priorities.
    • Senior management conducts regular reviews of information security policies.
    • Information security processes are in place throughout the system development life cycle (SDLC).
    • Risk is managed to within organizational tolerances.
  6. Which of the following is the MOST effective accuracy control for entry of a valid numeric part number?

    • Hash totals
    • Comparison to historical order pattern
    • Self-checking digit
    • Online review of description
  7. An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system. End users indicated concerns with the accuracy of critical automatic calculations made by the system. The auditor’s FIRST course of action should be to:

    • verify completeness of user acceptance testing (UAT).
    • verify results to determine validity of user concerns.
    • review initial business requirements.
    • review recent changes to the system
  8. Which of the following is the GREATEST concern associated with a high number of IT policy exceptions approved by management?

    • The exceptions may result in noncompliance.
    • The exceptions may negatively impact process efficiency.
    • The exceptions are likely to continue indefinitely.
    • The exceptions may elevate the level of operational risk.
  9. The use of which of the following would BEST enhance a process improvement program?

    • Project management methodologies
    • Capability maturity models
    • Balanced scorecard
    • Model-based design notations
  10. An organization maintains an inventory of the IT applications used by its staff. Which of the following would pose the GREATEST concern with regard to the quality of the inventory data?

    • Inventory data is available on and downloadable from the corporate intranet.
    • The application owner and contact information fields are not required to be completed.
    • The inventory does not contain a formal risk ranking for all the IT applications.
    • The organization has not established a formal recertification process for the inventory data.
  11. Of the following, who are the MOST appropriate staff for ensuring the alignment of user authorization tables with approved authorization forms?

    • IT managers
    • System owners
    • Database administrators (DBAs)
    • Security administrators
  12. Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?

    • Transaction log review
    • User awareness training
    • Mandatory holidays
    • Background check
  13. Which of the following encryption methods offers the BEST wireless security?

    • Wired equivalent privacy (WEP)
    • Secure Sockets Layer (SSL)
    • Data encryption standard (DES)
    • Wi-Fi Protected Access 2 (WPA2)
  14. Which of the following is the BEST way to mitigate the risk associated with technology obsolescence?

    • Make provisions in the budgets for potential upgrades
    • Create a technology watch team that evaluates emerging trends
    • Invest in current technology
    • Create tactical and strategic IS plans
  15. Which of the following is the GREATEST risk associated with conducting penetration testing on a business-critical application production environment?

    • Data integrity may become compromised
    • This type of testing may not adhere to audit standards
    • System owners may not be informed in advance
    • Results may differ from those obtained in the test environment
  16. An organization is disposing of a system containing sensitive data and has deleted all files from the disk. An IS auditor should be concerned because:

    • deleted data cannot easily be retrieved.
    • deleting the files logically does not overwrite the files’ physical data.
    • backup copies of files were not deleted as well.
    • deleting all files separately is not as efficient as formatting the hard disk.
  17. Batch processes running in multiple countries are merged to one batch job to be executed in a single data center. Which of the following is the GREATEST concern with this approach?

    • The job execution approval process at the regional level may be compromised
    • The knowledge base maintained by current staff may be lost
    • Change management may become highly complex after job integration
    • Restart of the batch job after disruption may impair the integrity of databases
  18. Which of the following is the MAJOR advantage of automating internal controls?

    • To help identify transactions with no segregation of duties
    • To enable the review of large value transactions
    • To efficiently test large volumes of data
    • To assist in performing analytical reviews
  19. A data breach has occurred due to malware. Which of the following should be the FIRST course of action?

    • Notify customers of the breach
    • Notify the cyber insurance company
    • Shut down the affected systems
    • Quarantine the impacted systems
  20. An IS audit found that malware entered the organization through a spreadsheet macro, and the auditor recommended that spreadsheet macros be disabled. All macros were disabled except those needed by the finance team for reporting purposes. Which of the following is the auditor’s BEST course of action?

    • Close the recommendation, as most of the risk has been mitigated
    • Advise management to disable the spreadsheet macros for the finance users
    • Recommend alternate reporting methods that do not use spreadsheet macros
    • Escalate the issue to the audit committee