practice questions - cisa area 1
TRANSCRIPT
8/19/2019 Practice Questions - CISA Area 1
http://slidepdf.com/reader/full/practice-questions-cisa-area-1 1/4
CISA Practice Questions – Chapter/Area 1
AREA 1
1. Which of the following BEST describes an integrated test facility?
A. A technique that enables the IS auditor to test a com uter a lication for the ur ose of !erifyingcorrect rocessing
B. The utili"ation of hardware and#or software to re!iew and test the functioning a com uter system
$. A method of using s ecial rogramming o tions to ermit the rintout of the ath through acom uter rogram ta%en to rocess a s ecific transaction
&. A rocedure for tagging and e'tending transactions and master records that are used by an ISauditor for tests
(. Which of the following rocesses describes ris% assessment? )is% assessment is*
A. sub+ecti!e.
B. ob+ecti!e.
$. mathematical.&. statistical.
,. Which of the following is an ad!antage of an integrated test facility -IT /?
A. It uses actual master files or dummies and the IS auditor does not ha!e to re!iew the source ofthe transaction.
B. 0eriodic testing does not require se arate test rocesses.
$. It !alidates a lication systems and tests the ongoing o eration of the system.
&. It eliminates the need to re are test data.
. The use of statistical sam ling rocedures hel s minimi"e*
A. sam ling ris%.
B. detection ris%.
$. inherent ris%.
&. control ris%.
2. &uring an im lementation re!iew of a multiuser distributed a lication3 the IS auditor finds minorwea%nesses in three areas4the initial setting of arameters is im ro erly installed3 wea% asswordsare being used and some !ital re orts are not being chec%ed ro erly. While re aring the audit
re ort3 the IS auditor should* A. record the obser!ations se arately with the im act of each of them mar%ed against each
res ecti!e finding.
B. ad!ise the manager of robable ris%s without recording the obser!ations3 as the controlwea%nesses are minor ones.
$. record the obser!ations and the ris% arising from the collecti!e wea%nesses.
&. a rise the de artmental heads concerned with each obser!ation and ro erly document it in there ort.
8/19/2019 Practice Questions - CISA Area 1
http://slidepdf.com/reader/full/practice-questions-cisa-area-1 2/4
CISA Practice Questions – Chapter/Area 1
5. An IS auditor is e!aluating a cor orate networ% for a ossible enetration by em loyees. Which of thefollowing findings should gi!e the IS auditor the 6)EATEST concern?
A. There are a number of e'ternal modems connected to the networ%.
B. 7sers can install software on their des%to s.
$. 8etwor% monitoring is !ery limited.
&. 9any user ids ha!e identical asswords.
:. Which of the following is the 9;ST li%ely reason why e4mail systems ha!e become a useful source of e!idence for litigation?
A. 9ulti le cycles of bac%u files remain a!ailable.
B. Access controls establish accountability for e4mail acti!ity.
$. &ata classification regulates what information should be communicated !ia e4mail.&. Within the enter rise3 a clear olicy for using e4mail ensures that e!idence is a!ailable.
<. An IS auditor disco!ers e!idence of fraud er etrated with a manager=s user id. The manager hadwritten the assword3 allocated by the system administrator3 inside his#her des% drawer. The ISauditor should conclude that the*
A. manager=s assistant er etrated the fraud.
B. er etrator cannot be established beyond doubt.
$. fraud must ha!e been er etrated by the manager.
&. system administrator er etrated the fraud.
>. While conducting an audit3 an IS auditor detects the resence of a !irus. What should be the ISauditor=s ne't ste ?
A. ;bser!e the res onse mechanism.
B. $lear the !irus from the networ%.
$. Inform a ro riate ersonnel immediately.
&. Ensure deletion of the !irus.
1 . The ris% of an IS auditor using an inadequate test rocedure and concluding that material errors donot e'ist when3 in fact3 they do is an e'am le of*
A. inherent ris%.
B. control ris%.
$. detection ris%.
&. audit ris%.
8/19/2019 Practice Questions - CISA Area 1
http://slidepdf.com/reader/full/practice-questions-cisa-area-1 3/4
CISA Practice Questions – Chapter/Area 1
11. The res onsibility3 authority and accountability of the IS audit function is a ro riately documented inan audit charter and 97ST be*
A. a ro!ed by the highest le!el of management.B. a ro!ed by audit de artment management.
$. a ro!ed by user de artment management.
&. changed e!ery year before commencement of IS audits.
1(. The e'tent to which data will be collected during an IS audit should be determined based on the*
A. a!ailability of critical and required information.
B. auditor=s familiarity with the circumstances.
$. auditee=s ability to find rele!ant e!idence.&. ur ose and sco e of the audit being done.
1,. )e!iewing management=s long4term strategic lans hel s the IS auditor*
A. gain an understanding of an organi"ation=s goals and ob+ecti!es.
B. test the enter rise=s internal controls.
$. assess the organi"ation=s reliance on information systems.
&. determine the number of audit resources needed.
1 . When assessing the design of networ% monitoring controls3 an IS auditor should I)ST re!iewnetwor%*
A. to ology diagrams.
B. bandwidth usage.
$. traffic analysis re orts.
&. bottlenec% locations.
12. In a ris%4based audit a roach3 an IS auditor should I)ST com lete a-n/* A. inherent ris% assessment.
B. control ris% assessment.
$. test of control assessment.
&. substanti!e test assessment.
8/19/2019 Practice Questions - CISA Area 1
http://slidepdf.com/reader/full/practice-questions-cisa-area-1 4/4
CISA Practice Questions – Chapter/Area 1
15. The IS de artment of an organi"ation wants to ensure that the com uter files used in the informationrocessing facility are adequately bac%ed u to allow for ro er reco!ery. This is a-n/*
A. control rocedure.
B. control ob+ecti!e.
$. correcti!e control.&. o erational control.
1:. Senior management has requested that an IS auditor assist the de artmental management in theim lementation of necessary controls. The IS auditor should*
A. refuse the assignment since it is not the role of the IS auditor.
B. inform management of his#her inability to conduct future audits.
$. erform the assignment and future audits with due rofessional care.
&. obtain the a ro!al of user management to erform the im lementation and follow4u .
1<. Which of the following normally would be the 9;ST reliable e!idence for an auditor?
A. A confirmation letter recei!ed from a third arty !erifying an account balance
B. Assurance from line management that an a lication is wor%ing as designed
$. Trend data obtained from World Wide Web -Internet/ sources
&. )atio analysis de!elo ed by the IS auditor from re orts su lied by line management
1>. Which audit technique ro!ides the BEST e!idence of the segregation of duties in an IS de artment? A. &iscussion with management
B. )e!iew of the organi"ation chart
$. ;bser!ation and inter!iews
&. Testing of user access rights
( . In cases where there is disagreement3 during an e'it inter!iew3 regarding the im act of a finding3 theIS auditor should*
A. as% the auditee to sign a release form acce ting full legal res onsibility.
B. elaborate on the significance of the finding and the ris%s of not correcting it.
$. re ort the disagreement to the audit committee for resolution.
&. acce t the auditee=s osition since they are the rocess owners.