practice questions - cisa area 1

8/19/2019 Practice Questions - CISA Area 1

http://slidepdf.com/reader/full/practice-questions-cisa-area-1 1/4

CISA Practice Questions – Chapter/Area 1

AREA 1

1. Which of the following BEST describes an integrated test facility?

A. A technique that enables the IS auditor to test a com uter a lication for the ur ose of !erifyingcorrect rocessing

B. The utili"ation of hardware and#or software to re!iew and test the functioning a com uter system

$. A method of using s ecial rogramming o tions to ermit the rintout of the ath through acom uter rogram ta%en to rocess a s ecific transaction

&. A rocedure for tagging and e'tending transactions and master records that are used by an ISauditor for tests

(. Which of the following rocesses describes ris% assessment? )is% assessment is*

A. sub+ecti!e.

B. ob+ecti!e.

$. mathematical.&. statistical.

,. Which of the following is an ad!antage of an integrated test facility -IT /?

A. It uses actual master files or dummies and the IS auditor does not ha!e to re!iew the source ofthe transaction.

B. 0eriodic testing does not require se arate test rocesses.

$. It !alidates a lication systems and tests the ongoing o eration of the system.

&. It eliminates the need to re are test data.

. The use of statistical sam ling rocedures hel s minimi"e*

A. sam ling ris%.

B. detection ris%.

$. inherent ris%.

&. control ris%.

2. &uring an im lementation re!iew of a multiuser distributed a lication3 the IS auditor finds minorwea%nesses in three areas4the initial setting of arameters is im ro erly installed3 wea% asswordsare being used and some !ital re orts are not being chec%ed ro erly. While re aring the audit

re ort3 the IS auditor should* A. record the obser!ations se arately with the im act of each of them mar%ed against each

res ecti!e finding.

B. ad!ise the manager of robable ris%s without recording the obser!ations3 as the controlwea%nesses are minor ones.

$. record the obser!ations and the ris% arising from the collecti!e wea%nesses.

&. a rise the de artmental heads concerned with each obser!ation and ro erly document it in there ort.




5. An IS auditor is e!aluating a cor orate networ% for a ossible enetration by em loyees. Which of thefollowing findings should gi!e the IS auditor the 6)EATEST concern?

A. There are a number of e'ternal modems connected to the networ%.

B. 7sers can install software on their des%to s.

$. 8etwor% monitoring is !ery limited.

&. 9any user ids ha!e identical asswords.

:. Which of the following is the 9;ST li%ely reason why e4mail systems ha!e become a useful source of e!idence for litigation?

A. 9ulti le cycles of bac%u files remain a!ailable.

B. Access controls establish accountability for e4mail acti!ity.

$. &ata classification regulates what information should be communicated !ia e4mail.&. Within the enter rise3 a clear olicy for using e4mail ensures that e!idence is a!ailable.

<. An IS auditor disco!ers e!idence of fraud er etrated with a manager=s user id. The manager hadwritten the assword3 allocated by the system administrator3 inside his#her des% drawer. The ISauditor should conclude that the*

A. manager=s assistant er etrated the fraud.

B. er etrator cannot be established beyond doubt.

$. fraud must ha!e been er etrated by the manager.

&. system administrator er etrated the fraud.

>. While conducting an audit3 an IS auditor detects the resence of a !irus. What should be the ISauditor=s ne't ste ?

A. ;bser!e the res onse mechanism.

B. $lear the !irus from the networ%.

$. Inform a ro riate ersonnel immediately.

&. Ensure deletion of the !irus.

1 . The ris% of an IS auditor using an inadequate test rocedure and concluding that material errors donot e'ist when3 in fact3 they do is an e'am le of*

A. inherent ris%.

B. control ris%.

$. detection ris%.

&. audit ris%.




11. The res onsibility3 authority and accountability of the IS audit function is a ro riately documented inan audit charter and 97ST be*

A. a ro!ed by the highest le!el of management.B. a ro!ed by audit de artment management.

$. a ro!ed by user de artment management.

&. changed e!ery year before commencement of IS audits.

1(. The e'tent to which data will be collected during an IS audit should be determined based on the*

A. a!ailability of critical and required information.

B. auditor=s familiarity with the circumstances.

$. auditee=s ability to find rele!ant e!idence.&. ur ose and sco e of the audit being done.

1,. )e!iewing management=s long4term strategic lans hel s the IS auditor*

A. gain an understanding of an organi"ation=s goals and ob+ecti!es.

B. test the enter rise=s internal controls.

$. assess the organi"ation=s reliance on information systems.

&. determine the number of audit resources needed.

1 . When assessing the design of networ% monitoring controls3 an IS auditor should I)ST re!iewnetwor%*

A. to ology diagrams.

B. bandwidth usage.

$. traffic analysis re orts.

&. bottlenec% locations.

12. In a ris%4based audit a roach3 an IS auditor should I)ST com lete a-n/* A. inherent ris% assessment.

B. control ris% assessment.

$. test of control assessment.

&. substanti!e test assessment.




15. The IS de artment of an organi"ation wants to ensure that the com uter files used in the informationrocessing facility are adequately bac%ed u to allow for ro er reco!ery. This is a-n/*

A. control rocedure.

B. control ob+ecti!e.

$. correcti!e control.&. o erational control.

1:. Senior management has requested that an IS auditor assist the de artmental management in theim lementation of necessary controls. The IS auditor should*

A. refuse the assignment since it is not the role of the IS auditor.

B. inform management of his#her inability to conduct future audits.

$. erform the assignment and future audits with due rofessional care.

&. obtain the a ro!al of user management to erform the im lementation and follow4u .

1<. Which of the following normally would be the 9;ST reliable e!idence for an auditor?

A. A confirmation letter recei!ed from a third arty !erifying an account balance

B. Assurance from line management that an a lication is wor%ing as designed

$. Trend data obtained from World Wide Web -Internet/ sources

&. )atio analysis de!elo ed by the IS auditor from re orts su lied by line management

1>. Which audit technique ro!ides the BEST e!idence of the segregation of duties in an IS de artment? A. &iscussion with management

B. )e!iew of the organi"ation chart

$. ;bser!ation and inter!iews

&. Testing of user access rights

( . In cases where there is disagreement3 during an e'it inter!iew3 regarding the im act of a finding3 theIS auditor should*

A. as% the auditee to sign a release form acce ting full legal res onsibility.

B. elaborate on the significance of the finding and the ris%s of not correcting it.

$. re ort the disagreement to the audit committee for resolution.

&. acce t the auditee=s osition since they are the rocess owners.

practice questions - cisa area 1

Documents