ANS

ISACA CISM

Huawei

Palo Alto

Aruba

Juniper

Comptia

Fortinet

Microsoft

F5

GCIH

Oracle

Itil-v4

CWNA

Opengroup

SPOTO has various certified exam dumps that cover all real exam answers and questions. The CISA exam demo is a real exam question. If you are willing to prepare for the certified, and you can contact us. Besides, you can take the exam at home, so don’t worry about the bad COVID-19. Studying is a continued progress.

30. Which of the following is a substantive test?

A. Reviewing compliance with firewall policy.

B. Reviewing adherence to change management policy.

C. Using a statistical sample to inventory the tape library

D. Reviewing password history reports

31. The major difference between compliance testing and substantive testing is that compliance testing tests:

A. details, while substantive testing tests controls.

B. controls, while substantive testing tests details.

C. financial statements, while substantive testing tests items in the trial balance.

D. internal requirements, while substantive testing tests internal controls.

32. When an IS auditor performs a test to ensure that only active users have access to the IS auditor is performing a:

A. compliance test.

B. substantive test.

C. statistical sample.

D. Judgment Sampling.

33. IS auditors are MOST likely to reduce substantive test procedure if after compliance test they conclude that:

A. a substantive test would be too costly.

B. the control environment is poor.

C. inherent risk is low.

D. control risks are within acceptable limits.

34. Which of the following is a substantive audit test?

A. Verifying that a management check has been performed regularly

B. Observing that user IDs and passwords are required to sign on the computer

C. Reviewing reports listing short shipments of goods received

D. Reviewing an aged trial balance of accounts receivable

35. The objective of compliance tests is to ensure:

A. controls are implemented as prescribed.

B. documentation is complete.

C. access to users is provided as specified.

D. data validation procedures are provided.

36. An IS auditor is using a statistical sample to inventory the tape library. What type of test would this be considered?

A. Substantive

B. Compliance

C. Integrated

D. Continuous audit

37. Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

A. A substantive test of program library controls

B. A compliance test of program library controls

C. A compliance test of the program compiler controls

D. A substantive test of the program compiler controls

38. Evidence gathering to evaluate the integrity of individual transactions, data or other information is typical of which of the following?

A. Substantive testing

B. Compliance testing

C. Detection testing

D. Control testing

39. An audit charter should state management’s objectives for and delegation of authority to IS audit and MUST be:

A. approved by the top management.

B. approved by Chief Audit Officer.

C. approved by IS department.

D. approved by IT steering committee.

40. The audit charter should be approved by the highest level of management and should:

A. be updated often to upgrade with the changing nature of technology and the audit profession.

B. include audit calendar along with resource allocation.

C. include plan of action in case of disruption of business services.

D. outlines the overall authority, scope and responsibilities of the audit function.

41. Primary purpose of an audit charter is to:

A. describe audit procedure.

B. define resource requirement for audit department.

C. prescribe the code of ethics used by the auditor

D.to prescribe authority and responsibilities of audit department.

42. The document used by the top management of organizations to delegate authority to the IS audit function is the:

A. audit calendar.            

B. audit charter.

C. risks register.

D.audit compendium.

43. An IS auditor reviews an organization chart PRIMARILY for:

A. getting information about data-flow.

B. to assess number of employees in each department.

C. understanding the responsibilities and authority of individuals.

D. to assess number of laptops/desktops in each department.

44. In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced PRIMARILY by:

A. the audit charter.

B. management’s representation.

C. organizational structure

D. no. of outsourcing contracts.

45. The result of risk management process is used for making:

A. business strategy  plans.

B. audit charters.

C. security policy decisions.

D. decisions related to outsourcing.

Please follow and like us:
Last modified: April 2, 2024

Author

Comments

Write a Reply or Comment

Your email address will not be published.