Palo Alto












We have 100% real CISA exam questions, and you can test them so that you have a wide understanding of taking the certified exam. If you have any questions, and you can contact us. We have various certified exam now. Our candidates are passing the certified per day. Hope your coming!

get 100% pass spoto dump

Questions and Answers

1. A most important step in a risk analysis is to identify:

A. competitors.

B. controls.

C. vulnerabilities.

D. liabilities.

2. In a risk-based audit planning, an IS auditor’s first step is to identify:

A. responsibilities of stakeholders.

B. high-risk areas within the organization.

C. cost center.

D. profit center.

3. When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:

A. segregation of duties to mitigate risks are in place.

B. all the relevant vulnerabilities and threats are identified.

C. regularity compliance is adhered to.

D. business is profitable.

4. IS Auditor identified certain threats and vulnerabilities in a business process. Next, an IS auditor should:

A. identify stakeholders for that business process.

B. identify information assets and the underlying systems.

C. disclose the threats and impacts of management.

D. identify and evaluate the existing controls.

5. The major advantage of a risk-based approach for audit planning is:

A. Audit planning can be communicated to the client in advance.

B. Audit activity can be completed within the allotted budget.

C. Use of the latest technology for audit activities.

D. Appropriate utilization of resources for high-risk areas.

Latest passing report of CISA Exam from SPOTO

Join SPOTO to Pass CISA Exam in the 1st Try

6. While determining the appropriate level of protection for an information asset an IS auditor should primarily focus on:

A. Criticality of the information asset.

B. Cost of the information asset.

C. Owner of the information asset.

D. Result of vulnerability assessment.

7. The decisions and actions of an IS auditor are MOST likely to affect which of the following risks?


A. Inherent

B. Detection

C. Control

D. Business

8. The risk of an IS auditor certifying the existence of proper system and procedures without using an inadequate test procedure is an example of :

A. inherent risk.

B. control risk.

C. detection risk.

D. audit risk.

9. The overall business risk for a particular threat can be expressed as:

A. a product of the probability and impact.

B. probability of occurrence.

C. magnitude of impact.

D. assumption of the risk assessment team.

10. An IS auditor is evaluating management’s risk assessment of information systems. The IS auditor should FIRST review:

A. the controls already in place.

B. the effectiveness of the controls in place.

C. the mechanism for monitoring the risks related to the assets.

D. the threats/vulnerabilities affecting the assets.

11. An IS auditor is reviewing the data center security review. Which of the following steps would an IS auditor normally perform FIRST:

A. Evaluate physical access control.

B. Determine the vulnerabilities/threats to the data center site.

C. Review screening process for hiring security staff

D.Evaluate logical access control.

12. The risk assessment approach is more suitable when determining the appropriate level of protection for an information asset because it ensures:

A. all information assets are protected.

B. a basic level of protection is applied regardless of asset value.

C. appropriate levels of protection are applied to information assets.

D. only most sensitive information assets are protected.

13. In a risk-based audit approach, an IS auditor should FIRST complete a(n):

A. inherent risk assessment.

B. control risk assessment.

C. test of control assessment.

D. substantive test assessment.

14. In planning an audit, the MOST critical step is the identification of the:

A. areas of high risk.

B. skill sets of the audit staff.

C. test steps in the audit.

D. time allotted for the audit.

15. The risk assessment process is :

A. subjective.

B. objective.

C. mathematical.

D. statistical.

Get 100% pass CISA exam dump from SPOTO now!

get 100% pass spoto dump
Please follow and like us:
Last modified: November 12, 2021



Write a Reply or Comment

Your email address will not be published.