DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CISA Certification Exam Sample, Free Exam Resources for Success , Certified Information Systems Auditor | SPOTO

Unlock your CISA certification potential with SPOTO's free exam resources and sample questions. Our comprehensive collection includes mock exams, online exam questions, and practice tests meticulously aligned with the latest exam objectives. Gain invaluable insights through detailed explanations and performance analysis. Access regularly updated exam materials, including free test dumps and exam questions and answers, to ensure you're thoroughly prepared. Simulate the real testing environment with our realistic exam simulator. Leverage SPOTO's complimentary CISA certification exam samples and resources to identify knowledge gaps, reinforce key concepts, and achieve exam success with confidence.
Take other online exams

Question #1
Digital signatures require the sender to "sign" the data by encrypting the data with the sender's public key, to then be decrypted by the recipient using the recipient's private key. True or false?
A. False
B. True
View answer
Correct Answer: A
Question #2
What control detects transmission errors by appending calculated bits onto the end of each segment of data?
A. Reasonableness check
B. Parity check
C. Redundancy check
D. Check digits
View answer
Correct Answer: A
Question #3
When performing an IS strategy audit, an IS auditor should review both short-term (one-year) and long-term (three-to five-year) IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered. The auditor should especially focus on procedures in an audit of IS strategy. True or false?
A. True
B. False
View answer
Correct Answer: A
Question #4
Which of the following should an IS auditor review to understand project progress in terms of time, budget and deliverables for early detection of possible overruns and for projecting estimates at completion (EACs)?
A. Function point analysis
B. Earned value analysis
C. Cost budget
D. Program Evaluation and Review Technique
View answer
Correct Answer: C
Question #5
Whenever business processes have been re-engineered, the IS auditor attempts to identify and quantify the impact of any controls that might have been removed, or controls that might not work as effectively after business process changes. True or false?
A. True
B. False
View answer
Correct Answer: C
Question #6
What must an IS auditor understand before performing an application audit? Choose the BEST answer.
A. The potential business impact of application risk
B. Application risks must first be identifie
C. Relative business processe
D. Relevant application risk
View answer
Correct Answer: A
Question #7
Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks?
A. Session keys are dynamic
B. Private symmetric keys are used
C. Keys are static and shared
D. Source addresses are not encrypted or authenticated
View answer
Correct Answer: A
Question #8
When preparing an audit report the IS auditor should ensure that the results are supported by:
A. statements from IS managemen
B. workpapers of other auditor
C. an organizational control self-assessmen
D. sufficient and appropriate audit evidenc
View answer
Correct Answer: A
Question #9
Failure in which of the following testing stages would have the GREATEST impact on the implementation of new application software?
A. System testing
B. Acceptance testing
C. Integration testing
D. Unit testing
View answer
Correct Answer: C
Question #10
An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that:
A. this lack of knowledge may lead to unintentional disclosure of sensitive informatio
B. information security is not critical to all function
C. IS audit should provide security training to the employee
D. the audit finding will cause management to provide continuous training to staf
View answer
Correct Answer: C
Question #11
An IS auditor is evaluating a corporate network for a possible penetration by employees. Which of the following findings should give the IS auditor the GREATEST concern?
A. There are a number of external modems connected to the networ
B. Users can install software on their desktop
C. Network monitoring is very limite
D. Many user IDs have identical password
View answer
Correct Answer: C
Question #12
An organization is migrating from a legacy system to an enterprise resource planning (ERP) system. While reviewing the data migration activity, the MOST important concern for the IS auditor is to determine that there is a:
A. correlation of semantic characteristics of the data migrated between the two system
B. correlation of arithmetic characteristics of the data migrated between the two system
C. correlation of functional characteristics of the processes between the two system
D. relative efficiency of the processes between the two system
View answer
Correct Answer: B
Question #13
An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls wou Id BEST mitigate the risk of undetected and unauthorized program changes to the production environment?
A. Commands typed on the command line are logged
B. Hash keys are calculated periodically for programs and matched against hash keys calculated for the most recent authorized versions of the programs
C. Access to the operating system command line is granted through an access restriction tool with preapproved rights
D. Software development tools and compilers have been removed from the production environment
View answer
Correct Answer: A
Question #14
Above almost all other concerns, what often results in the greatest negative impact on the implementation of new application software?
A. Failing to perform user acceptance testing
B. Lack of user training for the new system
C. Lack of software documentation and run manuals
D. Insufficient unit, module, and systems testing
View answer
Correct Answer: B
Question #15
Which of the following can degrade network performance? Choose the BEST answer.
A. Superfluous use of redundant load-sharing gateways
B. Increasing traffic collisions due to host congestion by creating new collision domains
C. Inefficient and superfluous use of network devices such as switches
D. Inefficient and superfluous use of network devices such as hubs
View answer
Correct Answer: A
Question #16
What type of approach to the development of organizational policies is often driven by risk assessment?
A. Bottom-up
B. Top-down
C. Comprehensive
D. Integrated
View answer
Correct Answer: B
Question #17
Database snapshots can provide an excellent audit trail for an IS auditor. True or false?
A. True
B. False
View answer
Correct Answer: A
Question #18
Which of the following is an advantage of the top-down approach to software testing?
A. Interface errors are identified early
B. Testing can be started before all programs are complete
C. it is more effective than other testing approaches
D. Errors in critical modules are detected sooner
View answer
Correct Answer: B
Question #19
Why is a clause for requiring source code escrow in an application vendor agreement important?
A. To segregate systems development and live environments
B. To protect the organization from copyright disputes
C. To ensure that sufficient code is available when needed
D. To ensure that the source code remains available even if the application vendor goes out of business
View answer
Correct Answer: A
Question #20
The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n):
A. Implementor
B. Facilitator
C. Developer
D. Sponsor
View answer
Correct Answer: A
Question #21
An IS auditor performing a review of an application's controls would evaluate the:
A. efficiency of the application in meeting the business processe
B. impact of any exposures discovere
C. business processes served by the applicatio
D. application's optimizatio
View answer
Correct Answer: C
Question #22
An organization has outsourced its help desk activities. An IS auditor's GREATEST concern when reviewing the contract and associated service level agreement (SLA) between the organization and vendor should be the provisions for:
A. documentation of staff background check
B. independent audit reports or full audit acces
C. reporting the year-to-year incremental cost reduction
D. reporting staff turnover, development or trainin
View answer
Correct Answer: B
Question #23
During an implementation review of a multiuser distributed application, an IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not beingchecked properly. While preparing the audit report, the IS auditor should:
A. record the observations separately with the impact of each of them marked against each respective findin
B. advise the manager of probable risks without recording the observations, as the control weaknesses are minor one
C. record the observations and the risk arising from the collective weaknesse
D. apprise the departmental heads concerned with each observation and properly document it in the repor
View answer
Correct Answer: D
Question #24
When should application controls be considered within the system-development process?
A. After application unit testing
B. After application module testing
C. After applications systems testing
D. As early as possible, even in the development of the project's functional specifications
View answer
Correct Answer: A
Question #25
With the objective of mitigating the risk and impact of a major business interruption, a disasterrecovery plan should endeavor to reduce the length of recovery time necessary, as well as costs associated with recovery. Although DRP results in an increase of pre-and post-incident operational costs, the extra costs are more than offset by reduced recovery and business impact costs. True or false?
A. True
B. False
View answer
Correct Answer: B
Question #26
During a security audit of IT processes, an IS auditor found that there were no documented security procedures. The IS auditor should:
A. create the procedures documen
B. terminate the audi
C. conduct compliance testin
D. identify and evaluate existing practice
View answer
Correct Answer: A
Question #27
What are trojan horse programs? Choose the BEST answer.
A. A common form of internal attack
B. Malicious programs that require the aid of a carrier program such as email
C. Malicious programs that can run independently and can propagate without the aid of a carrier program such as email
D. A common form of Internet attack
View answer
Correct Answer: C
Question #28
How is the time required for transaction processing review usually affected by properly implemented Electronic Data Interface (EDI)?
A. EDI usually decreases the time necessary for revie
B. EDI usually increases the time necessary for revie
C. Cannot be determine
D. EDI does not affect the time necessary for revie
View answer
Correct Answer: A
Question #29
An IS auditor reviewing the risk assessment process of an organization should FIRST:
A. identify the reasonable threats to the information asset
B. analyze the technical and organizational vulnerabilitie
C. identify and rank the information asset
D. evaluate the effect of a potential security breac
View answer
Correct Answer: B
Question #30
What is used to develop strategically important systems faster, reduce development costs, and still maintain high quality? Choose the BEST answer.
A. Rapid application development (RAD)
B. GANTT
C. PERT
D. Decision trees
View answer
Correct Answer: A
Question #31
Which of the following is the BEST performance criterion for evaluating the adequacy of an organization's security awareness training?
A. Senior management is aware of critical information assets and demonstrates an adequate concern for their protectio
B. Job descriptions contain clear statements of accountability for information securit
C. In accordance with the degree of risk and business impact, there is adequate funding for security effort
D. No actual incidents have occurred that have caused a loss or a public embarrassmen
View answer
Correct Answer: A
Question #32
Effective IT governance requires organizational structures and processes to ensure that:
A. the organization's strategies and objectives extend the IT strateg
B. the business strategy is derived from an IT strateg
C. IT governance is separate and distinct from the overall governanc
D. the IT strategy extends the organization's strategies and objective
View answer
Correct Answer: B
Question #33
The information security policy that states 'each individual must have their badge read at every controlled door' addresses which of the following attack methods?
A. Piggybacking
B. Shoulder surfing
C. Dumpster diving
D. Impersonation
View answer
Correct Answer: D
Question #34
What is used to provide authentication of the website and can also be used to successfully authenticate keys used for data encryption?
A. An organizational certificate
B. A user certificate
C. A website certificate
D. Authenticode
View answer
Correct Answer: B
Question #35
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it can:
A. Identify high-risk areas that might need a detailed review later
B. Reduce audit costs
C. Reduce audit time
D. Increase audit accuracy
View answer
Correct Answer: B
Question #36
Which of the following is MOST directly affected by network performance monitoring tools?
A. Integrity
B. Availability
C. Completeness
D. Confidentiality
View answer
Correct Answer: C
Question #37
The initial step in establishing an information security program is the:
A. development and implementation of an information security standards manua
B. performance of a comprehensive security control review by the IS audito
C. adoption of a corporate information security policy statemen
D. purchase of security access control softwar
View answer
Correct Answer: C
Question #38
Who is ultimately responsible for providing requirement specifications to the software-development team?
A. The project sponsor
B. The project members
C. The project leader
D. The project steering committee
View answer
Correct Answer: C
Question #39
A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be based on the individual'sexperience and:
A. length of service, since this will help ensure technical competenc
B. age, as training in audit techniques may be impractica
C. IS knowledge, since this will bring enhanced credibility to the audit functio
D. ability, as an IS auditor, to be independent of existing IS relationship
View answer
Correct Answer: D
Question #40
What is the primary security concern for EDI environments? Choose the BEST answer.
A. Transaction authentication
B. Transaction completeness
C. Transaction accuracy
D. Transaction authorization
View answer
Correct Answer: B
Question #41
The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program?
A. Utilization of an intrusion detection system to report incidents
B. Mandating the use of passwords to access all software
C. Installing an efficient user log system to track the actions of each user
D. Training provided on a regular basis to all current and new employees
View answer
Correct Answer: B
Question #42
Network environments often add to the complexity of program-to-program communication, making the implementation and maintenance of application systems more difficult. True or false?
A. True
B. False
View answer
Correct Answer: C
Question #43
The use of statistical sampling procedures helps minimize:
A. Detection risk
B. Business risk
C. Controls risk
D. Compliance risk
View answer
Correct Answer: B
Question #44
In an organization where an IT security baseline has been defined, an IS auditor should FIRST ensure:
A. implementatio
B. complianc
C. documentatio
D. sufficienc
View answer
Correct Answer: A
Question #45
An information security policy stating that 'the display of passwords must be masked or suppressed' addresses which of the following attack methods?
A. Piggybacking
B. Dumpster diving
C. Shoulder surfing
D. Impersonation
View answer
Correct Answer: A
Question #46
When assessing the design of network monitoring controls, an IS auditor should FIRST review network:
A. topology diagram
B. bandwidth usag
C. traffic analysis report
D. bottleneck location
View answer
Correct Answer: A
Question #47
Atomicity enforces data integrity by ensuring that a transaction is either completed in its entirely or not at all. Atomicity is part of the ACID test reference for transaction processing. True or false?
A. True
B. False
View answer
Correct Answer: A
Question #48
An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST costeffective test of the DRP?
A. Full operational test
B. Preparedness test
C. Paper test
D. Regression test
View answer
Correct Answer: D
Question #49
How does the SSL network protocol provide confidentiality?
A. Through symmetric encryption such as RSA
B. Through asymmetric encryption such as Data Encryption Standard, or DES
C. Through asymmetric encryption such as Advanced Encryption Standard, or AES
D. Through symmetric encryption such as Data Encryption Standard, or DES
View answer
Correct Answer: C
Question #50
The MAJOR consideration for an IS auditor reviewing an organization's IT project portfolio is the:
A. IT budge
B. existing IT environmen
C. business pla
D. investment pla
View answer
Correct Answer: B
Question #51
A retail outlet has introduced radio frequency identification (RFID) tags to create unique serial numbers for all products. Which of the following is the PRIMARY concern associated with this initiative?
A. Issues of privacy
B. Wavelength can be absorbed by the human body
C. RFID tags may not be removable
D. RFID eliminates line-of-sight reading
View answer
Correct Answer: D
Question #52
Which of the following functions should be performed by the application owners to ensure an adequate segregation of duties between IS and end users?
A. System analysis
B. Authorization of access to data
C. Application programming
D. Data administration
View answer
Correct Answer: D
Question #53
Test and development environments should be separated. True or false?
A. True
B. False
View answer
Correct Answer: A
Question #54
A substantive test to verify that tape library inventory records are accurate is:
A. determining whether bar code readers are installe
B. determining whether the movement of tapes is authorize
C. conducting a physical count of the tape inventor
D. checking if receipts and issues of tapes are accurately recorde
View answer
Correct Answer: A
Question #55
During the development of an application, the quality assurance testing and user acceptance testing were combined. The MAJOR concern for an IS auditor reviewing the project is that there will be:
A. increased maintenanc
B. improper documentation of testin
C. inadequate functional testin
D. delays in problem resolutio
View answer
Correct Answer: B
Question #56
During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:
A. buffer overflo
B. brute force attac
C. distributed denial-of-service attac
D. war dialing attac
View answer
Correct Answer: B
Question #57
A local area network (LAN) administrator normally would be restricted from:
A. having end-user responsibilitie
B. reporting to the end-user manage
C. having programming responsibilitie
D. being responsible for LAN security administratio
View answer
Correct Answer: C
Question #58
The PRIMARY advantage of a continuous audit approach is that it:
A. does not require an IS auditor to collect evidence on system reliability while processing is taking plac
B. requires the IS auditor to review and follow up immediately on all information collecte
C. can improve system security when used in time-sharing environments that process a large number of transaction
D. does not depend on the complexity of an organization's computer system
View answer
Correct Answer: A
Question #59
Input/output controls should be implemented for which applications in an integrated systems environment?
A. The receiving application
B. The sending application
C. Both the sending and receiving applications
D. Output on the sending application and input on the receiving application
View answer
Correct Answer: A
Question #60
Structured programming is BEST described as a technique that:
A. provides knowledge of program functions to other programmers via peer review
B. reduces the maintenance time of programs by the use of small-scale program module
C. makes the readable coding reflect as closely as possible the dynamic execution of the progra
D. controls the coding and testing of the high-level functions of the program in the development proces
View answer
Correct Answer: B
Question #61
Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks?
A. Spool
B. Cluster controller
C. Protocol converter
D. Front end processor
View answer
Correct Answer: C
Question #62
What benefit does using capacity-monitoring software to monitor usage patterns and trends provide to management? Choose the BEST answer.
A. The software can dynamically readjust network traffic capabilities based upon current usag
B. The software produces nice reports that really impress managemen
C. It allows users to properly allocate resources and ensure continuous efficiency of operation
D. It allows management to properly allocate resources and ensure continuous efficiency of operation
View answer
Correct Answer: C
Question #63
While planning an audit, an assessment of risk should be made to provide:
A. reasonable assurance that the audit will cover material item
B. definite assurance that material items will be covered during the audit wor
C. reasonable assurance that all items will be covered by the audi
D. sufficient assurance that all items will be covered during the audit wor
View answer
Correct Answer: A
Question #64
The PRIMARY reason an IS auditor performs a functional walkthrough during the preliminary phase of an audit assignment is to:
A. understand the business proces
B. comply with auditing standard
C. identify control weaknes
D. plan substantive testin
View answer
Correct Answer: C
Question #65
When developing a risk management program, what is the FIRST activity to be performed?
A. Threat assessment
B. Classification of data
C. Inventory of assets
D. Criticality analysis
View answer
Correct Answer: C
Question #66
During which of the following phases in system development would user acceptance test plans normally be prepared?
A. Feasibility study
B. Requirements definition
C. implementation planning
D. Postimplementation review
View answer
Correct Answer: C
Question #67
What is an effective control for granting temporary access to vendors and external support personnel? Choose the BEST answer.
A. Creating user accounts that automatically expire by a predetermined date
B. Creating permanent guest accounts for temporary use
C. Creating user accounts that restrict logon access to certain hours of the day
D. Creating a single shared vendor administrator account on the basis of least-privileged access
View answer
Correct Answer: C
Question #68
The MOST significant level of effort for business continuity planning (BCP) generally is required during the:
A. testing stag
B. evaluation stag
C. maintenance stag
D. early stages of plannin
View answer
Correct Answer: D
Question #69
Obtaining user approval of program changes is very effective for controlling application changes and maintenance. True or false?
A. True
B. False
View answer
Correct Answer: A
Question #70
The editing/validation of data entered at a remote site would be performed MOST effectively at the:
A. central processing site after running the application syste
B. central processing site during the running of the application syste
C. remote processing site after transmission of the data to the central processing sit
D. remote processing site prior to transmission of the data to the central processing sit
View answer
Correct Answer: B
Question #71
________________ (fill in the blank) is/are are ultimately accountable for the functionality, reliability, and security within IT governance. Choose the BEST answer.
A. Data custodians
B. The board of directors and executive officers
C. IT security administration
D. Business unit managers
View answer
Correct Answer: A
Question #72
Which of the following is a substantive test?
A. Checking a list of exception reports
B. Ensuring approval for parameter changes
C. Using a statistical sample to inventory the tape library
D. Reviewing password history reports
View answer
Correct Answer: A
Question #73
The purpose of code signing is to provide assurance that:
A. the software has not been subsequently modifie
B. the application can safely interface with another signed applicatio
C. the signer of the application is truste
D. the private key of the signer has not been compromise
View answer
Correct Answer: A
Question #74
What process allows IS management to determine whether the activities of the organization differ from the planned or expected levels? Choose the BEST answer.
A. Business impact assessment
B. Risk assessment
C. IS assessment methods
D. Key performance indicators (KPIs)
View answer
Correct Answer: A
Question #75
To determine if unauthorized changes have been made to production code the BEST audit procedure is to:
A. examine the change control system records and trace them forward to object code file
B. review access control permissions operating within the production program librarie
C. examine object code to find instances of changes and trace them back to change control record
D. review change approved designations established within the change control syste
View answer
Correct Answer: D
Question #76
Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions?
A. Parity check
B. Echo check
C. Block sum check
D. Cyclic redundancy check
View answer
Correct Answer: C
Question #77
What uses questionnaires to lead the user through a series of choices to reach a conclusion? Choose the BEST answer.
A. Logic trees
B. Decision trees
C. Decision algorithms
D. Logic algorithms
View answer
Correct Answer: A
Question #78
A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses, the team should:
A. compute the amortization of the related asset
B. calculate a return on investment (ROI)
C. apply a qualitative approac
D. spend the time needed to define exactly the loss amoun
View answer
Correct Answer: D
Question #79
Which of the following are effective controls for detecting duplicate transactions such as payments made or received?
A. Concurrency controls
B. Reasonableness checks
C. Time stamps
D. Referential integrity controls
View answer
Correct Answer: C
Question #80
An IS auditor analyzing the audit log of a database management system (DBMS) finds that some transactions were partially executed as a result of an error, and are not rolled back. Which of the following transaction processing features has been violated?
A. Consistency
B. Isolation
C. Durability
D. Atomicity
View answer
Correct Answer: A
Question #81
Which of the following would be the BEST population to take a sample from when testing program changes?
A. Test library listings
B. Source program listings
C. Program change requests
D. Production library listings
View answer
Correct Answer: B
Question #82
Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when:
A. a firewall exist
B. a secure web connection is use
C. the source of the executable file is certai
D. the host web site is part of the organizatio
View answer
Correct Answer: D
Question #83
A malicious code that changes itself with each file it infects is called a:
A. logic bom
B. stealth viru
C. trojan hors
D. polymorphic viru
View answer
Correct Answer: D
Question #84
The database administrator (DBA) suggests that DB efficiency can be improved by denormalizing some tables. This would result in:
A. loss of confidentialit
B. increased redundanc
C. unauthorized accesse
D. application malfunction
View answer
Correct Answer: A
Question #85
An IS auditor is reviewing a project that is using an Agile software development approach. Which of the following should the IS auditor expect to find?
A. Use of a process-based maturity model such as the capability maturity model (CMM)
B. Regular monitoring of task-level progress against schedule
C. Extensive use of software development tools to maximize team productivity
D. Postiteration reviews that identify lessons learned for future use in the project
View answer
Correct Answer: B
Question #86
Before implementing controls, management should FIRST ensure that the controls:
A. satisfy a requirement in addressing a risk issu
B. do not reduce productivit
C. are based on a cost-benefit analysi
D. are detective or correctiv
View answer
Correct Answer: D
Question #87
What is an edit check to determine whether a field contains valid data?
A. Completeness check
B. Accuracy check
C. Redundancy check
D. Reasonableness check
View answer
Correct Answer: B
Question #88
After initial investigation, an IS auditor has reasons to believe that fraud may be present. The IS auditor should:
A. expand activities to determine whether an investigation is warrante
B. report the matter to the audit committe
C. report the possibility of fraud to top management and ask how they would like to procee
D. consult with external legal counsel to determine the course of action to be take
View answer
Correct Answer: D
Question #89
What type of fire-suppression system suppresses fire via water that is released from a main valve to be delivered via a system of dry pipes installed throughout the facilities?
A. A dry-pipe sprinkler system
B. A deluge sprinkler system
C. A wet-pipe system
D. A halon sprinkler system
View answer
Correct Answer: B
Question #90
The advantage of a bottom-up approach to the development of organizational policies is that the policies:
A. are developed for the organization as a whol
B. are more likely to be derived as a result of a risk assessmen
C. will not conflict with overall corporate polic
D. ensure consistency across the organizatio
View answer
Correct Answer: A
Question #91
What is a common vulnerability, allowing denial-of-service attacks?
A. Assigning access to users according to the principle of least privilege
B. Lack of employee awareness of organizational security policies
C. Improperly configured routers and router access lists
D. Configuring firewall access rules
View answer
Correct Answer: A
Question #92
A hardware control that helps to detect errors when data are communicated from one computer to another is known as a:
A. duplicate chec
B. table looku
C. validity chec
D. parity chec
View answer
Correct Answer: A
Question #93
What is the primary objective of a control self-assessment (CSA) program?
A. Enhancement of the audit responsibility
B. Elimination of the audit responsibility
C. Replacement of the audit responsibility
D. Integrity of the audit responsibility
View answer
Correct Answer: A
Question #94
In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover potential anomalies in user or system behavior. Which of the following tools are MOST suitable for performing that task?
A. CASE tools
B. Embedded data collection tools
C. Heuristic scanning tools
D. Trend/variance detection tools
View answer
Correct Answer: C
Question #95
The purpose of a checksum on an amount field in an electronic data interchange (EDI) communication of financial transactions is to ensure:
A. integrit
B. authenticit
C. authorizatio
D. nonrepudiatio
View answer
Correct Answer: C
Question #96
Overall business risk for a particular threat can be expressed as:
A. a product of the probability and magnitude of the impact if a threat successfully exploits a vulnerabilit
B. the magnitude of the impact should a threat source successfully exploit the vulnerabilit
C. the likelihood of a given threat source exploiting a given vulnerabilit
D. the collective judgment of the risk assessment tea
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: