CISA Practice Questions with correct answers

It is important to understand the organization and its environment in order to effectively pinpoint the organization's key risk. One specific factor is an understanding of: Correct Answer-The organization's selection and application of policies and procedures Of the following, which is not a way to treat a risk? Correct Answer-Ignore it The three focus areas that management must address in order to govern IT include all of the following except: Correct Answer-Control optimization The first step in establishing a risk management program is: Correct Answer-To decide what the purpose of the program is An incident is any unexpected occurrence. The severity of an incident is generally: Correct Answer-Directly proportional to the time elapsed from the incident to the resolution of the incident One of the issues in managing a project is managing scope changes. Which of the following should be included in management of scope changes? Correct Answer-The work structure should be documented in a component management database Personal area networks (PANs) are used for: Correct Answer-Communications among computer devices, which include telephones, PDAs, cameras, etc. The IS Auditor is preparing the external network security assessment. Of the following, which step should the IS Auditor start with? Correct Answer-Reconnaissance. The IS Auditor should perform reconnaissance, or "footprinting" of the enterprise to appropriate gauge several