CISA EXAM 1 Questions and Answers
(Latest 2024)
1. An IS auditor should expect which of the following items to be included in
the request for proposal
(RFP) when IS is procuring services from an independent service provider
(ISP)?
A References from other customers
B Service level agreement (SLA) template
C Maintenance agreement
D Conversion plan - Correct Answer ✅ The answer is A
An IS auditor should look for an independent verification that the ISP can
perform the tasks being
contracted for. References from other customers would provide an
independent, external review and
verification of procedures and processes the ISP follows—issues which would
be of concern to an IS
auditor. Checking references is a means of obtaining an independent
verification that the vendor can
perform the services it says it can. A maintenance agreement relates more to
equipment than to services,
,CISA EXAM 1 Questions and Answers
(Latest 2024)
and a conversion plan, while important, is less important than verification
that the ISP can provide the
services they propose.
2. To aid management in achieving IT and business alignment, an IS auditor
should recommend the
use of:
A control self-assessments.
B a business impact analysis.
C an IT balanced scorecard.
D business process reengineering. - Correct Answer ✅ The Correct
Answer is C
An IT balanced scorecard (BSC) provides the bridge between IT objectives
and business objectives by
supplementing the traditional financial evaluation with measures to evaluate
customer satisfaction,
internal processes and the ability to innovate. Control self-assessment (CSA),
business impact analysis
,CISA EXAM 1 Questions and Answers
(Latest 2024)
(BIA) and business process reengineering (BPR) are insufficient to align IT
with organizational
objectives.
3. A poor choice of passwords and transmission over unprotected
communications lines are examples
of:
A vulnerabilities.
B threats.
C probabilities.
D impacts. - Correct Answer ✅ The answer is A
Vulnerabilities represent characteristics of information resources that may be
exploited by a threat.
Threats are circumstances or events with the potential to cause harm to
information resources.
Probabilities represent the likelihood of the occurrence of a threat, while
impacts represent the
outcome or result of a threat exploiting a vulnerability.
, CISA EXAM 1 Questions and Answers
(Latest 2024)
4. To support an organization's goals, an IS department should have:
A a low-cost philosophy.
B long- and short-range plans.
C leading-edge technology.
D plans to acquire new hardware and software. - Correct Answer ✅ The
Correct Answer is B
To ensure its contribution to the realization of an organization's overall
goals, the IS department should
have long- and short-range plans that are consistent with the
organization's broader plans for attaining
its goals. Choices A and C are objectives, and plans would be needed to
delineate how each of the
objectives would be achieved. Choice D could be a part of the overall plan
but would be required only
2/11Latihan CISA Exam Chapter 2
if hardware or software is needed to achieve the organizational goals.
(Latest 2024)
1. An IS auditor should expect which of the following items to be included in
the request for proposal
(RFP) when IS is procuring services from an independent service provider
(ISP)?
A References from other customers
B Service level agreement (SLA) template
C Maintenance agreement
D Conversion plan - Correct Answer ✅ The answer is A
An IS auditor should look for an independent verification that the ISP can
perform the tasks being
contracted for. References from other customers would provide an
independent, external review and
verification of procedures and processes the ISP follows—issues which would
be of concern to an IS
auditor. Checking references is a means of obtaining an independent
verification that the vendor can
perform the services it says it can. A maintenance agreement relates more to
equipment than to services,
,CISA EXAM 1 Questions and Answers
(Latest 2024)
and a conversion plan, while important, is less important than verification
that the ISP can provide the
services they propose.
2. To aid management in achieving IT and business alignment, an IS auditor
should recommend the
use of:
A control self-assessments.
B a business impact analysis.
C an IT balanced scorecard.
D business process reengineering. - Correct Answer ✅ The Correct
Answer is C
An IT balanced scorecard (BSC) provides the bridge between IT objectives
and business objectives by
supplementing the traditional financial evaluation with measures to evaluate
customer satisfaction,
internal processes and the ability to innovate. Control self-assessment (CSA),
business impact analysis
,CISA EXAM 1 Questions and Answers
(Latest 2024)
(BIA) and business process reengineering (BPR) are insufficient to align IT
with organizational
objectives.
3. A poor choice of passwords and transmission over unprotected
communications lines are examples
of:
A vulnerabilities.
B threats.
C probabilities.
D impacts. - Correct Answer ✅ The answer is A
Vulnerabilities represent characteristics of information resources that may be
exploited by a threat.
Threats are circumstances or events with the potential to cause harm to
information resources.
Probabilities represent the likelihood of the occurrence of a threat, while
impacts represent the
outcome or result of a threat exploiting a vulnerability.
, CISA EXAM 1 Questions and Answers
(Latest 2024)
4. To support an organization's goals, an IS department should have:
A a low-cost philosophy.
B long- and short-range plans.
C leading-edge technology.
D plans to acquire new hardware and software. - Correct Answer ✅ The
Correct Answer is B
To ensure its contribution to the realization of an organization's overall
goals, the IS department should
have long- and short-range plans that are consistent with the
organization's broader plans for attaining
its goals. Choices A and C are objectives, and plans would be needed to
delineate how each of the
objectives would be achieved. Choice D could be a part of the overall plan
but would be required only
2/11Latihan CISA Exam Chapter 2
if hardware or software is needed to achieve the organizational goals.
