CISA EXAM REVISION QUESTIONS AND
100% CORRECT ANSWERS!!
Question #:4 - (Exam Topic 3)
An IS auditor is assigned to review the IS department s quality procedures. Upon
contacting the IS manager, the auditor finds that there is an informal unwritten set of
standards Which of the following should be the auditor's NEXT action1?
A. Make recommendations to IS management as to appropriate quality standards
B. Postpone the audit until IS management implements written standards
C. Document and lest compliance with the informal standards
D. Finalize the audit and report the finding
C. Document and lest compliance with the informal standards.
Question #:12 - (Exam Topic 3)
Which of the following findings should be of GREATEST concern to an IS auditor
reviewing an organization newly implemented online security awareness program'?
A. Only new employees are required to attend the program
B. Metrics have not been established to assess training results
C. Employees do not receive immediate notification of results
D. The timing for program updates has not been determined
B. Metrics have not been established to assess training results.
Question #:17 - (Exam Topic 3)
In which of the following system development life cycle (SDLC) phases would 1an IS
auditor expect to find that controls have been incorporated into system specifications?
A. Implementation
B. Development
,C. Feasibility
D. Design
D. Design.
Question #:19 - (Exam Topic 3)
Which of the following should be the PRIMARY role of an internal audit function in the
management of identified business risks?
A. Establishing a risk appetite
B. Establishing a risk management framework
C. Validating enterprise risk management (ERM)
D. Operating the risk management framework
C. Validating enterprise risk management (ERM).
Question #:20 - (Exam Topic 3)
Which of the following is the MAJOR advantage of automating internal controls?
A. To enable the review of large value transactions
B. To efficiently test large volumes of data
C. To help identity transactions with no segregation of duties
D. To assist in performing analytical reviews
B. To efficiently test large volumes of data.
Question #:23 - (Exam Topic 3)
In an IT organization where many responsibilities are shared which of the following is the
BEST control for detecting unauthorized 2data changes'?
A. Users are required to periodically rotate responsibilities
B. Segregation of duties conflicts are periodically reviewed
,C. Data changes are independently reviewed by another group
D. Data changes are logged in an outside application
C. Data changes are independently reviewed by another group.
Question #:34 - (Exam Topic 3)
When auditing an organization's software acquisition process the BEST way for an IS
auditor to understand the software benefits to the organization would be to review the
A. feasibility study
B. business case
C. request for proposal (RFP)
D. alignment with IT strategy
B. business case.
Question #:35 - (Exam Topic 3)
Demonstrated support from which of the following roles in an organization has the MOST
influence over information security 4governance?
A. Chief information security officer (CISO)
B. Information security steering committee
C. Board of directors
D. Chief information officer (CIO)
C. Board of directors.
Question #:37 - (Exam Topic 3)
A senior auditor is reviewing work papers prepared by a junior auditor indicating that a
finding was removed after the auditee said they corrected the problem. Which of the
following is the senior auditor s MOST appropriate course of action?
A. Ask the auditee to retest
, B. Approve the work papers as written
C. Have the finding reinstated
D. Refer the issue to the audit director
A. Ask the auditee to retest.
Question #:49 - (Exam Topic 3)
Which of the following is the MOST important outcome of an information security
program?
A. Operating system weaknesses are more easily identified.
B. Emerging security technologies are better understood and accepted.
C. The cost to mitigate information security risk is reduced.
D. Organizational awareness of security responsibilities is improved.
D. Organizational awareness of security responsibilities is improved.
Question #:55 - (Exam Topic 3)
Which of the following BEST enables the effectiveness of an agile project for the rapid
development of a new software application?
A. Project segments are established.
B. The work is separated into phases.
C. The work is separated into sprints.
D. Project milestones are created.
C. The work is separated into sprints.
Question #:56 - (Exam Topic 3)
Which of the following provides the BEST assurance of data integrity after file transfers?
A. Check digits
100% CORRECT ANSWERS!!
Question #:4 - (Exam Topic 3)
An IS auditor is assigned to review the IS department s quality procedures. Upon
contacting the IS manager, the auditor finds that there is an informal unwritten set of
standards Which of the following should be the auditor's NEXT action1?
A. Make recommendations to IS management as to appropriate quality standards
B. Postpone the audit until IS management implements written standards
C. Document and lest compliance with the informal standards
D. Finalize the audit and report the finding
C. Document and lest compliance with the informal standards.
Question #:12 - (Exam Topic 3)
Which of the following findings should be of GREATEST concern to an IS auditor
reviewing an organization newly implemented online security awareness program'?
A. Only new employees are required to attend the program
B. Metrics have not been established to assess training results
C. Employees do not receive immediate notification of results
D. The timing for program updates has not been determined
B. Metrics have not been established to assess training results.
Question #:17 - (Exam Topic 3)
In which of the following system development life cycle (SDLC) phases would 1an IS
auditor expect to find that controls have been incorporated into system specifications?
A. Implementation
B. Development
,C. Feasibility
D. Design
D. Design.
Question #:19 - (Exam Topic 3)
Which of the following should be the PRIMARY role of an internal audit function in the
management of identified business risks?
A. Establishing a risk appetite
B. Establishing a risk management framework
C. Validating enterprise risk management (ERM)
D. Operating the risk management framework
C. Validating enterprise risk management (ERM).
Question #:20 - (Exam Topic 3)
Which of the following is the MAJOR advantage of automating internal controls?
A. To enable the review of large value transactions
B. To efficiently test large volumes of data
C. To help identity transactions with no segregation of duties
D. To assist in performing analytical reviews
B. To efficiently test large volumes of data.
Question #:23 - (Exam Topic 3)
In an IT organization where many responsibilities are shared which of the following is the
BEST control for detecting unauthorized 2data changes'?
A. Users are required to periodically rotate responsibilities
B. Segregation of duties conflicts are periodically reviewed
,C. Data changes are independently reviewed by another group
D. Data changes are logged in an outside application
C. Data changes are independently reviewed by another group.
Question #:34 - (Exam Topic 3)
When auditing an organization's software acquisition process the BEST way for an IS
auditor to understand the software benefits to the organization would be to review the
A. feasibility study
B. business case
C. request for proposal (RFP)
D. alignment with IT strategy
B. business case.
Question #:35 - (Exam Topic 3)
Demonstrated support from which of the following roles in an organization has the MOST
influence over information security 4governance?
A. Chief information security officer (CISO)
B. Information security steering committee
C. Board of directors
D. Chief information officer (CIO)
C. Board of directors.
Question #:37 - (Exam Topic 3)
A senior auditor is reviewing work papers prepared by a junior auditor indicating that a
finding was removed after the auditee said they corrected the problem. Which of the
following is the senior auditor s MOST appropriate course of action?
A. Ask the auditee to retest
, B. Approve the work papers as written
C. Have the finding reinstated
D. Refer the issue to the audit director
A. Ask the auditee to retest.
Question #:49 - (Exam Topic 3)
Which of the following is the MOST important outcome of an information security
program?
A. Operating system weaknesses are more easily identified.
B. Emerging security technologies are better understood and accepted.
C. The cost to mitigate information security risk is reduced.
D. Organizational awareness of security responsibilities is improved.
D. Organizational awareness of security responsibilities is improved.
Question #:55 - (Exam Topic 3)
Which of the following BEST enables the effectiveness of an agile project for the rapid
development of a new software application?
A. Project segments are established.
B. The work is separated into phases.
C. The work is separated into sprints.
D. Project milestones are created.
C. The work is separated into sprints.
Question #:56 - (Exam Topic 3)
Which of the following provides the BEST assurance of data integrity after file transfers?
A. Check digits
