ISACA CISA Questions & 100% Correct Answers

Audit Charter :~~ a formal document that contains: 1. scope of the audit functions 2. authority of the audit functions 3. responsibility of the audit functions Audit Universe :~~ An inventory of all the functions/processes/units under the organization Qualitative Risk Assessment :~~ Risk is assessed using qualitative parameters, such as high, medium, and low Quantitative Risk Assessment :~~ Risk is assessed using numerical parameters and is quantified Risk Factors 2 | P a g e | © copyright 2024/2025 | Grade A+ Master01 | September, 2024/2025 | Latest update :~~ Factors that have an impact on risk. The presence of those factors increases the risk, whereas the absence of those factors decreases the risk. An audit plan helps to identify and determine the following aspects: :~~ The objective of the audit The scope of the audit The periodicity of the audit The meme gets if the audit team The method of audit EDI :~~ Electronic Data Interchange Semantic Nets :~~ A knowledge base that conveys meaning Knowledge interface :~~ Stores expert-level knowledge Data Interface 3 | P a g e | © copyright 2024/2025 | Grade A+ Master01 | September, 2024/2025 | Latest update :~~ Stores data for analysis and decision making What is the major risk of EDI transactions? :~~ The absence of agreement (in the absence of a trading partner agreement, there could be uncertainty related to specific legal liability). What is the objective of encryption? :~~ To ensure the integrity and confidentiality of transactions. How are inbound transactions controlled in an EDI environment? :~~ Inbound transactions are controlled via logs of the receipt of inbound transactions, the use of segment count totals, and the use of check digits to detect transportation and transcription errors. What is the objective of non-repudiation? :~~ Non-repudiation ensures that a transaction is enforceable and that the claimed sender cannot later deny generating and sending the message. SOP :~~ Standard Operating Procedure Preventative Controls 4 | P a g e | © copyright 2024/2025 | Grade A+ Master01 | September, 2024/2025 | Latest update :~~ controls that deter problems before they arise Deterrent Controls :~~ Security controls that attempt to discourage individuals from causing a security incident. Segregation of duties is an example of which type of control? :~~ Preventative control Inherent Risk :~~ This refers to risk that exists before applying a control Control Risk :~~ This refers to risk that internal controls fail to prevent or detect Detection Risk :~~ Stop-or-go sampling 5 | P a g e | © copyright 2024/2025 | Grade A+ Master01 | September, 2024/2025 | Latest update :~~ Stop-or-go sampling is used where controls are strong and very few errors are expecte