CISA FINAL EXAM QUESTIONS
AND 100% CORRECT ANSWERS!!
5. While reviewing the IT infrastructure, an IS auditor notices that storage resources
are continuously being added. The IS auditor should:
A. recommend the use of disk mirroring.
B. review the adequacy of offsite storage.
C. review the capacity management process.
D. recommend the use of a compression algorithm.
C
6. During a compliance audit of a small bank, the IS auditor notes that both the IT and
accounting functions are being performed by the same user of the financial system.
Which of the following reviews conducted by a supervisor would represent the BEST
compensating control?
A. Audit trails that show the date and time of the transaction.
B. A summary daily report with the total numbers and dollar amounts of each transaction.
C. User account administration.
D. Computer log files that show individual transactions in the financial system.
D
7. From a control perspective, the PRIMARY objective of classifying information assets
is to:
A. establish guidelines for the level of access controls that should be
assigned. B. ensure access controls are assigned to all information assets.
C. assist management and auditors in risk assessment. D.
identify which assets need to be insured against losses.
,A
8. To gain an understanding of the effectiveness of an organization's planning and
management of investments in IT assets, an IS auditor should review the:
A. enterprise data model.
B. IT balanced scorecard (BSC).
C. IT organizational structure. D.
historical financial statements.
B
9. When using a universal storage bus (USB) flash drive to transport confidential corporate
data to an offsite location, an effective control would be to:
A. carry the flash drive in a portable safe.
B. assure management that you will not lose the flash drive. C.
request that management deliver the flash drive by courier. D.
encrypt the folder containing the data with a strong key.
D
10. For a mission-critical application with a low recovery time objective (RTO), the IS
auditor would recommend the use of which of the following recovery strategies?
A. Mobile site.
B. Redundant site.
C. Hot site.
D. Reciprocal agreements.
B
11. When reviewing IS strategies, an IS auditor can BEST assess whether IS
strategy supports the organizations' business objectives by determining whether IS:
A. has all the personnel and equipment it needs.
B. plans are consistent with management strategy.
C. uses its equipment and personnel efficiently and effectively.
D. has sufficient excess capacity to respond to changing directions.
, B
12. Which of the following system and data conversion strategies provides the
GREATEST redundancy?
A. Direct cutover
B. Pilot study
C. Phased approach
D. Parallel run
D
13. Web and e-mail filtering tools are PRIMARILY valuable to an organization because
they:
A. protect the organization from viruses and non-business materials.
B. maximize employee performance.
C. safeguard the organization's image.
D. assist the organization in preventing legal issues.
A
14. The PRIMARY reason an IS auditor performs a functional walkthrough during
the preliminary phase of an audit assignment is to:
A. understand the business process.
B. comply with auditing standards.
C. identify control weakness.
D. plan substantive testing.
A
15. An IS auditor discovers that the chief information officer (CIO) of an organization is
using a wireless broadband modem utilizing global system for mobile communications
(GSM) technology. This modem is being used to connect the CIO's laptop to the
corporate virtual private network (VPN) when the CIO travels outside of the office. The
IS auditor should:
A. do nothing since the inherent security features of GSM technology are appropriate.
AND 100% CORRECT ANSWERS!!
5. While reviewing the IT infrastructure, an IS auditor notices that storage resources
are continuously being added. The IS auditor should:
A. recommend the use of disk mirroring.
B. review the adequacy of offsite storage.
C. review the capacity management process.
D. recommend the use of a compression algorithm.
C
6. During a compliance audit of a small bank, the IS auditor notes that both the IT and
accounting functions are being performed by the same user of the financial system.
Which of the following reviews conducted by a supervisor would represent the BEST
compensating control?
A. Audit trails that show the date and time of the transaction.
B. A summary daily report with the total numbers and dollar amounts of each transaction.
C. User account administration.
D. Computer log files that show individual transactions in the financial system.
D
7. From a control perspective, the PRIMARY objective of classifying information assets
is to:
A. establish guidelines for the level of access controls that should be
assigned. B. ensure access controls are assigned to all information assets.
C. assist management and auditors in risk assessment. D.
identify which assets need to be insured against losses.
,A
8. To gain an understanding of the effectiveness of an organization's planning and
management of investments in IT assets, an IS auditor should review the:
A. enterprise data model.
B. IT balanced scorecard (BSC).
C. IT organizational structure. D.
historical financial statements.
B
9. When using a universal storage bus (USB) flash drive to transport confidential corporate
data to an offsite location, an effective control would be to:
A. carry the flash drive in a portable safe.
B. assure management that you will not lose the flash drive. C.
request that management deliver the flash drive by courier. D.
encrypt the folder containing the data with a strong key.
D
10. For a mission-critical application with a low recovery time objective (RTO), the IS
auditor would recommend the use of which of the following recovery strategies?
A. Mobile site.
B. Redundant site.
C. Hot site.
D. Reciprocal agreements.
B
11. When reviewing IS strategies, an IS auditor can BEST assess whether IS
strategy supports the organizations' business objectives by determining whether IS:
A. has all the personnel and equipment it needs.
B. plans are consistent with management strategy.
C. uses its equipment and personnel efficiently and effectively.
D. has sufficient excess capacity to respond to changing directions.
, B
12. Which of the following system and data conversion strategies provides the
GREATEST redundancy?
A. Direct cutover
B. Pilot study
C. Phased approach
D. Parallel run
D
13. Web and e-mail filtering tools are PRIMARILY valuable to an organization because
they:
A. protect the organization from viruses and non-business materials.
B. maximize employee performance.
C. safeguard the organization's image.
D. assist the organization in preventing legal issues.
A
14. The PRIMARY reason an IS auditor performs a functional walkthrough during
the preliminary phase of an audit assignment is to:
A. understand the business process.
B. comply with auditing standards.
C. identify control weakness.
D. plan substantive testing.
A
15. An IS auditor discovers that the chief information officer (CIO) of an organization is
using a wireless broadband modem utilizing global system for mobile communications
(GSM) technology. This modem is being used to connect the CIO's laptop to the
corporate virtual private network (VPN) when the CIO travels outside of the office. The
IS auditor should:
A. do nothing since the inherent security features of GSM technology are appropriate.
