CISA EXAM REVISION QUESTIONS
AND 100% CORRECT ANSWERS!!
Question #:19 - (Exam Topic 3)
Which of the following should be the PRIMARY role of an internal audit function in
the management of identified business risks?
A. Establishing a risk appetite
B. Establishing a risk management framework
C. Validating enterprise risk management (ERM)
D. Operating the risk management framework
C. Validating enterprise risk management (ERM).
Question #:20 - (Exam Topic 3)
Which of the following is the MAJOR advantage of automating internal controls?
A. To enable the review of large value transactions
B. To efficiently test large volumes of data
C. To help identity transactions with no segregation of
duties D. To assist in performing analytical reviews
B. To efficiently test large volumes of data.
Question #:23 - (Exam Topic 3)
In an IT organization where many responsibilities are shared which of the following is
the BEST control for detecting unauthorized 2data changes'?
A. Users are required to periodically rotate responsibilities
B. Segregation of duties conflicts are periodically reviewed
,C. Data changes are independently reviewed by another group
D. Data changes are logged in an outside application
C. Data changes are independently reviewed by another group.
Question #:34 - (Exam Topic 3)
When auditing an organization's software acquisition process the BEST way for an IS
auditor to understand the software benefits to the organization would be to review the
A. feasibility study
B. business case
C. request for proposal (RFP)
D. alignment with IT strategy
B. business case.
Question #:35 - (Exam Topic 3)
Demonstrated support from which of the following roles in an organization has the MOST
influence over information security 4governance?
A. Chief information security officer (CISO)
B. Information security steering committee
C. Board of directors
D. Chief information officer (CIO)
C. Board of directors.
Question #:37 - (Exam Topic 3)
A senior auditor is reviewing work papers prepared by a junior auditor indicating that
a finding was removed after the auditee said they corrected the problem. Which of the
following is the senior auditor s MOST appropriate course of action?
A. Ask the auditee to retest
,B. Approve the work papers as written
C. Have the finding reinstated
D. Refer the issue to the audit director
A. Ask the auditee to retest.
Question #:49 - (Exam Topic 3)
Which of the following is the MOST important outcome of an information security
program?
A. Operating system weaknesses are more easily identified.
B. Emerging security technologies are better understood and accepted.
C. The cost to mitigate information security risk is reduced.
D. Organizational awareness of security responsibilities is improved.
D. Organizational awareness of security responsibilities is improved.
Question #:55 - (Exam Topic 3)
Which of the following BEST enables the effectiveness of an agile project for the
rapid development of a new software application?
A. Project segments are established.
B. The work is separated into phases.
C. The work is separated into sprints.
D. Project milestones are created.
C. The work is separated into sprints.
Question #:56 - (Exam Topic 3)
Which of the following provides the BEST assurance of data integrity after file transfers?
A. Check digits
, B. Monetary unit sampling
C. Hash values
D. Reasonableness check
C. Hash values.
Question #:61 - (Exam Topic 3)
Backup procedures for an organization's critical data are considered to be which type
of control?
A. Directive
B. Corrective
C. Detective
D. Compensating
B. Corrective.
Question #:62 - (Exam Topic 3)
An IS auditor has been tasked to review the processes that prevent fraud within a business
expense claim system. Which of the following stakeholders is MOST important to involve
in this review?
A. Information security manager
B. Quality assurance (QA) manager
C. Business department executive
D. Business process owner
D. Business process owner.
Question #:70 - (Exam Topic 3)
What is the PRIMARY benefit of using one-time passwords?
AND 100% CORRECT ANSWERS!!
Question #:19 - (Exam Topic 3)
Which of the following should be the PRIMARY role of an internal audit function in
the management of identified business risks?
A. Establishing a risk appetite
B. Establishing a risk management framework
C. Validating enterprise risk management (ERM)
D. Operating the risk management framework
C. Validating enterprise risk management (ERM).
Question #:20 - (Exam Topic 3)
Which of the following is the MAJOR advantage of automating internal controls?
A. To enable the review of large value transactions
B. To efficiently test large volumes of data
C. To help identity transactions with no segregation of
duties D. To assist in performing analytical reviews
B. To efficiently test large volumes of data.
Question #:23 - (Exam Topic 3)
In an IT organization where many responsibilities are shared which of the following is
the BEST control for detecting unauthorized 2data changes'?
A. Users are required to periodically rotate responsibilities
B. Segregation of duties conflicts are periodically reviewed
,C. Data changes are independently reviewed by another group
D. Data changes are logged in an outside application
C. Data changes are independently reviewed by another group.
Question #:34 - (Exam Topic 3)
When auditing an organization's software acquisition process the BEST way for an IS
auditor to understand the software benefits to the organization would be to review the
A. feasibility study
B. business case
C. request for proposal (RFP)
D. alignment with IT strategy
B. business case.
Question #:35 - (Exam Topic 3)
Demonstrated support from which of the following roles in an organization has the MOST
influence over information security 4governance?
A. Chief information security officer (CISO)
B. Information security steering committee
C. Board of directors
D. Chief information officer (CIO)
C. Board of directors.
Question #:37 - (Exam Topic 3)
A senior auditor is reviewing work papers prepared by a junior auditor indicating that
a finding was removed after the auditee said they corrected the problem. Which of the
following is the senior auditor s MOST appropriate course of action?
A. Ask the auditee to retest
,B. Approve the work papers as written
C. Have the finding reinstated
D. Refer the issue to the audit director
A. Ask the auditee to retest.
Question #:49 - (Exam Topic 3)
Which of the following is the MOST important outcome of an information security
program?
A. Operating system weaknesses are more easily identified.
B. Emerging security technologies are better understood and accepted.
C. The cost to mitigate information security risk is reduced.
D. Organizational awareness of security responsibilities is improved.
D. Organizational awareness of security responsibilities is improved.
Question #:55 - (Exam Topic 3)
Which of the following BEST enables the effectiveness of an agile project for the
rapid development of a new software application?
A. Project segments are established.
B. The work is separated into phases.
C. The work is separated into sprints.
D. Project milestones are created.
C. The work is separated into sprints.
Question #:56 - (Exam Topic 3)
Which of the following provides the BEST assurance of data integrity after file transfers?
A. Check digits
, B. Monetary unit sampling
C. Hash values
D. Reasonableness check
C. Hash values.
Question #:61 - (Exam Topic 3)
Backup procedures for an organization's critical data are considered to be which type
of control?
A. Directive
B. Corrective
C. Detective
D. Compensating
B. Corrective.
Question #:62 - (Exam Topic 3)
An IS auditor has been tasked to review the processes that prevent fraud within a business
expense claim system. Which of the following stakeholders is MOST important to involve
in this review?
A. Information security manager
B. Quality assurance (QA) manager
C. Business department executive
D. Business process owner
D. Business process owner.
Question #:70 - (Exam Topic 3)
What is the PRIMARY benefit of using one-time passwords?
