CISA EXAM QUESTIONS AND 100%
CORRECT ANSWERS!!
When an auditor is planning an information system audit and suspects a potential
control weakness, what are they obligated to do?
The auditor must consider the materiality of the weakness and plan the audit accordingly.
What role does risk assessment have in audit planning?
Risk assessment is used to determine the priorities for audit and allocation of audit resources.
What steps should an auditor take when a material irregularity is discovered?
The auditor should communicate the irregularity to management in a timely manner
What is the risk to an audit if unusual relationships exist between staff members in
the area being audited?
The auditor may be provided inaccurate evidence
True or False? Supervision of the information systems audit staff should not be necessary
if the staff is adequately trained and experienced
True
Once an audit is completed and submitted does the auditor have any
further responsibility?
Yes, the auditor should follow up to ensure that management addressed any audit issues in
a timely manner
IT governance means:
The IT function aligns with business mission, values and objectives
Relationships with third parties may:
Require the organization to comply with the security standards of the third party
, True or False? The organization does not have to worry about the impact of third
party relationships on the security program
False
The role of an Information Systems Security Steering Committee is to:
Provide feedback from all areas of the organization
The most effective tool a security department has is:
A security awareness program
The role of Audit in relation to Information Security is:
The validate the effectiveness of the security program against established metrics
Who should be responsible for development of a risk management strategy?
The Security Manager
The security requirements of each member of the organization should be documented in:
Their job descriptions
What could be the greatest challenge to implementing a new security strategy?
Obtaining buy-in from employees
Which forms of wireless media operate only when there are no obstacles in the
transmission path?
Spread spectrum
What best defines electrical noise?
Extraneous signals introduced onto network media.
An audit log is an example of a:
Detective control
A compensating control is used:
CORRECT ANSWERS!!
When an auditor is planning an information system audit and suspects a potential
control weakness, what are they obligated to do?
The auditor must consider the materiality of the weakness and plan the audit accordingly.
What role does risk assessment have in audit planning?
Risk assessment is used to determine the priorities for audit and allocation of audit resources.
What steps should an auditor take when a material irregularity is discovered?
The auditor should communicate the irregularity to management in a timely manner
What is the risk to an audit if unusual relationships exist between staff members in
the area being audited?
The auditor may be provided inaccurate evidence
True or False? Supervision of the information systems audit staff should not be necessary
if the staff is adequately trained and experienced
True
Once an audit is completed and submitted does the auditor have any
further responsibility?
Yes, the auditor should follow up to ensure that management addressed any audit issues in
a timely manner
IT governance means:
The IT function aligns with business mission, values and objectives
Relationships with third parties may:
Require the organization to comply with the security standards of the third party
, True or False? The organization does not have to worry about the impact of third
party relationships on the security program
False
The role of an Information Systems Security Steering Committee is to:
Provide feedback from all areas of the organization
The most effective tool a security department has is:
A security awareness program
The role of Audit in relation to Information Security is:
The validate the effectiveness of the security program against established metrics
Who should be responsible for development of a risk management strategy?
The Security Manager
The security requirements of each member of the organization should be documented in:
Their job descriptions
What could be the greatest challenge to implementing a new security strategy?
Obtaining buy-in from employees
Which forms of wireless media operate only when there are no obstacles in the
transmission path?
Spread spectrum
What best defines electrical noise?
Extraneous signals introduced onto network media.
An audit log is an example of a:
Detective control
A compensating control is used:
