CISA Questions & ANSWERS RATED
A+ PASSED
Which of the following is the first step in risk based audit planning? - correct answer ✔✔ To
identify high risk processes in the company
Which of the following is a major advantage of a risk based approach to audit planning? -
correct answer ✔✔ Optimum use of audit resources for high risk processes
Which of the following should be the first exercise while reviewing data center security? -
correct answer ✔✔ The evaluation of vulnerabilities and threats to the data center location
Which of the following is the most important aspect of planning an audit? - correct answer ✔✔
Identifying high-risk processes
Who should approve an audit charter? - correct answer ✔✔ Senior management // audit
committee
What should be the content of an audit charter? - correct answer ✔✔ The scope, authority, and
responsibility of the audit function
What is the prime reason for review of an organization chart? - correct answer ✔✔ To
understand the authority and responsibility of individuals
The actions of an information systems auditor are primarily influenced by? - correct answer ✔✔
The audit charter
,Which document provides the overall authority for an auditor to perform and audit? - correct
answer ✔✔ Audit charter
What is the primary reason for the audit function directly reporting the audit committee? -
correct answer ✔✔ Independence; The audit function must be independent of the business
function and should have direct access to the audit committee of the board
The audit charter should: - correct answer ✔✔ Incorporate the scope, authority, and
responsibility of the audit function
The primary objective of an audit charter is to: - correct answer ✔✔ Document the
responsibility and authority of the audit department
Which of the following is a result of a risk management process? - correct answer ✔✔ Decisions
regarding the security policy
How are inbound transactions controlled in an EDI environment? - correct answer ✔✔ Inbound
transactions are controlled via
- logs of the receipt of inbound transactions
- the use of segment count totals
- the use of check digits to detect transposition and transcription errors.
Which of the following is the area of greatest concern in an EDI Process? - correct answer ✔✔
The contract for a trading partner as not been entered
What is the objective of encryption? - correct answer ✔✔ To ensure the integrity and
confidentiality of transactions
,Encryption helps in achieving which of the following objectives in an EDI environment? - correct
answer ✔✔ Ensuring the confidentiality and integrity of transactions
In an EDI environment, which of the following procedures ensures the completeness of an
inbound transaction? - correct answer ✔✔ Building a segment count total
What is the major risk of EDI transactions? - correct answer ✔✔ Absence of agreement
In which of the following processes are details entered by one employee reentered by another
employee to check their accuracy? - correct answer ✔✔ Key verification
What is the objective of key verification control? - correct answer ✔✔ A method where data is
entered a second time and compared with the initial data entry to ensure that the data entered
is correct. This is generally used in EFT transactions, where another employee re-enters the
same data to perform this check before any money is transferred.
What is the objective of nonrepudation? - correct answer ✔✔ Ensures that a transaction is
enforceable and that the sender cannot later deny generating and sending the message
What is the most important component of AI/expert system area? - correct answer ✔✔
Knowledge base
Which of the following is used in an e-commerce application to ensure that a transaction of
enforceable? - correct answer ✔✔ Non-repudation
Segregation of duties is an example of which type of control? - correct answer ✔✔ Preventive
control
Controls that enable a risk or deficiency to be corrected before a loss occurs are known as: -
correct answer ✔✔ Corrective controls
, Controls that directly mitigate a risk or lack of controls acting upon a risk are known as: - correct
answer ✔✔ Compensating Controls
An organization has designed a well structured process documentation to prevent processing
errors. This is an example of what type of control? - correct answer ✔✔ Preventive control
An organization has designed a control that enables a deficiency to be corrected before a loss
occurs. This is an example of what type of control? - correct answer ✔✔ Corrective control
Utilizing a service of only qualified resources is an example of what control type? - correct
answer ✔✔ Preventive control
A check subroutine that identifies an error and makes a correction before enabling the process
to continue is an example of what type of control? - correct answer ✔✔ Corrective control
An organization has put up warning signs restricting unauthorized entry to its data center. This is
example of what type of control? - correct answer ✔✔ Deterrent control
An organization has implemented 'echo' protocol in its telecommunication channel. This is an
example of what type of control? - correct answer ✔✔ Detective control
Checkpoints in a production job are examples of what kind of control? - correct answer ✔✔
Detective control
Controls that minimize the impact of a threat are what kind of controls? - correct answer ✔✔
Corrective controls
A+ PASSED
Which of the following is the first step in risk based audit planning? - correct answer ✔✔ To
identify high risk processes in the company
Which of the following is a major advantage of a risk based approach to audit planning? -
correct answer ✔✔ Optimum use of audit resources for high risk processes
Which of the following should be the first exercise while reviewing data center security? -
correct answer ✔✔ The evaluation of vulnerabilities and threats to the data center location
Which of the following is the most important aspect of planning an audit? - correct answer ✔✔
Identifying high-risk processes
Who should approve an audit charter? - correct answer ✔✔ Senior management // audit
committee
What should be the content of an audit charter? - correct answer ✔✔ The scope, authority, and
responsibility of the audit function
What is the prime reason for review of an organization chart? - correct answer ✔✔ To
understand the authority and responsibility of individuals
The actions of an information systems auditor are primarily influenced by? - correct answer ✔✔
The audit charter
,Which document provides the overall authority for an auditor to perform and audit? - correct
answer ✔✔ Audit charter
What is the primary reason for the audit function directly reporting the audit committee? -
correct answer ✔✔ Independence; The audit function must be independent of the business
function and should have direct access to the audit committee of the board
The audit charter should: - correct answer ✔✔ Incorporate the scope, authority, and
responsibility of the audit function
The primary objective of an audit charter is to: - correct answer ✔✔ Document the
responsibility and authority of the audit department
Which of the following is a result of a risk management process? - correct answer ✔✔ Decisions
regarding the security policy
How are inbound transactions controlled in an EDI environment? - correct answer ✔✔ Inbound
transactions are controlled via
- logs of the receipt of inbound transactions
- the use of segment count totals
- the use of check digits to detect transposition and transcription errors.
Which of the following is the area of greatest concern in an EDI Process? - correct answer ✔✔
The contract for a trading partner as not been entered
What is the objective of encryption? - correct answer ✔✔ To ensure the integrity and
confidentiality of transactions
,Encryption helps in achieving which of the following objectives in an EDI environment? - correct
answer ✔✔ Ensuring the confidentiality and integrity of transactions
In an EDI environment, which of the following procedures ensures the completeness of an
inbound transaction? - correct answer ✔✔ Building a segment count total
What is the major risk of EDI transactions? - correct answer ✔✔ Absence of agreement
In which of the following processes are details entered by one employee reentered by another
employee to check their accuracy? - correct answer ✔✔ Key verification
What is the objective of key verification control? - correct answer ✔✔ A method where data is
entered a second time and compared with the initial data entry to ensure that the data entered
is correct. This is generally used in EFT transactions, where another employee re-enters the
same data to perform this check before any money is transferred.
What is the objective of nonrepudation? - correct answer ✔✔ Ensures that a transaction is
enforceable and that the sender cannot later deny generating and sending the message
What is the most important component of AI/expert system area? - correct answer ✔✔
Knowledge base
Which of the following is used in an e-commerce application to ensure that a transaction of
enforceable? - correct answer ✔✔ Non-repudation
Segregation of duties is an example of which type of control? - correct answer ✔✔ Preventive
control
Controls that enable a risk or deficiency to be corrected before a loss occurs are known as: -
correct answer ✔✔ Corrective controls
, Controls that directly mitigate a risk or lack of controls acting upon a risk are known as: - correct
answer ✔✔ Compensating Controls
An organization has designed a well structured process documentation to prevent processing
errors. This is an example of what type of control? - correct answer ✔✔ Preventive control
An organization has designed a control that enables a deficiency to be corrected before a loss
occurs. This is an example of what type of control? - correct answer ✔✔ Corrective control
Utilizing a service of only qualified resources is an example of what control type? - correct
answer ✔✔ Preventive control
A check subroutine that identifies an error and makes a correction before enabling the process
to continue is an example of what type of control? - correct answer ✔✔ Corrective control
An organization has put up warning signs restricting unauthorized entry to its data center. This is
example of what type of control? - correct answer ✔✔ Deterrent control
An organization has implemented 'echo' protocol in its telecommunication channel. This is an
example of what type of control? - correct answer ✔✔ Detective control
Checkpoints in a production job are examples of what kind of control? - correct answer ✔✔
Detective control
Controls that minimize the impact of a threat are what kind of controls? - correct answer ✔✔
Corrective controls
