CISA Exam 400 + Comprehensive Study Guide Questions and Correct
Answers
Most important step in risk analysis is to identify
a. Competitors
b. controls
c. vulnerabilities
d. liabilities
c. vulnerabilities
In a risk-based audit planning, an IS auditor's first step is to identify:
a. responsibilities of stakeholders
b. high-risk areas within the organization
c. cost Centre
d. profit Centre
b. high-risk areas within the organization
When developing a risk-based audit strategy, an IS auditor should conduct a risk
assessment to ensure that:
a. segregation of duties to mitigate risks is in place
b. all the relevant vulnerabilities and threats are identified
c. regularity compliance is adhered to
d. business is profitable
b. all the relevant vulnerabilities and threats are identified
Which of the following sit he role of IT steering committee?
a. Issuance of Purchase Order (PO) to empaneled vendor
b. providing hardware support
c. prioritization of IT projects as per business requirement
d. advises board on IT strategy
c. prioritization of IT projects as per business requirement
,The chairperson for steering committee who can have significant impact on a
business area would be the :
a. board member
b. executive level officer
c. chief information officer (CIO)
d. Business analyst
b. executive level officer
An IS steering committee should constitute of:
a. board members
b. user management
c. key executives and representatives from user management
d. members from IT dept.
c. key executives and representatives from user management
Which of the following is a PRIME role of an IT steering committee?
a. IT support tot user management
b. monitoring IT proprieties and milestones
c. monitoring IT vendors
d. Advise board members about new projects
b. monitoring IT proprieties and milestones
An IT steering committee should review the IT process to determine:
a. alignment of IT processes with business requirement
b. capacity management
c. functionality of existing software
d. stability of installed technology
a. alignment of IT processes with business requirement
,Which of the following is a function of an IS steering committee?
a. monitoring change management and control testing
b. monitoring role conflict assessment
c. approving and monitoring major projects, the sautés of IS plans and budgets
d. monitoring service level agreements with third party vendors.
c. approving and monitoring major projects, the sautés of IS plans and budgets
IS department is in process of floating the request for proposal (RFP) for the
acquisition of an application system. Who would MOST likely to approve content
of RFP:
a. project steering committee
b. project sponsor
c. project manager
d. IS strategy committee
a. project steering committee
The prime objective of review of information systems buy IT steering committee
should be to assess:
a. alignment of IT processes as per business requirement
b. alignment t of business process as per IT requirement
c. The capacity of existing software
d. the capacity of installed technology
a. alignment of IT processes as per business requirement
An IS auditor is reviewing an organization's IT strategic plan. He should FIRST
review?
a. Alignment of IT processes as per business requirement
b. the business plan
c. the capacity of installed technology
d. latest technology trends
, b. the business plan
Information security governance requires strategic alignment in terms of:
a. enterprise requirements are the basis for security requirements
b. security requirements are the basis for enterprise requirements
c. current technology trend
d. benchmarking with industry standards
a. enterprise requirements are the basis for security requirements
As a part of effective IT governance, IT plan should be consistent with the
organization's:
a. business plan
b. information security plan
c. business continuity plan
d. risk management plan
a. business plan
Best way to determine that whether IS functions support the organization's
business objective is to ensure that:
a. IS has latest available equipment’s
b. IS plans are designed as per business objectives
c. all resources are utilized effectively and efficiently
d. IS has proper control over outsourcing partners
b. IS plans are designed as per business objectives
To improve the IS alignment with business, which of the following tis the best
practice?
a. outsourcing risks are managed
b. use of latest technology to operate business
c. structured way of sharing of business information
Answers
Most important step in risk analysis is to identify
a. Competitors
b. controls
c. vulnerabilities
d. liabilities
c. vulnerabilities
In a risk-based audit planning, an IS auditor's first step is to identify:
a. responsibilities of stakeholders
b. high-risk areas within the organization
c. cost Centre
d. profit Centre
b. high-risk areas within the organization
When developing a risk-based audit strategy, an IS auditor should conduct a risk
assessment to ensure that:
a. segregation of duties to mitigate risks is in place
b. all the relevant vulnerabilities and threats are identified
c. regularity compliance is adhered to
d. business is profitable
b. all the relevant vulnerabilities and threats are identified
Which of the following sit he role of IT steering committee?
a. Issuance of Purchase Order (PO) to empaneled vendor
b. providing hardware support
c. prioritization of IT projects as per business requirement
d. advises board on IT strategy
c. prioritization of IT projects as per business requirement
,The chairperson for steering committee who can have significant impact on a
business area would be the :
a. board member
b. executive level officer
c. chief information officer (CIO)
d. Business analyst
b. executive level officer
An IS steering committee should constitute of:
a. board members
b. user management
c. key executives and representatives from user management
d. members from IT dept.
c. key executives and representatives from user management
Which of the following is a PRIME role of an IT steering committee?
a. IT support tot user management
b. monitoring IT proprieties and milestones
c. monitoring IT vendors
d. Advise board members about new projects
b. monitoring IT proprieties and milestones
An IT steering committee should review the IT process to determine:
a. alignment of IT processes with business requirement
b. capacity management
c. functionality of existing software
d. stability of installed technology
a. alignment of IT processes with business requirement
,Which of the following is a function of an IS steering committee?
a. monitoring change management and control testing
b. monitoring role conflict assessment
c. approving and monitoring major projects, the sautés of IS plans and budgets
d. monitoring service level agreements with third party vendors.
c. approving and monitoring major projects, the sautés of IS plans and budgets
IS department is in process of floating the request for proposal (RFP) for the
acquisition of an application system. Who would MOST likely to approve content
of RFP:
a. project steering committee
b. project sponsor
c. project manager
d. IS strategy committee
a. project steering committee
The prime objective of review of information systems buy IT steering committee
should be to assess:
a. alignment of IT processes as per business requirement
b. alignment t of business process as per IT requirement
c. The capacity of existing software
d. the capacity of installed technology
a. alignment of IT processes as per business requirement
An IS auditor is reviewing an organization's IT strategic plan. He should FIRST
review?
a. Alignment of IT processes as per business requirement
b. the business plan
c. the capacity of installed technology
d. latest technology trends
, b. the business plan
Information security governance requires strategic alignment in terms of:
a. enterprise requirements are the basis for security requirements
b. security requirements are the basis for enterprise requirements
c. current technology trend
d. benchmarking with industry standards
a. enterprise requirements are the basis for security requirements
As a part of effective IT governance, IT plan should be consistent with the
organization's:
a. business plan
b. information security plan
c. business continuity plan
d. risk management plan
a. business plan
Best way to determine that whether IS functions support the organization's
business objective is to ensure that:
a. IS has latest available equipment’s
b. IS plans are designed as per business objectives
c. all resources are utilized effectively and efficiently
d. IS has proper control over outsourcing partners
b. IS plans are designed as per business objectives
To improve the IS alignment with business, which of the following tis the best
practice?
a. outsourcing risks are managed
b. use of latest technology to operate business
c. structured way of sharing of business information
