Scribd
Upload
41 views4 pages

CISA Full Mock Test 150 Questions

Uploaded by

ehab mahfouz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
41 views4 pages

CISA Full Mock Test 150 Questions

Uploaded by

ehab mahfouz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

CISA Full Mock Test (150 Questions)

(1) In a risk based audit planning, an IS auditor's first step is to identify:

A. responsibilities of stakeholders.

B. high-risk areas within the organization.

C. cost centre.

D. profit centre.

(2) Major advantage of risk based approach for audit planning is:

A. Audit planning can be communicated to client in advance.

B. Audit activity can be completed within allotted budget.

C. Use of latest technology for audit activities.

D. Appropriate utilisation of resources for high risk areas.

(3) The decisions and actions of an IS auditor are MOST likely to affect which of the following risks?

A. Inherent

B. Detection

C. Control

D. Business

(4) In planning an audit, the MOST critical step is the identification of the:

A. areas of high risk.

B. skill sets of the audit staff.

C. test steps in the audit.

D. time allotted for the audit.

(5) Risk assessment process is:

A. subjective.

B. objective.

C. mathematical.

D. statistical.
(6) The result of risk management process is used for:

A. forecasting profit

B. post implementation review.

C. designing controls

D. user acceptance testing.

(7) IS Auditor is developing a risk management program, the FIRST activity to be performed is a(n):

A. vulnerability assessment.

B. evaluation of control.

C. identification of assets.

D. gap analysis.

(8) Benefit of development of organizational policies by bottom-up approach is that they:

A. covers whole organization.

B. are derived as a result of a risk assessment.

C. will be in line with overall corporate policy.

D. ensures consistency across the organization.

(9) Risk can be mitigated by:

A. Implementing controls

B. Insurance

C. Audit and certification

D. Contracts and service level agreements (SLAs)

(10) Most important factor while evaluating controls is to ensure that the controls:

A. addresses the risk

B. do not reduce productivity.

C. is less costly than risk.

D. is automotive.

(11) A key element in a risk analysis is:


A. audit planning.

B. controls.

C. vulnerabilities.

D. liabilities.

(12) An IS auditor discovers evidence of fraud perpetrated with a manager's user id. The manager

had written the password, allocated by the system administrator, inside his/her desk drawer. The IS

auditor should conclude that the:

A. manager's assistant perpetrated the fraud.

B. perpetrator cannot be established beyond doubt.

C. fraud must have been perpetrated by the manager.

D. system administrator perpetrated the fraud.

(13) During a review of a customer master file, an IS auditor discovered numerous customer name

duplications arising from variations in customer first names. To determine the extent of the

duplication, the IS auditor would use:

A. test data to validate data input.

B. test data to determine system sort capabilities.

C. generalized audit software to search for address field duplications.

D. generalized audit software to search for account field duplications.

(14) The IS department of an organization wants to ensure that the computer files used in the

information processing facility are adequately backed up to allow for proper recovery. This is a(n):

A. control procedure.

B. control objective.

C. corrective control.

D. operational control.

(15) During a security audit of IT processes, an IS auditor found that there were no documented

security procedures. The IS auditor should:


A. create the procedures document.

B. terminate the audit.

C. conduct compliance testing.

D. identify and evaluate existing practices.

(16) When implementing continuous monitoring systems, an IS auditor's first step is to identify:

A. reasonable target thresholds.

B. high-risk areas within the organization.

C. the location and format of output files.

D. applications that provide the highest potential payback.

(17) In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover

potential anomalies in user or system behavior. Which of the following tools is MOST suitable for

performing that task?

A. CASE tools

B. Embedded data collection tools

C. Heuristic scanning tools

D. Trend/variance detection tools

(18) An IS auditor should use statistical sampling and not judgment (non-statistical) sampling, when:

A. the probability of error must be objectively quantified.

B. the auditor wishes to avoid sampling risk.

C. generalized audit software is unavailable.

D. the tolerable error rate cannot be determined.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy