Sample Questions Best site for GRE, LSAT, SAT, GMAT, TOEFL, CCNA, CCSA and interview sample questions  


CISA Sample Questions

  1. Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should:

    1. include the finding in the final report because the IS auditor is responsible for an accurate report of all findings.
    2. not include the finding in the final report because the audit report should include only unresolved findings.
    3. not include the finding in the final report because corrective action can be verified by the IS auditor during the audit.
    4. include the finding in the closing meeting for discussion purposes only.

    Answer: A

  2. In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by:

    1. the availability of CAATs.
    2. management's representation.
    3. organizational structure and job responsibilities.
    4. the existence of internal and operational controls

    Answer: D

  3. The PRIMARY advantage of a continuous audit approach is that it:

    1. does not require an IS auditor to collect evidence on system reliability while processing is taking place.
    2. requires the IS auditor to review and follow up immediately on all information collected.
    3. can improve system security when used in time-sharing environments that process a large number of transactions.
    4. does not depend on the complexity of an organization's computer systems.

    Answer: C

  4. Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?

    1. User management coordination does not exist.
    2. Specific user accountability cannot be established.
    3. Unauthorized users may have access to originate, modify or delete data.
    4. Audit recommendations may not be implemented.

    Answer: C

  5. IT control objectives are useful to IS auditors, as they provide the basis for understanding the:

    1. desired result or purpose of implementing specific control procedures.
    2. best IT security control practices relevant to a specific entity.
    3. techniques for securing information.
    4. security policy.

    Answer: A

  6. In reviewing the IS short-range (tactical) plan, the IS auditor should determine whether:

    1. there is an integration of IS and business staffs within projects.
    2. there is a clear definition of the IS mission and vision.
    3. there is a strategic information technology planning methodology in place.
    4. the plan correlates business objectives to IS goals and objectives.

    Answer: A

  7. An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses wireless transport layer security (WTLS) and secure socket layers (SSL) technology for protecting their customer's payment information. The IS auditor should be MOST concerned, if a hacker:

    1. compromised the wireless application protocol (WAP) gateway.
    2. installed a sniffing program in front of the server.
    3. stole a customer's PDA.
    4. listened to the wireless transmission.

    Answer: A

  8. An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review?

    1. Availability of online network documentation
    2. Support of terminal access to remote hosts
    3. Handling file transfer between hosts and interuser communications
    4. Performance management, audit and control

    Answer: A

  9. An organization provides information to its supply-chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?

    1. A secure sockets layer (SSL) has been implemented for user authentication and remote administration of the firewall.
    2. On the basis of changing requirements, firewall policies are updated.
    3. Inbound traffic is blocked unless the traffic type and connections have been specifically permitted.
    4. The firewall is placed on top of the commercial operating system with all installation options.

    Answer: D

  10. Which of the following cryptography options would increase overhead/cost?

    1. The encryption is symmetric rather than asymmetric.
    2. A long asymmetric encryption key is used.
    3. The hash is encrypted rather than the message.
    4. A secret key is used.

    Answer: B

« Previous || Next »

CISA sample question number : 1-10 | 11-20 | 21-25
Sample Test Questions
GRE Sample Questions
CAT Sample Questions
GMAT Sample Questions
TOEFL Sample Questions
ACT Sample Questions
SAT Sample Questions
LSAT Sample Questions
PSAT Sample Questions
MCAT Sample Questions
PMP Sample Questions
GED Sample Questions
ECDL Sample Questions
DMV Sample Questions
CCNA Sample Questions
MCSE Sample Questions
Network+ Sample Questions
A+ Sample Questions
Technical Sample Questions
WASL Sample Questions
CISA Sample Questions

Other Sample Questions
Sample Interview Questions
Sample Teacher Interview Questions
Sample Citizenship Questions
Accuplacer Sample Questions
Science Bowl sample Questions
Driving Test Sample Questions
Sample Survey Questions Sample Essay Questions
Sample Behavioral Interview Questions

Copyright © 2004-2011, Best Sample Questions. All Rights Reserved.