Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 821:

  In response to an audit finding regarding a payroll application, management implemented a new automated control. Which of the following would be MOST helpful to the IS auditor when evaluating the effectiveness of the new control?

  A. Approved test scripts and results prior to implementation
  B. Written procedures defining processes and controls
  C. Approved project scope document
  D. A review of tabletop exercise results
  B. Written procedures defining processes and controls

  ---

  Explanation

  The best way to evaluate the effectiveness of a new automated control is to review the written procedures that define the processes and controls. This will help the IS auditor to understand the objectives, scope, roles, responsibilities, and

  expected outcomes of the control. The written procedures will also provide a basis for testing the control and verifying its compliance with the audit finding recommendations.

  References:

  ISACA Frameworks: Blueprints for Success

  CISA Review Manual (Digital Version)

• Question 822:

  Which of the following is MOST important to consider when defining disaster recovery strategies?

  A. Maximum tolerable downtime (MTD)
  B. Mean time to restore (MTTR)
  C. Mean time to acknowledge
  D. Maximum time between failures (MTBF)
  A. Maximum tolerable downtime (MTD)

  ---

  Explanation

  Explanation

• Question 823:

  Which of the following BEST demonstrates to senior management and the board that an audit function is compliant with standards and the code of ethics?

  A. Audit staff interviews
  B. Quality control reviews
  C. Control self-assessments (CSAs)
  D. Corrective action plans
  B. Quality control reviews

  ---

  Explanation

  Quality control reviews are the best way to demonstrate to senior management and the board that an audit function is compliant with standards and the code of ethics. These reviews assess the efficiency and effectiveness of the audit function, ensure compliance with audit standards and ethics, and identify areas for improvement. While audit staff interviews, control self-assessments (CSAs), and corrective action plans can provide valuable insights, they do not offer the same level of assurance as a comprehensive quality control review.

• Question 824:

  Which of the following is an IS auditor s GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?

  A. The organization may be more susceptible to cyber-attacks.
  B. The organization may not be in compliance with licensing agreement.
  C. System functionality may not meet business requirements.
  D. The system may have version control issues.
  A. The organization may be more susceptible to cyber-attacks.

  ---

  Explanation

• Question 825:

  Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system. What is the BEST control to ensure that data is accurately entered into the system?

  A. Reconciliation of total amounts by project
  B. Validity checks, preventing entry of character data
  C. Reasonableness checks for each cost type
  D. Display the back of the project detail after the entry
  A. Reconciliation of total amounts by project

  ---

  Explanation

  Reconciliation of total amounts by project is the best control to ensure that data is accurately entered into the job-costing system from spreadsheets. Reconciliation is a process of comparing two sets of data to identify any differences or discrepancies between them. By reconciling the total amounts by project from spreadsheets with those from the job-costing system, any errors or omissions in data entry can be detected and corrected. Validity checks are controls that verify that data conforms to predefined formats or ranges. They can prevent entry of character data into numeric fields, but they cannot ensure that the numeric data is correct or complete. Reasonableness checks are controls that verify that data is within expected or acceptable limits. They can detect outliers or anomalies in data, but they cannot ensure that the data matches the source. Display back of project detail after entry is a control that allows the user to review and confirm the data entered into the system. It can help reduce human errors, but it cannot guarantee that the data is accurate or consistent with the source.

  References: Information Systems Operations and Business Resilience, CISA Review Manual (Digital Version)

• Question 826:

  Who is PRIMARILY responsible for the design of IT controls to meet control objectives?

  A. Risk management
  B. Business management
  C. IT manager
  D. Internal auditor
  B. Business management

  ---

  Explanation

• Question 827:

  Which of the following is the PRIMARY objective of data loss prevention (DLP) mechanisms?

  A. Enhancing system performance while safeguarding against data loss
  B. Automating data loss recovery procedures to minimize downtime in case of incidents
  C. Protecting against unauthorized transmissions or disclosure of sensitive data
  D. Ensuring compliance with regulatory requirements for data protection
  C. Protecting against unauthorized transmissions or disclosure of sensitive data

  ---

  Explanation

  Explanation

• Question 828:

  Which of the following is the BEST way to control the concurrent use of licensed software?

  A. User self-discipline.
  B. Monitor by system administrator.
  C. Surprise audit conducted by vendors.
  D. Metering software
  B. Monitor by system administrator.

  ---

  Explanation

• Question 829:

  When is it MOST important for an IS auditor to apply the concept of materiality in an audit?

  A. When planning an audit engagement
  B. When gathering information for the fieldwork
  C. When a violation of a regulatory requirement has been identified
  D. When evaluating representations from the auditee
  A. When planning an audit engagement

  ---

  Explanation

  The concept of materiality is most important for an IS auditor to apply when planning an audit engagement, because it helps the auditor to determine the scope, objectives, procedures and resources of the audit. Materiality is the degree to which an omission or misstatement of information could affect the users' decisions or the achievement of the audit objectives. By applying the concept of materiality, the auditor can focus on the most significant and relevant areas of the audit and avoid wasting time and effort on trivial or immaterial matters. The other options are not as important as planning an audit engagement, because they are either based on or affected by the materiality assessment done during the planning phase.

  References: ISACA, CISA Review Manual, 27th Edition, chapter 1, section 1.31 ISACA, IT Audit and Assurance Standards, Guidelines and Tools and Techniques for IS Audit and Assurance Professionals, section 12022

• Question 830:

  A computer forensic audit is MOST relevant in which of the following situations?

  A. Inadequate controls in the IT environment
  B. Mismatches in transaction data
  C. Missing server patches
  D. Data loss due to hacking of servers
  D. Data loss due to hacking of servers

  ---

  Explanation

  A computer forensic audit is a process of collecting, preserving, analyzing, and presenting digital evidence from electronic devices in a legally admissible manner. It is most relevant in situations where data loss due to hacking of servers occurs, as it can help to identify the source, method, and extent of the attack, as well as recover the lost or damaged data. The other options are not as suitable for a computer forensic audit, as they relate to internal control issues, data quality issues, or system maintenance issues, which can be addressed by other types of audits or reviews.

  References: CISA Review Manual (Digital Version), Domain 4: Information Systems Operations and Business Resilience, Section 4.5 Computer Forensics