Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISA 1.0 - ISACA > A2-1 - 152 > Flashcards

A2-1 - 152 Flashcards

1
Q

Organizations requiring employees to take a mandatory vacation each year PRIMARILY want to ensure:

A. adequate cross-training exists between functions
B. an effective internal control environment is in place by increasing morale.
C. potential irregularities in processing are identified by a temporary replacement
D. the risk of processing errors is reduced.

A

C. potential irregularities in processing are identified by a temporary replacement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An IS auditor is verifying IT policies and finds that some of the policies have not been approved by management (as required by policy), but the employees strictly follow the policies. What should the IS auditor do FIRST?

A. Ignore the absence of management approval because employees follow the policies.
B. Recommend immediate management approval of the policies.
C. Emphasize the importance of approval to management
D. Report the absence of documented approval.

A

D. Report the absence of documented approval.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the PRIMARY consideration fo an IS auditor reviewing the prioritization and coordination of IT projects and program management?

A. Projects are aligned with the organization’s strategy
B. Identified project risk is monitored and mitigated
C. Controls repeated to project planning and budget are appropriate.
D. IT project metrics are reported accurately.

A

A. Projects are aligned with the organization’s strategy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In a review of human resource policies and procedures within an organization, an IS auditor is MOST concerned with the absence of a:

A. requirement for periodic job rotations.
B. process for formalized exit interviews
C. termination checklist
D. requirement for new employees to sign a nondisclosure agreement

A

C. termination checklist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following factors is MOST critical when evaluating the effectiveness of an IT governance implementation?

A. Ensure the assurance objects are defined.
B. Determine stakeholder requirements and involvement
C. Identify relevant risk and related opportunities.
D. Determine relevant enablers and their applicability.

A

B. Determine stakeholder requirements and involvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is the BEST reason to implement a policy that places conditions on secondary employment for IT employees?

A. To prevent the misuse of corporate resources
B. To prevent conflicts of interest.
C. To prevent employee performance issue
D. To prevent the theft of IT assets.

A

B. To prevent conflicts of interest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An IS auditor has been assigned to review an organization’s information security policy. Which of the following issues represents the HIGHEST potential risk?

A. The policy has not been updated in more than one year.
B. The policy includes no revision history.
C. The policy is approved by the security administrator.
D. The company does not have an information security policy committee.

A

C. The policy is approved by the security administrator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When performing a review of a business process re-engineering (BPR) effort, which of the following is of PRIMARY concern?

A. Controls are eliminated as part of the streamlining BPR effort.
B. Resources are not adequate to support the BPR process
C. The audit department does not have a consulting role in the BPR effort.
D. The BPR effort includes employees with limited knowledge of the process area.

A

A. Controls are eliminated as part of the streamlining BPR effort.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When auditing the IT governance framework and IT risk management practices existing within an organization, the IS auditor identified some undefined responsibilities regarding IT management and governance roles. Which of the following recommendations is the MOST appropriate?

A. Review the strategic alignment of IT with the business.
B. Implement accountability rules within the organization.
C. Ensure that independent IS audits are conducted periodically.
D. Create a chief risk officer role in the organization.

A

B. Implement accountability rules within the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An IS auditor is performing a review of the software quality management process in an organization. The FIRST step should be to:

A. Verify how the organization complies the standards.
B. Identify and report the existing controls
C. Review the metrics for quality evaluation.
D. Request all standards adopted by the organization.

A

D. Request all standards adopted by the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An IS auditor found that the enterprise architecture (EA) recently adopted by an organization has an adequate current- state representation. However, the organization has started a separate project to develop a future-state representation. The IS auditor should:

A. Recommend that this separate project be completed as soon as possible.
B. Report this issue as a finding in the audit report.
C. Recommend the adoption of the Zachmann framework.
D. Rescope the audit to include the separate project as part of the current audit.

A

B. Report this issue as a finding in the audit report.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An IS auditor is evaluating management’s risk assessment of information systems. The IS auditor should FIRST review:

A. Controls in place.
B. Effectiveness of the controls.
C. Mechanism for monitoring the risk.
D. Threats/vulnerabilities affecting the assets.

A

D. Threats/vulnerabilities affecting the assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The PRIMARY benefit of an enterprise architecture initiate is to:

A. Enable the organization to invest in the most appropriate technology
B. Ensure security controls are implemented on critical platforms.
C. Allow development teams to be more responsive to business requirements.
D. Provide business units with greater autonomy to select it solutions that fit their needs.

A

A. Enable the organization to invest in the most appropriate technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following situations is addressed by a software escrow agreement?

A. The system administrator requires access to software to recover from a disaster.
B. A user requests to have software reloaded onto a replacement hard drive.
C. The vendor of custom-written software goes out of business.
D. An IS auditor requires

A

C. The vendor of custom-written software goes out of business.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An IS auditor reviews an organizational chart PRIMARILY for:

A. Understanding of the complexity of the organizational structure.
B. Investigating various communication channels.
C. Understanding the responsibilities and authority of individuals.
D. Investigating the network connected to different employees.

A

C. Understanding the responsibilities and authority of individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Sharing risk is a key factor in which of the following methods of managing risk?

A. Transferring risk.
B. Tolerating risk.
C. Terminating risk.
D. Treating risk.

A

A. Transferring risk.

17
Q

A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential impact, the team should:

A. Compute the amortization of the related assets.
B. Calculate a return on investment.
C. Apply a qualitative approach.
D. Spend the time needed to define the loss amount exactly.

A

C. Apply a qualitative approach.

18
Q

While reviewing a quality management system, the IS auditor should PRIMARILY focus on collecting evidence to show that:

A. Quality management systems comply with good practices.
B. Continuous improvement targets are being monitored.
C. Standard operating procedures of it are updated annually.
D. Key performance indicators are defined.

A

B. Continuous improvement targets are being monitored.

19
Q

An IS auditor discovers several IT-based projects were implemented and not approved by the steering committee. What is the GREATEST concern for the IS auditor?

A. The IT department’s projects will not be adequately funded.
B. IT projects are not following the system development life cycle precess.
C. IT projects are not consistently formally approves.
D. The IT department may not be working toward a common goal.

A

D. The IT department may not be working toward a common goal.

20
Q

Value delivery from IT to the business is MOST effectively achieved by:

A. Aligning the IT strategy with the enterprise strategy
B. Embedding accountability in the enterprise.
C. Providing a positive return on investment.
D. Establishing an enterprise risk management process.

A

A. Aligning the IT strategy with the enterprise strategy

21
Q

During a feasibility study regarding outsourcing IT processing, the relevance for the IS auditor of reviewing the vendor’s business continuity plan is to:

A. Evaluate the adequacy of the service levels that the vendor can provide in a contingency.
B. Evaluate the financial stability of the service bureau and its ability to fulfill the contract.
C. Review the experience of the vendor’s staff
D. Test the business continuity plan.

A

A. Evaluate the adequacy of the service levels that the vendor can provide in a contingency.

CISA 1.0 - ISACA (51 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions