CISA Auditing Trivia Questions! Quiz
Settings
It is important to read the CISA examination questions thoroughly, as CISA updates their instructions yearly, which are crucial for the attainment of success in the exams. Any candidate of CISA examination should not commence the examination without going through the instructions. Important information includes the length and the language available, examination domains, and the number of exams questions. This quiz will test your knowledge on what you know on CISA auditing.
- 1.An IS auditor reviewing an application's controls would evaluate the:
- A.
Efficiency of the application in meeting the business processes.
- B.
Impact of any exposures discovered.
- C.
Business processes served by the application.
- D.
Application's optimization
- 2.When assessing the design of network monitoring controls, an IS auditor should FIRST review network:
- A.
Topology diagrams.
- B.
Bandwidth usage.
- C.
Traffic analysis reports.
- D.
Bottleneck locations
- 3.In an audit of an inventory application, which approach would provide the BEST evidence that purchase orders are valid?
- A.
Tracing purchase orders to a computer listing
- B.
Comparing receiving reports to purchase order details
- C.
Testing whether inappropriate personnel can change application parameters.
- D.
Reviewing the application documentation
- 4.An audit charter should:
- A.
Be dynamic and often change to coincide with the changing nature of technology and the audit profession.
- B.
Clearly state audit objectives for, and the delegation of, the authority to the maintenance and review of internal controls.
- C.
Document the audit procedures designed to achieve the planned audit objectives.
- D.
Outline the overall authority, scope, and responsibilities of the audit function.
- 5.Which of the following is a benefit of a risk-based approach to audit planning? Audit:
- A.
Scheduling may be performed months in advance.
- B.
Resources are allocated to the areas of highest concern.
- C.
Staff will be exposed to a variety of technologies
- D.
Budgets are more likely to be met by the IS audit staff.
- 6.Which of the following is a substantive test?
- A.
Ensuring approval for parameter changes
- B.
Reviewing password history reports
- C.
Checking a list of exception reports
- D.
Using a statistical sample to inventory the tape library.
- 7.The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures:
- A.
Appropriate levels of protection are applied to information assets.
- B.
A basic level of protection is applied regardless of asset value.
- C.
Information assets are overprotected.
- D.
An equal proportion of resources are devoted to protecting all information assets.
- 8.The PRIMARY advantage of a continuous audit approach is that it:
- A.
Does not require an IS auditor to collect evidence on system reliability while processing is taking place.
- B.
Requires the IS auditor to review and follow up immediately on all information collected.
- C.
Can improve system security when used in time-sharing environments that process a large number of transactions.
- D.
Does not depend on the complexity of an organization's computer systems
- 9.When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:
- A.
Controls needed to mitigate risks are in place.
- B.
Vulnerabilities and threats are identified.
- C.
Audit risks are considered.
- D.
A gap analysis is appropriate
- 10.The PRIMARY purpose of audit trails is to:
- A.
Improve response time for users.
- B.
Establish accountability and responsibility for processed transactions.
- C.
Improve the operational efficiency of the system.
- D.
Provider useful information to auditors who may wish to track transactions
Back to top