It Auditing CISA Trivia Questions! Quiz

10 Questions

Settings
It Auditing CISA Trivia Questions! Quiz

Quite a number of growing companies are coming to understand the importance of CISA; therefore it is mandatory for their intending employee to pass the Certified Information System Auditors. The program is ideal for managers, system administrators, technical staff, security professionals and auditors. This short will test knowledge on Certified Information System Auditors.


Questions and Answers
  • 1. 
    When selecting audit procedures, an IS auditor should use professional judgment to ensure that:
    • A. 

      All significant deficiencies identified will be corrected within a reasonable period.

    • B. 

      All material weaknesses will be identified.

    • C. 

      Sufficient evidence will be collected.

    • D. 

      Audit costs will be kept at a lower level.

  • 2. 
    The PRIMARY goal of an IS auditor during the planning stage of an IS audit, is to:
    • A. 

      Address audit objectives.

    • B. 

      Collect sufficient evidence.

    • C. 

      Specify appropriate tests.

    • D. 

      Minimize audit resources

  • 3. 
    An IS auditor should use statistical sampling and not judgment (nonstatistical) sampling, when:
    • A. 

      The auditor wishes to avoid sampling risk.

    • B. 

      Generalized audit software is unavailable.

    • C. 

      The probability of error must be objectively quantified.

    • D. 

      The tolerable error rate cannot be determined.

  • 4. 
    While planning an audit, an assessment of risk should be made to provide:  
    • A. 

      Definite assurance that material items will be duly covered during the auditing.

    • B. 

      Reasonable assurance that the audit will cover material items.

    • C. 

      Reasonable assurance that the auditor will duly cover all items.

    • D. 

      Sufficient assurance that all items will be duly covered during the audit work

  • 5. 
    In planning an audit, the MOST critical step is the identification of the:
    • A. 

      Skill sets of the audit staff.

    • B. 

      Test steps in the audit.

    • C. 

      Time allotted for the audit.

    • D. 

      Areas of high risk.

  • 6. 
    To ensure that audit resources deliver the best value to the organization, the FIRST step would be to:
    • A. 

      Schedule the audits and monitor the time incurred on each audit.

    • B. 

      Train the IS auditing staff on current technology used in the company.

    • C. 

      Develop the audit plan based on a detailed risk assessment.

    • D. 

      Monitor the progress of audits and initiate cost control measures.

  • 7. 
    An IS auditor evaluating logical access controls should FIRST:
    • A. 

      Obtain an understanding of the security risks to information processing.

    • B. 

      Test controls over the access paths to determine if they are functional or not.

    • C. 

      Evaluate the security environment regarding written policies and practices.

    • D. 

      Document the controls that will be applied to the potential access paths to the system.

  • 8. 
    The extent to which data will be collected during an IS audit should be determined based on the: Mark one answer:
    • A. 

      Auditee's ability to find relevant evidence.

    • B. 

      Auditor's familiarity with the circumstances.

    • C. 

      Purpose and scope of the audit are done. 

    • D. 

      Availability of critical and required information.

  • 9. 
    When an IS auditor is evaluating the management's risk assessment of information systems. What should the IS auditor review first?
    • A. 

      The effectiveness of the controls in place.

    • B. 

      The mechanism for monitoring the risks which are related to the assets.

    • C. 

      The threats/vulnerabilities affecting the assets.

    • D. 

      The controls already in place.

  • 10. 
    To affix a digital signature to a message, the sender must first create a message digest by applying a cryptographic hashing algorithm against:
    • A. 

      The entire message and thereafter enciphering the message digest using the sender’s private key. 

    • B. 

       Any arbitrary part of the message and thereafter enciphering the message digest using the sender’s private key.

    • C. 

      The entire message and thereafter enciphering the message using the sender’s private key.

    • D. 

      The entire message and thereafter enciphering the message along with the message digest using the sender’s private key.