Certification Exam Prep Questions For Certified Information Systems Auditor
QuickStart is now offering assessment questions for Certified Information Systems Auditor. Whether you are deciding which exam to sign up for, or simply want to practice the materials necessary to complete certification for this course, we have provided a practice assessment to better aid in certification. 100% of the questions are real questions; from a recent version of the test you will take forCertified Information Systems Auditor
Which process gives auditors the tools needed to perform ongoing monitoring of system operations?
- A. Application system testing
-
Incorrect.
- B. Continuous online auditing
-
Correct!
- C. Data integrity testing
-
Incorrect.
- D. None of the above
-
Incorrect.
Which of the following controls reduce the impact of threats and minimize the impact of problems?
Security logs are an example of which class of control?
- A. Corrective
-
Incorrect.
- B. None of the above
-
Incorrect.
- C. Preventive
-
Incorrect.
- D. Detective
-
Correct!
When a material failure of internal controls occurs, it’s typically referred to as which of the following?
- A. Control risk
-
Correct!
- B. Residual risk
-
Incorrect.
- C. Inherent risk
-
Incorrect.
- D. Detection risk
-
Incorrect.
Which of the following would be the best sampling technique to review an organization’s balance sheet for material transactions?
- A. Attribute sampling
-
Incorrect.
- B. Frequency estimating sampling
-
Incorrect.
- C. Stop-and-go sampling
-
Incorrect.
- D. Variable sampling
-
Correct!
Which audit opinion is described as multiple significant deficiencies adding up to a material and pervasive weakness?
Which of the following is an example of a standard published by ISACA?
- A. Reasonable Expectation
-
Incorrect.
- B. Performance and Supervision
-
Incorrect.
- C. Organizational Independence
-
Incorrect.
- D. All of the above
-
Correct!
Which data classification would most likely apply when pricing products in a commodity business prior to a product launch?
- A. Proprietary
-
Correct!
- B. Public
-
Incorrect.
- C. Business confidential
-
Incorrect.
- D. Customer confidential
-
Incorrect.
Which of the following best represents the core concept of quality assurance (QA)?
- A. To improve quality
-
Incorrect.
- B. To improve both quality and adherence
-
Correct!
- C. To improve adherence
-
Incorrect.
- D. None of the above
-
Incorrect.
Which of the following is a possible area of disagreement used by stakeholders when they want to challenge audit results?
- A. The finding itself
-
Incorrect.
- B. The severity of the finding
-
Incorrect.
- C. The process by which the finding was identified
-
Incorrect.
- D. All of the above
-
Correct!
Which type of audit sampling would be best to measure characteristics of the sample population, such as dollar amounts or other units of measurement?
- A. Statistical sampling
-
Incorrect.
- B. Nonstatistical sampling
-
Incorrect.
- C. Variable sampling
-
Correct!
- D. Attribute sampling
-
Incorrect.
While different risks must be reasonably controlled, which of the following risks is considered unacceptable?
- A. Detection risk
-
Incorrect.
- B. Business risk
-
Incorrect.
- C. Irregularities
-
Incorrect.
- D. Material risk
-
Correct!
Which step of the audit process includes documenting the preliminary results?
- A. Evaluation of test results
-
Incorrect.
- B. Audit scope
-
Incorrect.
- C. Data gathering
-
Incorrect.
- D. Communication with management
-
Correct!
Which of the following statements best describes integrated auditing?
Which funding method has the advantage of being relatively easy to implement and for accounting to handle?
- A. Shared cost
-
Correct!
- B. Chargeback
-
Incorrect.
- C. Sponsor pays
-
Incorrect.
- D. Patron pays
-
Incorrect.
Which of the following methods represents the best assurance that information is entered correctly when auditing a credit card payment system?
- A. Audit trails
-
Incorrect.
- B. Key verification
-
Correct!
- C. Separation of data entry and computer operator duties
-
Incorrect.
- D. Supervisor review
-
Incorrect.
Which of the following funding strategies is a type of pay-as-you-go system
- A. Sponsor pays
-
Incorrect.
- B. Chargeback
-
Correct!
- C. Shared cost
-
Incorrect.
- D. None of the above
-
Incorrect.
In the Three Lines of Defense model, which role provides the risk governance committees and senior management with comprehensive assurance that risk is being appropriately managed across the enterprise?
- A. Risk and compliance teams
-
Incorrect.
- B. Business unit leadership
-
Incorrect.
- C. Auditor teams
-
Correct!
- D. Operational risk teams
-
Incorrect.
Which compensating control can be performed through observation or inquiry, or they can be done remotely, using software tools and applications?
- A. Reconciliation
-
Incorrect.
- B. Supervisor review
-
Correct!
- C. Transaction log
-
Incorrect.
- D. Exception report
-
Incorrect.
Which of the following represents the last general step of a business impact analysis (BIA)?
- A. Define recovery alternatives and costs.
-
Correct!
- B. Identify critical business functions and resources.
-
Incorrect.
- C. Establish recovery time for operations.
-
Incorrect.
- D. Verify completeness of data.
-
Incorrect.
Which of the following recovery strategies in the Business Continuity Planning (BCP) process typically costs the most to implement, but offers the fastest speed of recovery?
- A. Cold site
-
Incorrect.
- B. Electronic vaulting
-
Incorrect.
- C. Continuous processing
-
Correct!
- D. Hot site
-
Incorrect.
Which of the following is NOT a maturity level found in a typical CMM model?
Which data classification includes information related to the customers of the business, such as tax ID information or health records?
- A. Public
-
Incorrect.
- B. Business confidential
-
Incorrect.
- C. Proprietary
-
Incorrect.
- D. Customer confidential
-
Correct!
Which of the following regulations requires security standards for U.S. government systems?
Which of the following contract terms allows an onsite audit inspection of a third-party supplier?
Which of the following refers to the U.S. standards on management of health care data?
In the following common policy characteristics, the attribute most closely associated with bottom-up policy development is that it
- A. aligns policy with strategy
-
Incorrect.
- B. is a very slow process
-
Incorrect.
- C. addresses the concerns of operational employees
-
Correct!
- D. does not address the concerns of operational employees
-
Incorrect.
Which of the following is NOT one of the specific goals required for an organization to meet best practices for IT governance frameworks?
- A. Align the goals of IT to the goals of the organization
-
Incorrect.
- B. Establish accountability
-
Incorrect.
- C. Define supporting policies and processes
-
Incorrect.
Which of the following is NOT one of the five core governance principles of COBIT 5?
- A. Applying a single integrated framework
-
Incorrect.
- B. Enabling a holistic approach
-
Incorrect.
- C. Meeting stakeholder needs
-
Incorrect.
- D. None of the above
-
Correct!
Which media-rotation strategy for backup media involves using five sets of tapes, with each set labeled A through E?
- A. Grandfather-father-son
-
Incorrect.
- B. Simple
-
Incorrect.
- C. Tower of Hanoi
-
Correct!
- D. None of the above
-
Incorrect.
- Home
- Certified Information Systems Auditor
Certified Information Systems Auditor
More Information:
- Learning Style: On Demand
- Learning Style: Practice Exam
- Difficulty: Beginner
- Course Duration: 1 Hour
- Course Info: Download PDF
- Certificate: See Sample
Contact a Learning Consultant
Need Training for 5 or More People?
Customized to your team's need:
- Annual Subscriptions
- Private Training
- Flexible Pricing
- Enterprise LMS
- Dedicated Customer Success Manager
Course Information