CISA Domain 1 University Quiz | Wayground (formerly Quizizz)

1.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An IS auditor finds that a disaster recovery plan (DRP) for critical business functions does not cover all systems. Which of the following is the most appropriate course of action for the IS auditor?

Alert management and evaluate the impact of not covering all systems.

Cancel the audit.

Complete the audit of the systems covered by the existing DRP.

Postpone the audit until the systems are added to the DRP.

Answer explanation

An IS auditor should make management aware that some systems are omitted from the disasterrecovery plan (DRP). An IS auditor should continue the audit and include an evaluation of theimpact of not including all systems in the DRP

2.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following is the primary purpose of a risk-based audit?

High-impact areas are addressed first.

Audit resources are allocated efficiently.

Material areas are addressed first.

Management concerns are prioritized.

Answer explanation

Material risk is audited according to the risk ranking, thus enabling the audit team toconcentrate on high-risk areas first.

3.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following would be expected to approve the audit charter?

Chief Financial Officer

Chief Executive Officer

Audit Steering Committee

Audit Committee

Answer explanation

One of the primary functions of the audit committee is to create and approve the audit charter.

4.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

The main purpose of the annual IS audit plan is to:

Allocate resources for audits.

Reduce the impact of audit risk.

Develop a training plan for auditors.

Minimize the audit costs.

Answer explanation

IS audit assignments need to be accomplished with limited time and human resources. Thus, audits are scheduled and prioritized as determined by IS audit management.

5.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following is most important to ensure that effective application controls are maintained?

Exception Reporting

Manager Oversight

Control Self-Assessment

Peer Reviews

Answer explanation

CSA is the review of business objectives and internal controls in a formal and documentedcollaborative process. It includes testing the design of automated application controls.

6.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following represents an example of a preventive control with respect to IT personnel?

A security guard stationed at the server room door

An intrusion detection system

Implementation of a badge entry system for the IT facility

A fire suppression system in the server room

Answer explanation

Preventive controls are used to reduce the probability of an adverse event. A badge entry systemprevents unauthorized entry to the facility.

7.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An IS auditor performing an audit of the risk assessment process should first confirm that:

Reasonable threats to the information assets are identified.

Technical and organizational vulnerabilities have been analyzed.

Assets have been identified and ranked.

The effects of potential security breaches have been evaluated.

Answer explanation

Identification and ranking of information assets (e.g., data criticality, sensitivity, locations ofassets) will set the tone or scope of how to assess risk in relation to the organizational value ofthe asset.

8.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following choices would be the best source of information when developing a risk-based audit plan?

Process owners identify key controls.

System custodians identify vulnerabilities.

Peer auditors understand previous audit results.

Senior management identify key business processes.

Answer explanation

Developing a risk-based audit plan must start with the identification of key business processes,which determine and identify the risk that needs to be addressed.

9.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A financial institution with multiple branch offices has an automated control that requires the branch manager to approve transactions more than a certain amount. What type of audit control is this?

Detective

Preventive

Corrective

Directive

Answer explanation

Having a manager approve transactions more than a certain amount is considered a preventive control.

10.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

AERITH Bank (A Digital Bank) based in Singapore, has since operated its retail and business sector in the Philippines. However, during the current year, the economy in the Philippines has been recently declining, and the retail sector in the country is projected to be unprofitable. The company has foreseen that the impact will be high and will remain over the long-run. What action should AERITH Bank consider if it wanted to address the risk of loss?

Engage for insurance contracts with financial institutions

Shutdown the retail sector in the Philippines

Enter into merger with other local banks

Accept and unite, for unity is the key.

Answer explanation

When impact and likelihood are both assessed as high, recommended solution is to avoid th risk (i.e. terminate/discontinue its source).

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers