CISA Practice Test

When developing a risk-based IS audit plan, the PRIMARY focus should be on functions:

A.

with the most ineffective controls.

B.

with the greatest number of threats.

C.

considered critical to business operations.

D.

considered important by IT management

Which of the following would be MOST helpful when assessing how applications exchange data with other applications?

A.

Results of a risk assessment on the applications

B.

List of servers and their applications

C.

Entity relationship diagram

D.

Configuration management database

An IS auditor has completed a service level management audit related to order management services provided by a third party Which of the following is the MOST significant finding?

A.

The service level agreement does not define how availability is measured

B.

Service desk support is not available outside the company s business hours

C.

Penalties for missing service levels are limited.

D.

The third party has offshore support arrangements.

On a daily basis, an in-house development team moves duplicate copies of production data containing personally identifiable information (Pll) to the test environment Which of the following is the B€ST way to mitigate the privacy risk involved?

A.

Require data owners to sign off on production data

B.

Sanitize the data in the test environment

C.

Encrypt the data file

D.

Obtain customer opt-in acceptances.

Which of the following is the BEST IS audit strategy?

A.

Limit audits to new application system developments

B.

Conduct general control audits annually and application audits in alternating years

C.

Perform audits based on Impact and probability of error and failure.

D.

Cycle general control and application audits over a two-year period