When you're ready to print, just click this button: Make Print-Friendly

CISA Questionnaire #1

Questionnaire #1

  1.  
    Who is accountable for ensuring relevant controls over IS resources?
    A. The system administrator B. Network administration C. Resource owners D. The database administrator
  2.  
    The primary consideration of an IS auditor when evaluating a fraudulent transaction is
    A. To ensure that the integrity of the evidence is maintained. B. To remain unbiased while evaluating the evidence. C. The independence of the IS auditor D. To determine the source of the evidence
  3.  
    An IS auditor observes that an enterprise has outsourced software development to a startup company or a third party. To ensure that the enterprise’s investment in software is protected, which of the following should be recommended by the IS auditor?
    A. Due diligence should be performed on the software vendor. B. A quarterly audit of the vendor facilities should be performed C. There should be a source code escrow agreement in place. D. A high penalty clause should be included in the contract.
  4.  
    An IS auditor finds a small number of user access requests that managers had not authorised through the normal predefined workflow steps and escalation rules. The IS auditor should
    A. Recommend that the owner of the identity management (IDM) system fix the workflow issues. B. Report the problem to the audit committee C. Perform an additional analysis. D. Conduct a security risk assessment.
  5.  
    Responsibility of granting access to data with the help of security officer resides with
    A. The data owners B. The system developer C. The library controller D. The system administrator
  6.  
    An IS auditor is reviewing the physical security controls of a data center and notices several areas for concern. Which of the following areas is the most important?
    A. The emergency power off button cover is missing. B. The emergency exit door is blocked C. Scheduled maintenance of the fire suppression system was not performed. D. There are no security cameras inside the data center
  7.  
    Which of the following choices best helps information owners to classify data correctly?
    A. Understanding of technical controls that protect data. B. Use of an automated data leak prevention (DLP) tool C. Training on organisational policies and standards. D. Understanding which people need to access the data.
Answer Key
Hide Answer Key

CISA Questionnaire #1 (Answer Key)

Questionnaire #1

  1.  
    Who is accountable for ensuring relevant controls over IS resources?
    A. The system administrator B. Network administration C. Resource owners D. The database administrator
  2.  
    The primary consideration of an IS auditor when evaluating a fraudulent transaction is
    A. To ensure that the integrity of the evidence is maintained. B. To remain unbiased while evaluating the evidence. C. The independence of the IS auditor D. To determine the source of the evidence
  3.  
    An IS auditor observes that an enterprise has outsourced software development to a startup company or a third party. To ensure that the enterprise’s investment in software is protected, which of the following should be recommended by the IS auditor?
    A. Due diligence should be performed on the software vendor. B. A quarterly audit of the vendor facilities should be performed C. There should be a source code escrow agreement in place. D. A high penalty clause should be included in the contract.
  4.  
    An IS auditor finds a small number of user access requests that managers had not authorised through the normal predefined workflow steps and escalation rules. The IS auditor should
    A. Recommend that the owner of the identity management (IDM) system fix the workflow issues. B. Report the problem to the audit committee C. Perform an additional analysis. D. Conduct a security risk assessment.
  5.  
    Responsibility of granting access to data with the help of security officer resides with
    A. The data owners B. The system developer C. The library controller D. The system administrator
  6.  
    An IS auditor is reviewing the physical security controls of a data center and notices several areas for concern. Which of the following areas is the most important?
    A. The emergency power off button cover is missing. B. The emergency exit door is blocked C. Scheduled maintenance of the fire suppression system was not performed. D. There are no security cameras inside the data center
  7.  
    Which of the following choices best helps information owners to classify data correctly?
    A. Understanding of technical controls that protect data. B. Use of an automated data leak prevention (DLP) tool C. Training on organisational policies and standards. D. Understanding which people need to access the data.

When you're ready to print, just click this button: Make Print-Friendly

Quick Feedback for Knowledge Mouse

Want to suggest a feature? Report a problem? Suggest a correction? Please let Knowledge Mouse know below: