CISA-Full Mock Test-1(150 Questions)
* Required
Your Name Please
* Country *
(1) In a risk based audit planning, an IS auditor's first step is to identify:
1 point
A. responsibilities of stakeholders.
B. high-risk areas within the organization.
C. cost centre.
D. profit centre.
(2) Major advantage of risk based approach for audit planning is:
1 point
A. Audit planning can be communicated to client in advance.
B. Audit activity can be completed within allotted budget.
C. Use of latest technology for audit activities.
D. Appropriate utilisation of resources for high risk areas.
(3) The decisions and actions of an IS auditor are MOST likely to affect which of the
following risks?
1 point
A. Inherent
B. Detection
C. Control
D. Business
(4) In planning an audit, the MOST critical step is the identification of the:
1 point
A. areas of high risk.
B. skill sets of the audit staff.
C. test steps in the audit.
D. time allotted for the audit.
(5)Risk assessment process is :
1 point
A. subjective.
B. objective.
C. mathematical.
D. statistical.
(6) The result of risk management process is used for:
1 point
A. forecasting profit
B. post implementation review.
C. designing controls
D. user acceptance testing.
(7) IS Auditor is developing a risk management program, , the FIRST activity to be performed is
a(n):
,1 point
A. vulnerability assessment.
B. evaluation of control.
C. identification of assets.
D. gap analysis.
(8) Benefit of development of organizational policies by bottom-up approach is that they:
1 point
A. covers whole organization.
B. are derived as a result of a risk assessment.
C. will be in line with overall corporate policy.
D. ensures consistency across the organization.
(9) Risk can be mitigated by:
1 point
A. Implementing controls
B. Insurance
C. Audit and certification
D. Contracts and service level agreements (SLAs)
(10)Most important factor while evaluating controls is to ensure that the controls:
1 point
A. addresses the risk
B. do not reduce productivity.
C. is less costly than risk.
D. is automotive.
(11) A key element in a risk analysis is:
1 point
A. audit planning.
B. controls.
C. vulnerabilities.
D. liabilities.
(12) An IS auditor discovers evidence of fraud perpetrated with a manager's user id. The manager
had written the password, allocated by the system administrator, inside his/her desk drawer. The
IS auditor should conclude that the:
1 point
A. manager's assistant perpetrated the fraud.
B. perpetrator cannot be established beyond doubt.
C. fraud must have been perpetrated by the manager.
D. system administrator perpetrated the fraud.
(13) During a review of a customer master file, an IS auditor discovered numerous customer name
duplications arising from variations in customer first names. To determine the extent of the
duplication, the IS auditor would use:
1 point
A. test data to validate data input.
B. test data to determine system sort capabilities.
C. generalized audit software to search for address field duplications.
D. generalized audit software to search for account field duplications.
, (14)The IS department of an organization wants to ensure that the computer files used in the
information processing facility are adequately backed up to allow for proper recovery. This is
a(n):
1 point
A. control procedure.
B. control objective.
C. corrective control.
D. operational control.
(15)During a security audit of IT processes, an IS auditor found that there were no documented
security procedures. The IS auditor should:
1 point
A. create the procedures document.
B. terminate the audit.
C. conduct compliance testing.
D. identify and evaluate existing practices.
(16) When implementing continuous monitoring systems, an IS auditor's first step is to identify:
1 point
A. reasonable target thresholds.
B. high-risk areas within the organization.
C. the location and format of output files.
D. applications that provide the highest potential payback.
(17) In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover
potential anomalies in user or system behavior. Which of the following tools is MOST suitable for
performing that task?
1 point
A. CASE tools
B. Embedded data collection tools
C. Heuristic scanning tools
D. Trend/variance detection tools
(18)An IS auditor should use statistical sampling and not judgment (non-statistical) sampling,
when:
1 point
A. the probability of error must be objectively quantified.
B. the auditor wishes to avoid sampling risk.
C. generalized audit software is unavailable.
D. the tolerable error rate cannot be determined.
(19) The risk that the controls put in place will not prevent, correct, or detect errors on a timely
basis.
1 point
A. Inherent risk
B. Control risk
C. Detection risk
D. Correction risk
(20) Which of the following factors an IS auditor should primarily consider when determining the
acceptable level of risk:
1 point
* Required
Your Name Please
* Country *
(1) In a risk based audit planning, an IS auditor's first step is to identify:
1 point
A. responsibilities of stakeholders.
B. high-risk areas within the organization.
C. cost centre.
D. profit centre.
(2) Major advantage of risk based approach for audit planning is:
1 point
A. Audit planning can be communicated to client in advance.
B. Audit activity can be completed within allotted budget.
C. Use of latest technology for audit activities.
D. Appropriate utilisation of resources for high risk areas.
(3) The decisions and actions of an IS auditor are MOST likely to affect which of the
following risks?
1 point
A. Inherent
B. Detection
C. Control
D. Business
(4) In planning an audit, the MOST critical step is the identification of the:
1 point
A. areas of high risk.
B. skill sets of the audit staff.
C. test steps in the audit.
D. time allotted for the audit.
(5)Risk assessment process is :
1 point
A. subjective.
B. objective.
C. mathematical.
D. statistical.
(6) The result of risk management process is used for:
1 point
A. forecasting profit
B. post implementation review.
C. designing controls
D. user acceptance testing.
(7) IS Auditor is developing a risk management program, , the FIRST activity to be performed is
a(n):
,1 point
A. vulnerability assessment.
B. evaluation of control.
C. identification of assets.
D. gap analysis.
(8) Benefit of development of organizational policies by bottom-up approach is that they:
1 point
A. covers whole organization.
B. are derived as a result of a risk assessment.
C. will be in line with overall corporate policy.
D. ensures consistency across the organization.
(9) Risk can be mitigated by:
1 point
A. Implementing controls
B. Insurance
C. Audit and certification
D. Contracts and service level agreements (SLAs)
(10)Most important factor while evaluating controls is to ensure that the controls:
1 point
A. addresses the risk
B. do not reduce productivity.
C. is less costly than risk.
D. is automotive.
(11) A key element in a risk analysis is:
1 point
A. audit planning.
B. controls.
C. vulnerabilities.
D. liabilities.
(12) An IS auditor discovers evidence of fraud perpetrated with a manager's user id. The manager
had written the password, allocated by the system administrator, inside his/her desk drawer. The
IS auditor should conclude that the:
1 point
A. manager's assistant perpetrated the fraud.
B. perpetrator cannot be established beyond doubt.
C. fraud must have been perpetrated by the manager.
D. system administrator perpetrated the fraud.
(13) During a review of a customer master file, an IS auditor discovered numerous customer name
duplications arising from variations in customer first names. To determine the extent of the
duplication, the IS auditor would use:
1 point
A. test data to validate data input.
B. test data to determine system sort capabilities.
C. generalized audit software to search for address field duplications.
D. generalized audit software to search for account field duplications.
, (14)The IS department of an organization wants to ensure that the computer files used in the
information processing facility are adequately backed up to allow for proper recovery. This is
a(n):
1 point
A. control procedure.
B. control objective.
C. corrective control.
D. operational control.
(15)During a security audit of IT processes, an IS auditor found that there were no documented
security procedures. The IS auditor should:
1 point
A. create the procedures document.
B. terminate the audit.
C. conduct compliance testing.
D. identify and evaluate existing practices.
(16) When implementing continuous monitoring systems, an IS auditor's first step is to identify:
1 point
A. reasonable target thresholds.
B. high-risk areas within the organization.
C. the location and format of output files.
D. applications that provide the highest potential payback.
(17) In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover
potential anomalies in user or system behavior. Which of the following tools is MOST suitable for
performing that task?
1 point
A. CASE tools
B. Embedded data collection tools
C. Heuristic scanning tools
D. Trend/variance detection tools
(18)An IS auditor should use statistical sampling and not judgment (non-statistical) sampling,
when:
1 point
A. the probability of error must be objectively quantified.
B. the auditor wishes to avoid sampling risk.
C. generalized audit software is unavailable.
D. the tolerable error rate cannot be determined.
(19) The risk that the controls put in place will not prevent, correct, or detect errors on a timely
basis.
1 point
A. Inherent risk
B. Control risk
C. Detection risk
D. Correction risk
(20) Which of the following factors an IS auditor should primarily consider when determining the
acceptable level of risk:
1 point
