Home

Home / Isaca / CISA

Question list

List of questions

Question 1

(0)

What would be an IS auditor's BEST recommendation upon finding that a third-party IT service provider hosts the organization's human resources (HR) system in a foreign country?

Question 2

(0)

Which of the following is the BEST way to enforce the principle of least privilege on a server containing data with different security classifications?

Question 3

(0)

The PRIMARY benefit of automating application testing is to:

Question 4

(0)

Which of the following BEST addresses the availability of an online store?

Question 5

(0)

Which of the following is the BEST way to prevent social engineering incidents?

Question 6

(0)

The PRIMARY purpose of a configuration management system is to:

Question 7

(0)

Which of the following is the MOST important consideration when evaluating the data retention policy for a global organization with regional offices in multiple countries?

Question 8

(0)

Which of the following BEST enables alignment of IT with business objectives?

Question 9

(0)

Which of the following are used in a firewall to protect the entity's internal resources?

Question 10

(0)

Which of the following would be MOST impacted if an IS auditor were to assist with the implementation of recommended control enhancements?

Open VPLUS File

Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?

Which of the following is the BEST way to ensure that an application is performing according to its specifications?

An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?

Which of the following poses the GREATEST risk to the use of active RFID tags?

The FIRST step in an incident response plan is to:

An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?

Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?

Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?

Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?

Which of the following findings from a database security audit presents the GREATEST risk of critical security exposures?

Question 53 - CISA discussion

Report

Which of the following is an audit reviewer's PRIMARY role with regard to evidence?

A.

Ensuring unauthorized individuals do not tamper with evidence after it has been captured

B.

Ensuring evidence is sufficient to support audit conclusions

C.

Ensuring appropriate statistical sampling methods were used

D.

Ensuring evidence is labeled to show it was obtained from an approved source

Suggested answer: B

Explanation:

The primary role of an audit reviewer with regard to evidence is to ensure that evidence is sufficient to support audit conclusions. Evidence is the information obtained by the auditor to provide a reasonable basis for the audit opinion or findings. Evidence should be sufficient, reliable, relevant, and useful to support the audit objectives and criteria. The audit reviewer should evaluate the quality and quantity of evidence collected by the auditor and determine if it is adequate to draw valid conclusions and recommendations. Ensuring unauthorized individuals do not tamper with evidence after it has been captured is a role of the auditor, not the audit reviewer. The auditor is responsible for safeguarding the evidence from loss, damage, or alteration during the audit process. The auditor should also document the source, date, and method of obtaining the evidence, as well as any limitations or restrictions on its use or disclosure. Ensuring appropriate statistical sampling methods were used is a role of the auditor, not the audit reviewer. The auditor is responsible for selecting an appropriate sampling method and technique that can provide sufficient evidence to achieve the audit objectives and criteria. The auditor should also document the sampling plan, population, sample size, selection method, evaluation method, and results. Ensuring evidence is labeled to show it was obtained from an approved source is a role of the auditor, not the audit reviewer. The auditor is responsible for labeling the evidence to indicate its origin, nature, and ownership. The auditor should also ensure that the evidence is obtained from reliable and credible sources that can be verified and corroborated.Reference:ISACA CISA Review Manual 27th Edition, page 295

Show Answer

asked 18/09/2024

Kurt Woodfin

43 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first