ExamGecko
Question list
Search
Search

Related questions











Question 340 - CISA discussion

Report
Export

During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?

A.
Sampling risk
Answers
A.
Sampling risk
B.
Detection risk
Answers
B.
Detection risk
C.
Control risk
Answers
C.
Control risk
D.
Inherent risk
Answers
D.
Inherent risk
Suggested answer: B

Explanation:

The type of risk associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration is detection risk. Detection risk is the risk that the auditor's procedures will not detect a material misstatement or error that exists in an assertion or a control. Detection risk can be affected by factors such as the nature, timing, and extent of the audit procedures, the quality and sufficiency of the audit evidence, and the auditor's professional judgment and competence. Detection risk can be reduced by applying appropriate audit techniques, such as sampling, testing, observation, inquiry, and analysis.Reference:

CISA Review Manual (Digital Version)

CISA Questions, Answers & Explanations Database

asked 18/09/2024
FOTIS FOURLIAS
47 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first