Free ISACA CISA Übungsprüfungen

Question #1

During an audit of a multinational bank’s disposal process, an IS auditor notes several findings.

Which of the following should be the auditor’s GREATEST concern?

A . Backup media are not reviewed before disposal.
B . Degaussing is used instead of physical shredding.
C . Backup media are disposed before the end of the retention period
D . Hardware is not destroyed by a certified vendor.

Lösung einblenden Lösung ausblenden

Question #2

Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system.

What is the BEST control to ensure that data is accurately entered into the system?

A . Reconciliation of total amounts by project
B . Validity checks, preventing entry of character data
C . Reasonableness checks for each cost type
D . Display the back of the project detail after the entry

Lösung einblenden Lösung ausblenden

Question #3

Which of the following is the PRIMARY purpose of obtaining a baseline image during an operating system audit?

A . To identify atypical running processes
B . To verify antivirus definitions
C . To identify local administrator account access
D . To verify the integrity of operating system backups

Lösung einblenden Lösung ausblenden

Richtige Antwort: A
A

Explanation:

The primary purpose of obtaining a baseline image during an operating system audit is to identify atypical running processes. A baseline image is a snapshot of the normal state and configuration of an operating system, including the processes that are expected to run on it. By comparing the current state of the operating system with the baseline image, an IS auditor can detect any deviations or anomalies that may indicate unauthorized or malicious activity, such as malware infection, privilege escalation, or data exfiltration. A baseline image can also help an IS auditor to assess the performance and efficiency of the operating system, as well as its compliance with security standards and policies.

Verifying antivirus definitions (option B) is not the primary purpose of obtaining a baseline image, although it may be a part of the baseline configuration. Antivirus definitions are the files that contain the signatures and rules for detecting and removing malware. An IS auditor may verify that the antivirus definitions are up to date and consistent across the operating system, but this does not require obtaining a baseline image.

Identifying local administrator account access (option C) is not the primary purpose of obtaining a baseline image, although it may be a part of the baseline configuration. Local administrator accounts are user accounts that have full control over the operating system and its resources. An IS auditor may identify and review the local administrator accounts to ensure that they are properly secured and authorized, but this does not require obtaining a baseline image.

Verifying the integrity of operating system backups (option D) is not the primary purpose of obtaining a baseline image, although it may be a part of the backup process. Operating system backups are copies of the operating system data and settings that can be used to restore the system

in case of failure or disaster. An IS auditor may verify that the operating system backups are complete, accurate, and accessible, but this does not require obtaining a baseline image.

References: Linux security and system hardening checklist : CISA Certification | Certified Information Systems Auditor | ISACA : CISA Certified Information Systems Auditor Study Guide, 4 th Edition : CISA – Certified Information Systems Auditor Study Guide [Book]

Question #4

Which of the following is MOST important for an IS auditor to verify when reviewing the planned use of Benford’s law as a data analytics technique to detect fraud in a set of credit card transactions?

A . The transactions are in double integer format.
B . The transaction amounts are selected randomly without restriction.
C . The transaction analysis is limited to transactions within standard deviation.
D . The transactions are all in the same currency.

Lösung einblenden Lösung ausblenden

Question #5

Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?

A . Assurance that the new system meets functional requirements
B . More time for users to complete training for the new system
C . Significant cost savings over other system implemental or approaches
D . Assurance that the new system meets performance requirements

Lösung einblenden Lösung ausblenden

Question #6

A bank has a combination of corporate customer accounts (higher monetary value) and small business accounts (lower monetary value) as part of online banking.

Which of the following is the BEST sampling approach for an IS auditor to use for these accounts?

A . Difference estimation sampling
B . Stratified mean per unit sampling
C . Customer unit sampling
D . Unstratified mean per unit sampling

Lösung einblenden Lösung ausblenden

Richtige Antwort: B
B

Explanation:

Stratified mean per unit sampling is a method of audit sampling that divides the population into subgroups (strata) based on some characteristic, such as monetary value, and then selects a sample from each stratum using mean per unit sampling. Mean per unit sampling is a method of audit sampling that estimates the total value of a population by multiplying the average value of the sample items by the number of items in the population. Stratified mean per unit sampling is suitable for populations that have a high variability or a skewed distribution, such as the bank accounts in this question. By stratifying the population, the auditor can reduce the sampling error and increase the precision of the estimate.

Difference estimation sampling (option A) is not the best sampling approach for these accounts. Difference estimation sampling is a method of audit sampling that estimates the total error or misstatement in a population by multiplying the average difference between the book value and the audited value of the sample items by the number of items in the population. Difference estimation sampling is suitable for populations that have a low variability and a symmetrical distribution, which is not the case for the bank accounts in this question.

Customer unit sampling (option C) is not a sampling approach, but a type of monetary unit sampling. Monetary unit sampling is a method of audit sampling that selects sample items based on their monetary value, rather than their physical units. Customer unit sampling is a variation of monetary unit sampling that treats each customer account as a single unit, regardless of how many transactions or balances it contains. Customer unit sampling may be appropriate for testing existence or occurrence assertions, but not for estimating total values.

Unstratified mean per unit sampling (option D) is not the best sampling approach for these accounts. Unstratified mean per unit sampling is a method of audit sampling that applies mean per unit sampling to the entire population without dividing it into subgroups. Unstratified mean per unit sampling may result in a larger sample size and a lower precision than stratified mean per unit sampling, especially for populations that have a high variability or a skewed distribution, such as the bank accounts in this question.

Therefore, option B is the correct answer.

References:

Audit Sampling – AICPA

Audit Sampling: Examples and Guidance To The Sampling Methods

Audit Sampling | Audit | Financial Audit – Scribd

Question #7

Which of the following is MOST important for an IS auditor to verify when evaluating an organization’s firewall?

A . Logs are being collected in a separate protected host
B . Automated alerts are being sent when a risk is detected
C . Insider attacks are being controlled
D . Access to configuration files Is restricted.

Lösung einblenden Lösung ausblenden

Question #7

Which of the following is MOST important for an IS auditor to verify when evaluating an organization’s firewall?

A . Logs are being collected in a separate protected host
B . Automated alerts are being sent when a risk is detected
C . Insider attacks are being controlled
D . Access to configuration files Is restricted.

Lösung einblenden Lösung ausblenden

Question #9

Which of the following is the MOST effective control over visitor access to highly secured areas?

A . Visitors are required to be escorted by authorized personnel.
B . Visitors are required to use biometric authentication.
C . Visitors are monitored online by security cameras
D . Visitors are required to enter through dead-man doors.

Lösung einblenden Lösung ausblenden

Question #10

The implementation of an IT governance framework requires that the board of directors of an organization:

A . Address technical IT issues.
B . Be informed of all IT initiatives.
C . Have an IT strategy committee.
D . Approve the IT strategy.

Lösung einblenden Lösung ausblenden