When developing a risk-based audit strategy, an IS auditor
should conduct a risk assessment to ensure that:

Answers were Sorted based on User's Feedback



When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensu..

Answer / saulat

B. vulnerabilities and threats are identified.

the purpose of risk based audit is to identify the
vulnerability and risks in the process

Is This Answer Correct ?    34 Yes 3 No

When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensu..

Answer / bbb

A. controls needed to mitigate risks are in place.
B. vulnerabilities and threats are identified.
C. audit risks are considered.
D. a gap analysis is appropriate.

Is This Answer Correct ?    17 Yes 3 No

When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensu..

Answer / guest

Vulnerabilities and threat are identified,their effects on
the assets are being audited,and projected loss frequency
and severity are determined

Is This Answer Correct ?    6 Yes 0 No

When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensu..

Answer / antoine

CRITICAL AREAS ARE COVERED

Is This Answer Correct ?    2 Yes 1 No

When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensu..

Answer / guest

The most pressing issues are addressed first

Is This Answer Correct ?    1 Yes 0 No

When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensu..

Answer / vijayakumari

The risk assessment will help to determine whether the
audit will yield meaningful information and add value.

Is This Answer Correct ?    0 Yes 3 No

Post New Answer

More CISA Certification Interview Questions

Which of the following is a control to compensate for a programmer having access to accounts payable production data? A. Processing controls such as range checks and logic edits B. Reviewing accounts payable output reports by data entry C. Reviewing system-produced reports for checks (cheques) over a stated amount D. Having the accounts payable supervisor match all checks (cheques) to approved invoices

1 Answers  


If the decision has been made to acquire software rather than develop it internally, this decision is normally made during the: A. requirements definition phase of the project. B. feasibility study phase of the project. C. detailed design phase of the project. D. programming phase of the project.

1 Answers  


Which of the following is a control to detect an unauthorized change in a production environment? A. Denying programmers access to production data. B. Requiring change request to include benefits and costs. C. Periodically comparing control and current object and source programs. D. Establishing procedures for emergency changes.

1 Answers  


Which of the following concerns about the security of an electronic message would be addressed by digital signatures? A. Unauthorized reading B. Theft C. Unauthorized copying D. Alteration

1 Answers  


A database administrator is responsible for: A. defining data ownership. B. establishing operational standards for the data dictionary. C. creating the logical and physical database. D. establishing ground rules for ensuring data integrity and security.

1 Answers  






A referential integrity constraint consists of: A. ensuring the integrity of transaction processing. B. ensuring that data are updated through triggers. C. ensuring controlled user updates to database. D. rules for designing tables and queries.

1 Answers  


Which of the following would be a compensating control to mitigate risks resulting from an inadequate segregation of duties? A. Sequence check B. Check digit C. Source documentation retention D. Batch control reconciliations

1 Answers  


An IS auditor performing an access controls review should be LEAST concerned if: A. audit trails were not enabled. B. programmers have access to the live environment. C. group logons are being used for critical functions. D. the same user can initiate transactions and also change related parameters.

1 Answers  


The BEST defense against network eavesdropping is: A. encryption. B. moving the defense perimeter outward. C. reducing the amplitude of the communication signal. D. masking the signal with noise.

1 Answers  


Once an organization has finished the business process reengineering (BPR) of all its critical operations, the IS auditor would MOST likely focus on a review of: A. pre-BPR process flowcharts. B. post-BPR process flowcharts. C. BPR project plans. D. continuous improvement and monitoring plans.

1 Answers  


Which of the following encrypt/decrypt steps provides the GREATEST assurance in achieving confidentiality, message integrity and nonrepudiation by either sender or recipient? A. The recipient uses his/her private key to decrypt the secret key. B. The encrypted pre-hash code and the message are encrypted using a secret key. C. The encrypted pre-hash code is derived mathematically from the message to be sent. D. The recipient uses the sender's public key, verified with a certificate authority, to decrypt the pre-hash code.

1 Answers  


IS auditors reviewing access control should review data classification to ensure that encryption parameters are classified as: A. sensitive. B. confidential. C. critical. D. private.

1 Answers  


Categories
  • Cisco Certifications Interview Questions Cisco Certifications (2321)
  • Microsoft Certifications Interview Questions Microsoft Certifications (171)
  • Sun Certifications Interview Questions Sun Certifications (45)
  • CISA Certification Interview Questions CISA Certification (744)
  • Oracle Certifications Interview Questions Oracle Certifications (64)
  • ISTQB Certification Interview Questions ISTQB Certification (109)
  • Certifications AllOther Interview Questions Certifications AllOther (295)