Isaca CISA Quiz 440 Topic 7 Questions 2196-2200

Question: 1

The MOST effective method for an IS auditor to determine which controls are functioning in an operating system is to:

ACompare the current configuration to the corporate standard

BConsult with the vendor of the system

CCompare the current configuration to the default configuration

DConsult with the systems programmer

Show Answer

Question: 2

The scheduling of audit follow-ups should be based PRIMARILY on

AControl and detection processes

BCosts and audit efforts involved

CAuditee and auditor time commitments

DThe risk and exposure involved

Show Answer

Question: 3

Which of the following would be MOST critical for an IS auditor to look for when evaluating fire precautions in a manned data center located in the upper floor of a multi-story building?

ADocumentation of tested emergency evacuation plans

BExistence of handheld fire extinguishers in highly visible locations

CDocumentations of regular inspections by the local fire department

DAdequacy of the HVAC system throughout the facility

Show Answer

Question: 4

Due to the small size of the payroll department, an organization is unable to segregate the employee setup and payroll processing functions. Which of the following would be the BEST compensating control for the lack of segregation of duties?

AAn independent payroll disbursement review is conducted

BThe system is configured to require secondary approval for changes to the employee master file

CA payroll variance report is reviewed tor anomalies every pay period

DA review is conducted to verity that terminated employees, are removed from the employee master file.

Show Answer

Question: 5

During the planning stage of compliance audit, an IS auditor discovers that the bank's inventory of compliance requirements does not include recent regulatory changes related to managing data risk. What would the auditor do FIRST?

AExclude recent regulatory changes from the audit scope

BDiscuss potential regulatory issues with the legal department

CAsk management why the regulatory changes have not been included

DReport the missing regulatory updates to the chief information officer (CIO)

Show Answer

Isaca CISA Quiz:440 Topic:7 Questions:2196-2200