Isaca CISA Quiz 535 Topic 7 Questions 2671-2675

Question: 1

Which of the following is the PRIMARY reason for an IS auditor to issue an interim audit report?

ATo avoid issuing a final audit report

BTo enable the auditor to complete the engagement in a timely manner

CTo provide feedback to the auditee for timely remediation

DTo provide follow-up opportunity during the audit

Show Answer

Question: 2

An IS auditor determines that a business impact analysis (BIA) was not conducted during the development of a

business continuity plan (BCP). What is the MOST significant risk that could result from this situation?

AResponsibilities are not property defined.

BRecovery time objectives (RTOs) are not correctly determined.

CKey performance indicators (KPIs) are not aligned.

DCritical business applications are not covered.

Show Answer

Question: 3

Which of the following activities should occur after a business impact analysis (BIA)?

AIdentify threats to the IT environment

BIdentify critical applications

CAnalyze recovery options

DReview the computing and user environment

Show Answer

Question: 4

An IS auditor is following upon a finding that determined elevated administrator accounts for servers were not

being properly checked out and then back in after each use. Which of the following is the MOST appropriate

sampling technique to determine the scope of the problem?

AStratified sampling

BRandom sampling

CAttribute sampling

DStatistical sampling

Show Answer

Question: 5

Which of the following is the BEST indication that an organization has achieved legal and regulatory

compliance?

AThe board of directors and senior management accept responsibility for compliance.

BAn independent consultant has been appointed to ensure legal and regulatory compliance.

CPeriodic external and internal audits have not identified instances of noncompliance.

DThe risk management process incorporates noncompliance as a risk.

Show Answer

Isaca CISA Quiz:535 Topic:7 Questions:2671-2675