CISA 試験問題を無料オンラインアクセス

During audit planning, the IS audit manager is considering whether to budget for audits of entities regarded by the business as having low risk. Which of the following is the BEST course of action in this situation?

• A.Outsource low-risk audits to external audit service providers.
• B.Validate the low-risk entity ratings and apply professional judgment.
• C.Conduct limited-scope audits of low-risk business entities.
• D.Challenge the risk rating and include the low-risk entities in the plan.

Retention periods and conditions for the destruction of personal data should be determined by the.

• A.privacy manager.
• B.database administrator (DBA).
• C.business owner.
• D.risk manager.

Which of the following is the PRIMARY reason for an airline's IT management to continuously monitor the controls for a critical integrated flight schedule and payment application?

• A.To ensure risks are effectively identified and mitigated
• B.To ensure policies and procedures are followed
• C.To ensure payments for flight bookings are processed
• D.To detect and respond to possible attacks

Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?

• A.Design documentation reviews
• B.Compliance testing
• C.Substantive testing
• D.Walk-through reviews

Which of the following would protect the confidentiality of information sent in email messages?

• A.Digital signatures
• B.Secure Hash Algorithm 1(SHA-1)
• C.Encryption
• D.Digital certificates