Free Access ISACA.CISA.v2025-05-24.q773 Practice Test (Page 5)

Question 16

Which of the following is the BEST way for an organization that is using a Software as a Service (SaaS) application to reduce its risk associated with the collection and protection of personal information?

A.Encrypt personal information held by the organization.

B.Limit the amount of personal information collected to the minimum required.

C.Limit the amount of personal information collected to industry standards.

D.Only allow remote access to personal information from an alternate site.

Question 17

Which type of risk would MOST influence the selection of a sampling methodology?

A.Inherent

B.Residual

C.Control

D.Detection

Correct Answer: D

The type of risk that would most influence the selection of a sampling methodology is detection risk (option D). This is because:
* Detection risk is the risk that the auditor will not detect a material misstatement that exists in an assertion1. Detection risk depends on the effectiveness of the audit procedures and how well they are applied by the auditor1.
* The selection of a sampling methodology is part of the design of audit procedures, which aims to reduce detection risk to an acceptable level1. The auditor should consider the following factors when selecting a sampling methodology23:
* The objectives of the audit procedure and the related assertions.
* The characteristics of the population from which the sample will be drawn, such as its size, homogeneity, and structure.
* The sampling technique to be used, such as random, systematic, haphazard, or judgmental.
* The sample size and the method of selecting sample items.
* The evaluation of the sample results and the projection of errors to the population.
* The auditor should also consider the advantages and disadvantages of different sampling methodologies, such as statistical and non-statistical sampling23. Statistical sampling is a sampling technique that uses random selection and probability theory to evaluate sample results. Non-statistical sampling is a sampling technique that does not use random selection or probability theory to evaluate sample results. Some of the advantages and disadvantages are as follows23:
* Statistical sampling allows the auditor to measure and control sampling risk, which is the risk that the sample is not representative of the population. Statistical sampling also allows the auditor to quantify the precision and reliability of the sample results. However, statistical sampling requires more technical knowledge and skills, as well as more time and cost, than non-statistical sampling.
* Non-statistical sampling relies on the auditor's professional judgment and experience to select and evaluate sample items. Non-statistical sampling is more flexible and less complex than statistical sampling. However, non-statistical sampling does not provide an objective basis for measuring and controlling sampling risk, nor does it allow the auditor to quantify the precision and reliability of the sample results.
Therefore, the type of risk that would most influence the selection of a sampling methodology is detection risk (option D), as it determines how effective and efficient the audit procedures should be in order to provide sufficient appropriate audit evidence.
References: 1: Audit Sampling - Overview, Purpose, Importance, and Types 2: Audit Sampling | Auditing and Attestation | CPA Exam FAR 3: Audit Sampling | ACCA Qualification | Students | ACCA Global

Question 18

What protects an application purchaser's ability to fix or change an application in case the application vendor goes out of business?

A.Assigning copyright to the organization

B.Program back doors

C.Source code escrow

D.Internal programming expertise

Question 19

Digital signatures require the:

A.signer to have a public key and the receiver to have a private key.

B.signer to have a private key and the receiver to have a public key.

C.signer and receiver to have a public key.

D.signer and receiver to have a private key.

Question 20

An IS Auditor is performing a business continuity plan (BCP) audit and identifies that the plan has not been tested for five years, however, the plan was successfully activated during a recent extended power outage.
Which of the following is the 15 auditor's BEST count of action?

A.Determine if the business impact analysis (BIA) is still accurate.

B.Determine if the annual BCP training program is in need of review

C.Determine if a follow-up BCP audit is required to identify future gaps

D.Determine if lessons learned from the activation were incorporated into the plan

Premium Bundle

Newest CISA Exam PDF Dumps shared by BraindumpsPass.com for Helping Passing CISA Exam! BraindumpsPass.com now offer the updated CISA exam dumps, the BraindumpsPass.com CISA exam questions have been updated and answers have been corrected get the latest BraindumpsPass.com CISA pdf dumps with Exam Engine here:

Access CISA Premium Version

(1435 Q&As Dumps, 40%OFF Special Discount: Exam-Tests)

Other Version: 1583ISACA.CISA.v2024-10-22.q310; 4135ISACA.CISA.v2023-10-02.q715; 3724ISACA.CISA.v2023-03-29.q119; 2379ISACA.CISA.v2023-02-09.q181; 1498ISACA.CISA.v2023-02-06.q107; 3050ISACA.CISA.v2022-08-28.q129; 4213ISACA.CISA.v2022-02-25.q148; 126ISACA.Actualtestpdf.CISA.v2021-11-13.by.sarah.721q.pdf; 5614ISACA.CISA.v2021-11-11.q194; 8796ISACA.CISA.v2021-10-08.q198; 9772ISACA.CISA.v2021-09-28.q199; 12240ISACA.CISA.v2021-09-11.q201

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 162TheSecOpsGroup.CNSP.v2025-09-08.q20; 220CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 145Salesforce.Data-Architect.v2025-09-05.q216; 139Adobe.AD0-E605.v2025-09-05.q50; 183Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104