The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1091
- Question
- Answer
- Explanation
- CISA Question 1092
- Question
- Answer
- Explanation
- CISA Question 1093
- Question
- Answer
- Explanation
- CISA Question 1094
- Question
- Answer
- Explanation
- CISA Question 1095
- Question
- Answer
- Explanation
- CISA Question 1096
- Question
- Answer
- Explanation
- CISA Question 1097
- Question
- Answer
- Explanation
- CISA Question 1098
- Question
- Answer
- CISA Question 1099
- Question
- Answer
- CISA Question 1100
- Question
- Answer
CISA Question 1091
Question
Network environments often add to the complexity of program-to-program communication, making the implementation and maintenance of
application systems more difficult. True or false?
A. True
B. False
Answer
A. True
Explanation
Network environments often add to the complexity of program-to-program communication, making application systems implementation and maintenance more difficult.
CISA Question 1092
Question
What can be used to help identify and investigate unauthorized transactions?
A. Postmortem review
B. Reasonableness checks
C. Data-mining techniques
D. Expert systems
Answer
C. Data-mining techniques
Explanation
Data-mining techniques can be used to help identify and investigate unauthorized transactions.
CISA Question 1093
Question
________ (fill in the blank) is/are ultimately accountable for the functionality, reliability, and security within IT governance.
A. Data custodians
B. The board of directors and executive officers
C. IT security administration
D. Business unit managers
Answer
B. The board of directors and executive officers
Explanation
The board of directors and executive officers are ultimately accountable for the functionality, reliability, and security within IT governance.
CISA Question 1094
Question
Run-to-run totals can verify data through which stage(s) of application processing?
A. Initial
B. Various
C. Final
D. Output
Answer
B. Various
Explanation
Run-to-run totals can verify data through various stages of application processing.
CISA Question 1095
Question
Fourth-Generation Languages (4GLs) are most appropriate for designing the application’s graphical user interface (GUI). They are inappropriate for
designing any intensive data- calculation procedures. True or false?
A. True
B. False
Answer
A. True
Explanation
Fourth-generation languages (4GLs) are most appropriate for designing the application’s graphical user interface (GUI). They are inappropriate for designing any intensive data-calculation procedures.
CISA Question 1096
Question
What often results in project scope creep when functional requirements are not defined as well as they could be?
A. Inadequate software baselining
B. Insufficient strategic planning
C. Inaccurate resource allocation
D. Project delays
Answer
A. Inadequate software baselining
Explanation
Inadequate software baselining often results in project scope creep because functional requirements are not defined as well as they could be.
CISA Question 1097
Question
If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, what should the auditor
do?
A. Lack of IT documentation is not usually material to the controls tested in an IT audit.
B. The auditor should at least document the informal standards and policies. Furthermore, the IS auditor should create formal documented policies to be implemented.
C. The auditor should at least document the informal standards and policies, and test for a compliance. Furthermore, the IS auditor should recommend management that formal documented policies be developed and implemented.
D. The auditor should at least document the informal standards and policies, and test for compliance. Furthermore, the IS auditor should create formal documented policies to be implemented.
Answer
C. The auditor should at least document the informal standards and policies, and test for a compliance. Furthermore, the IS auditor should recommend management that formal documented policies be developed and implemented.
Explanation
If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, the auditor should at least document the informal standards and policies, and test for compliance. Furthermore, the IS auditor should recommend to management that formal documented policies be developed and implemented.
CISA Question 1098
Question
Which of the following is the MOST important part of an incident response plan?
A. Recovery point objective (RPO)
B. Recovery time objective (RTO)
C. Mean time to report (MTR)
D. Business impact analysis (BIA)
Answer
B. Recovery time objective (RTO)
CISA Question 1099
Question
The PRIMARY purpose of a periodic threat and risk assessment report to senior management is to communicate the:
A. cost-benefit of security controls.
B. status of the security posture.
C. probability of future incidents.
D. risk acceptance criteria.
Answer
B. status of the security posture.
CISA Question 1100
Question
Which of the following is MOST relevant for an information security manager to communicate to IT operations?
A. The level of inherent risk
B. Vulnerability assessments
C. Threat assessments
D. The level of exposure
Answer
D. The level of exposure