Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 10

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1091

Question

Network environments often add to the complexity of program-to-program communication, making the implementation and maintenance of
application systems more difficult. True or false?

A. True
B. False

Answer

A. True

Explanation

Network environments often add to the complexity of program-to-program communication, making application systems implementation and maintenance more difficult.

CISA Question 1092

Question

What can be used to help identify and investigate unauthorized transactions?

A. Postmortem review
B. Reasonableness checks
C. Data-mining techniques
D. Expert systems

Answer

C. Data-mining techniques

Explanation

Data-mining techniques can be used to help identify and investigate unauthorized transactions.

CISA Question 1093

Question

________ (fill in the blank) is/are ultimately accountable for the functionality, reliability, and security within IT governance.

A. Data custodians
B. The board of directors and executive officers
C. IT security administration
D. Business unit managers

Answer

B. The board of directors and executive officers

Explanation

The board of directors and executive officers are ultimately accountable for the functionality, reliability, and security within IT governance.

CISA Question 1094

Question

Run-to-run totals can verify data through which stage(s) of application processing?

A. Initial
B. Various
C. Final
D. Output

Answer

B. Various

Explanation

Run-to-run totals can verify data through various stages of application processing.

CISA Question 1095

Question

Fourth-Generation Languages (4GLs) are most appropriate for designing the application’s graphical user interface (GUI). They are inappropriate for
designing any intensive data- calculation procedures. True or false?

A. True
B. False

Answer

A. True

Explanation

Fourth-generation languages (4GLs) are most appropriate for designing the application’s graphical user interface (GUI). They are inappropriate for designing any intensive data-calculation procedures.

CISA Question 1096

Question

What often results in project scope creep when functional requirements are not defined as well as they could be?

A. Inadequate software baselining
B. Insufficient strategic planning
C. Inaccurate resource allocation
D. Project delays

Answer

A. Inadequate software baselining

Explanation

Inadequate software baselining often results in project scope creep because functional requirements are not defined as well as they could be.

CISA Question 1097

Question

If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, what should the auditor
do?

A. Lack of IT documentation is not usually material to the controls tested in an IT audit.
B. The auditor should at least document the informal standards and policies. Furthermore, the IS auditor should create formal documented policies to be implemented.
C. The auditor should at least document the informal standards and policies, and test for a compliance. Furthermore, the IS auditor should recommend management that formal documented policies be developed and implemented.
D. The auditor should at least document the informal standards and policies, and test for compliance. Furthermore, the IS auditor should create formal documented policies to be implemented.

Answer

C. The auditor should at least document the informal standards and policies, and test for a compliance. Furthermore, the IS auditor should recommend management that formal documented policies be developed and implemented.

Explanation

If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, the auditor should at least document the informal standards and policies, and test for compliance. Furthermore, the IS auditor should recommend to management that formal documented policies be developed and implemented.

CISA Question 1098

Question

Which of the following is the MOST important part of an incident response plan?

A. Recovery point objective (RPO)
B. Recovery time objective (RTO)
C. Mean time to report (MTR)
D. Business impact analysis (BIA)

Answer

B. Recovery time objective (RTO)

CISA Question 1099

Question

The PRIMARY purpose of a periodic threat and risk assessment report to senior management is to communicate the:

A. cost-benefit of security controls.
B. status of the security posture.
C. probability of future incidents.
D. risk acceptance criteria.

Answer

B. status of the security posture.

CISA Question 1100

Question

Which of the following is MOST relevant for an information security manager to communicate to IT operations?

A. The level of inherent risk
B. Vulnerability assessments
C. Threat assessments
D. The level of exposure

Answer

D. The level of exposure

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker