The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1061
- Question
- Answer
- Explanation
- CISA Question 1062
- Question
- Answer
- Explanation
- CISA Question 1063
- Question
- Answer
- Explanation
- CISA Question 1064
- Question
- Answer
- Explanation
- CISA Question 1065
- Question
- Answer
- Explanation
- CISA Question 1066
- Question
- Answer
- Explanation
- CISA Question 1067
- Question
- Answer
- Explanation
- CISA Question 1068
- Question
- Answer
- Explanation
- CISA Question 1069
- Question
- Answer
- Explanation
- CISA Question 1070
- Question
- Answer
- Explanation
CISA Question 1061
Question
Allowing application programmers to directly patch or change code in production programs increases risk of fraud. True or false?
A. True
B. False
Answer
A. True
Explanation
Allowing application programmers to directly patch or change code in production programs increases risk of fraud.
CISA Question 1062
Question
When should reviewing an audit client’s business plan be performed relative to reviewing an organization’s IT strategic plan?
A. Reviewing an audit client’s business plan should be performed before reviewing an organization’s IT strategic plan.
B. Reviewing an audit client’s business plan should be performed after reviewing an organization’s IT strategic plan.
C. Reviewing an audit client’s business plan should be performed during the review of an organization’s IT strategic plan.
D. Reviewing an audit client’s business plan should be performed without regard to an organization’s IT strategic plan.
Answer
A. Reviewing an audit client’s business plan should be performed before reviewing an organization’s IT strategic plan.
Explanation
Reviewing an audit client’s business plan should be performed before reviewing an organization’s IT strategic plan.
CISA Question 1063
Question
What process allows IS management to determine whether the activities of the organization differ from the planned or expected levels?
A. Business impact assessment
B. Risk assessment
C. IS assessment methods
D. Key performance indicators (KPIs)
Answer
C. IS assessment methods
Explanation
IS assessment methods allow IS management to determine whether the activities of the organization differ from the planned or expected levels.
CISA Question 1064
Question
When performing an IS strategy audit, an IS auditor should review both short-term (one- year) and long-term (three-to five-year) IS strategies,
interview appropriate corporate management personnel, and ensure that the external environment has been considered. The auditor should
especially focus on procedures in an audit of IS strategy. True or false?
A. True
B. False
Answer
B. False
Explanation
When performing an IS strategy audit, an IS auditor should review both short-term (one-year) and long-term (three-to five-year) IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered.
CISA Question 1065
Question
When auditing third-party service providers, an IS auditor should be concerned with which of the following?
A. Ownership of the programs and files
B. A statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster
C. A statement of due care
D. Ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster
Answer
D. Ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster
Explanation
When auditing third-party service providers, an auditor should be concerned with ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster.
CISA Question 1066
Question
Ensuring that security and control policies support business and IT objectives is a primary objective of:
A. An IT security policies audit
B. A processing audit
C. A software audit
D. A vulnerability assessment
Answer
A. An IT security policies audit
Explanation
Ensuring that security and control policies support business and IT objectives is a primary objective of an IT security policies audit.
CISA Question 1067
Question
Why does an IS auditor review an organization chart?
A. To optimize the responsibilities and authority of individuals
B. To control the responsibilities and authority of individuals
C. To better understand the responsibilities and authority of individuals
D. To identify project sponsors
Answer
C. To better understand the responsibilities and authority of individuals
Explanation
The primary reason an IS auditor reviews an organization chart is to better understand the responsibilities and authority of individuals.
CISA Question 1068
Question
Who is responsible for implementing cost-effective controls in an automated system?
A. Security policy administrators
B. Business unit management
C. Senior management
D. Board of directors
Answer
B. Business unit management
Explanation
Business unit management is responsible for implementing cost-effective controls in an automated system.
CISA Question 1069
Question
If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform
an operations function, what is the auditor’s primary responsibility?
A. To advise senior management.
B. To reassign job functions to eliminate potential fraud.
C. To implement compensator controls.
D. Segregation of duties is an administrative control not considered by an IS auditor.
Answer
A. To advise senior management.
Explanation
An IS auditor’s primary responsibility is to advise senior management of the risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function.
CISA Question 1070
Question
An advantage of a continuous audit approach is that it can improve system security when used in time-sharing environments that process a large
number of transactions. True or false?
A. True
B. False
Answer
A. True
Explanation
It is true that an advantage of a continuous audit approach is that it can improve system security when used in time-sharing environments that process a large number of transactions.