Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 10

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1061

Question

Allowing application programmers to directly patch or change code in production programs increases risk of fraud. True or false?

A. True
B. False

Answer

A. True

Explanation

Allowing application programmers to directly patch or change code in production programs increases risk of fraud.

CISA Question 1062

Question

When should reviewing an audit client’s business plan be performed relative to reviewing an organization’s IT strategic plan?

A. Reviewing an audit client’s business plan should be performed before reviewing an organization’s IT strategic plan.
B. Reviewing an audit client’s business plan should be performed after reviewing an organization’s IT strategic plan.
C. Reviewing an audit client’s business plan should be performed during the review of an organization’s IT strategic plan.
D. Reviewing an audit client’s business plan should be performed without regard to an organization’s IT strategic plan.

Answer

A. Reviewing an audit client’s business plan should be performed before reviewing an organization’s IT strategic plan.

Explanation

Reviewing an audit client’s business plan should be performed before reviewing an organization’s IT strategic plan.

CISA Question 1063

Question

What process allows IS management to determine whether the activities of the organization differ from the planned or expected levels?

A. Business impact assessment
B. Risk assessment
C. IS assessment methods
D. Key performance indicators (KPIs)

Answer

C. IS assessment methods

Explanation

IS assessment methods allow IS management to determine whether the activities of the organization differ from the planned or expected levels.

CISA Question 1064

Question

When performing an IS strategy audit, an IS auditor should review both short-term (one- year) and long-term (three-to five-year) IS strategies,
interview appropriate corporate management personnel, and ensure that the external environment has been considered. The auditor should
especially focus on procedures in an audit of IS strategy. True or false?

A. True
B. False

Answer

B. False

Explanation

When performing an IS strategy audit, an IS auditor should review both short-term (one-year) and long-term (three-to five-year) IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered.

CISA Question 1065

Question

When auditing third-party service providers, an IS auditor should be concerned with which of the following?

A. Ownership of the programs and files
B. A statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster
C. A statement of due care
D. Ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster

Answer

D. Ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster

Explanation

When auditing third-party service providers, an auditor should be concerned with ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster.

CISA Question 1066

Question

Ensuring that security and control policies support business and IT objectives is a primary objective of:

A. An IT security policies audit
B. A processing audit
C. A software audit
D. A vulnerability assessment

Answer

A. An IT security policies audit

Explanation

Ensuring that security and control policies support business and IT objectives is a primary objective of an IT security policies audit.

CISA Question 1067

Question

Why does an IS auditor review an organization chart?

A. To optimize the responsibilities and authority of individuals
B. To control the responsibilities and authority of individuals
C. To better understand the responsibilities and authority of individuals
D. To identify project sponsors

Answer

C. To better understand the responsibilities and authority of individuals

Explanation

The primary reason an IS auditor reviews an organization chart is to better understand the responsibilities and authority of individuals.

CISA Question 1068

Question

Who is responsible for implementing cost-effective controls in an automated system?

A. Security policy administrators
B. Business unit management
C. Senior management
D. Board of directors

Answer

B. Business unit management

Explanation

Business unit management is responsible for implementing cost-effective controls in an automated system.

CISA Question 1069

Question

If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform
an operations function, what is the auditor’s primary responsibility?

A. To advise senior management.
B. To reassign job functions to eliminate potential fraud.
C. To implement compensator controls.
D. Segregation of duties is an administrative control not considered by an IS auditor.

Answer

A. To advise senior management.

Explanation

An IS auditor’s primary responsibility is to advise senior management of the risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function.

CISA Question 1070

Question

An advantage of a continuous audit approach is that it can improve system security when used in time-sharing environments that process a large
number of transactions. True or false?

A. True
B. False

Answer

A. True

Explanation

It is true that an advantage of a continuous audit approach is that it can improve system security when used in time-sharing environments that process a large number of transactions.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker