The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1071
- Question
- Answer
- Explanation
- CISA Question 1072
- Question
- Answer
- Explanation
- CISA Question 1073
- Question
- Answer
- Explanation
- CISA Question 1074
- Question
- Answer
- Explanation
- CISA Question 1075
- Question
- Answer
- Explanation
- CISA Question 1076
- Question
- Answer
- Explanation
- CISA Question 1077
- Question
- Answer
- Explanation
- CISA Question 1078
- Question
- Answer
- Explanation
- CISA Question 1079
- Question
- Answer
- Explanation
- CISA Question 1080
- Question
- Answer
- Explanation
CISA Question 1071
Question
An integrated test facility is not considered a useful audit tool because it cannot compare processing output with independently calculated data.
True or false?
A. True
B. False
Answer
B. False
Explanation
An integrated test facility is considered a useful audit tool because it compares processing output with independently calculated data.
CISA Question 1072
Question
Which of the following is of greatest concern to the IS auditor?
A. Failure to report a successful attack on the network
B. Failure to prevent a successful attack on the network
C. Failure to recover from a successful attack on the network
D. Failure to detect a successful attack on the network
Answer
A. Failure to report a successful attack on the network
Explanation
Lack of reporting of a successful attack on the network is a great concern to an IS auditor.
CISA Question 1073
Question
Which of the following is best suited for searching for address field duplications?
A. Text search forensic utility software
B. Generalized audit software
C. Productivity audit software
D. Manual review
Answer
B. Generalized audit software
Explanation
Generalized audit software can be used to search for address field duplications.
CISA Question 1074
Question
What type of risk is associated with authorized program exits (trap doors)?
A. Business risk
B. Audit risk
C. Detective risk
D. Inherent risk
Answer
D. Inherent risk
Explanation
Inherent risk is associated with authorized program exits (trap doors).
CISA Question 1075
Question
What is the recommended initial step for an IS auditor to implement continuous-monitoring systems?
A. Document existing internal controls
B. Perform compliance testing on internal controls
C. Establish a controls-monitoring steering committee
D. Identify high-risk areas within the organization
Answer
D. Identify high-risk areas within the organization
Explanation
When implementing continuous-monitoring systems, an IS auditor’s first step is to identify high-risk areas within the organization.
CISA Question 1076
Question
To properly evaluate the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of which
of the following?
A. The business objectives of the organization
B. The effect of segregation of duties on internal controls
C. The point at which controls are exercised as data flows through the system
D. Organizational control policies
Answer
C. The point at which controls are exercised as data flows through the system
Explanation
When evaluating the collective effect of preventive, detective, or corrective controls within a process, an IS auditor should be aware of the point at which controls are exercised as data flows through the system.
CISA Question 1077
Question
Which of the following is the MOST critical step in planning an audit?
A. Implementing a prescribed auditing framework such as COBIT
B. Identifying current controls
C. Identifying high-risk audit targets
D. Testing controls
Answer
C. Identifying high-risk audit targets
Explanation
In planning an audit, the most critical step is identifying the areas of high risk.
CISA Question 1078
Question
Which of the following would prevent accountability for an action performed, thus allowing nonrepudiation?
A. Proper authentication
B. Proper identification AND authentication
C. Proper identification
D. Proper identification, authentication, AND authorization
Answer
B. Proper identification AND authentication
Explanation
If proper identification and authentication are not performed during access control, no accountability can exist for any action performed.
CISA Question 1079
Question
The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n):
A. Implementor
B. Facilitator
C. Developer
D. Sponsor
Answer
B. Facilitator
Explanation
The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a facilitator.
CISA Question 1080
Question
Parity bits are a control used to validate:
A. Data authentication
B. Data completeness
C. Data source
D. Data accuracy
Answer
B. Data completeness
Explanation
Parity bits are a control used to validate data completeness.