Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 10

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1071

Question

An integrated test facility is not considered a useful audit tool because it cannot compare processing output with independently calculated data.
True or false?

A. True
B. False

Answer

B. False

Explanation

An integrated test facility is considered a useful audit tool because it compares processing output with independently calculated data.

CISA Question 1072

Question

Which of the following is of greatest concern to the IS auditor?

A. Failure to report a successful attack on the network
B. Failure to prevent a successful attack on the network
C. Failure to recover from a successful attack on the network
D. Failure to detect a successful attack on the network

Answer

A. Failure to report a successful attack on the network

Explanation

Lack of reporting of a successful attack on the network is a great concern to an IS auditor.

CISA Question 1073

Question

Which of the following is best suited for searching for address field duplications?

A. Text search forensic utility software
B. Generalized audit software
C. Productivity audit software
D. Manual review

Answer

B. Generalized audit software

Explanation

Generalized audit software can be used to search for address field duplications.

CISA Question 1074

Question

What type of risk is associated with authorized program exits (trap doors)?

A. Business risk
B. Audit risk
C. Detective risk
D. Inherent risk

Answer

D. Inherent risk

Explanation

Inherent risk is associated with authorized program exits (trap doors).

CISA Question 1075

Question

What is the recommended initial step for an IS auditor to implement continuous-monitoring systems?

A. Document existing internal controls
B. Perform compliance testing on internal controls
C. Establish a controls-monitoring steering committee
D. Identify high-risk areas within the organization

Answer

D. Identify high-risk areas within the organization

Explanation

When implementing continuous-monitoring systems, an IS auditor’s first step is to identify high-risk areas within the organization.

CISA Question 1076

Question

To properly evaluate the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of which
of the following?

A. The business objectives of the organization
B. The effect of segregation of duties on internal controls
C. The point at which controls are exercised as data flows through the system
D. Organizational control policies

Answer

C. The point at which controls are exercised as data flows through the system

Explanation

When evaluating the collective effect of preventive, detective, or corrective controls within a process, an IS auditor should be aware of the point at which controls are exercised as data flows through the system.

CISA Question 1077

Question

Which of the following is the MOST critical step in planning an audit?

A. Implementing a prescribed auditing framework such as COBIT
B. Identifying current controls
C. Identifying high-risk audit targets
D. Testing controls

Answer

C. Identifying high-risk audit targets

Explanation

In planning an audit, the most critical step is identifying the areas of high risk.

CISA Question 1078

Question

Which of the following would prevent accountability for an action performed, thus allowing nonrepudiation?

A. Proper authentication
B. Proper identification AND authentication
C. Proper identification
D. Proper identification, authentication, AND authorization

Answer

B. Proper identification AND authentication

Explanation

If proper identification and authentication are not performed during access control, no accountability can exist for any action performed.

CISA Question 1079

Question

The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n):

A. Implementor
B. Facilitator
C. Developer
D. Sponsor

Answer

B. Facilitator

Explanation

The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a facilitator.

CISA Question 1080

Question

Parity bits are a control used to validate:

A. Data authentication
B. Data completeness
C. Data source
D. Data accuracy

Answer

B. Data completeness

Explanation

Parity bits are a control used to validate data completeness.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker