Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 12

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1201

Question

Which of the following could lead to an unintentional loss of confidentiality?

A. Lack of employee awareness of a company’s information security policy
B. Failure to comply with a company’s information security policy
C. A momentary lapse of reason
D. Lack of security policy enforcement procedures

Answer

A. Lack of employee awareness of a company’s information security policy

Explanation

Lack of employee awareness of a company’s information security policy could lead to an unintentional loss of confidentiality.

CISA Question 1202

Question

If senior management is not committed to strategic planning, how likely is it that a company’s implementation of IT will be successful?

A. IT cannot be implemented if senior management is not committed to strategic planning.
B. More likely.
C. Less likely.
D. Strategic planning does not affect the success of a company’s implementation of IT.

Answer

C. Less likely.

Explanation

A company’s implementation of IT will be less likely to succeed if senior management is not committed to strategic planning.

CISA Question 1203

Question

Key verification is one of the best controls for ensuring that:

A. Data is entered correctly
B. Only authorized cryptographic keys are used
C. Input is authorized
D. Database indexing is performed properly

Answer

A. Data is entered correctly

Explanation

Key verification is one of the best controls for ensuring that data is entered correctly.

CISA Question 1204

Question

Batch control reconciliation is a _____________________ (fill the blank) control for mitigating risk of inadequate segregation of duties.

A. Detective
B. Corrective
C. Preventative
D. Compensatory

Answer

D. Compensatory

Explanation

Batch control reconciliations is a compensatory control for mitigating risk of inadequate segregation of duties.

CISA Question 1205

Question

A core tenant of an IS strategy is that it must:

A. Be inexpensive
B. Be protected as sensitive confidential information
C. Protect information confidentiality, integrity, and availability
D. Support the business objectives of the organization

Answer

D. Support the business objectives of the organization

Explanation

Above all else, an IS strategy must support the business objectives of the organization.

CISA Question 1206

Question

Proper segregation of duties normally does not prohibit a LAN administrator from also having programming responsibilities. True or false?

A. True
B. False

Answer

B. False

Explanation

Proper segregation of duties normally prohibits a LAN administrator from also having programming responsibilities.

CISA Question 1207

Question

Who is ultimately accountable for the development of an IS security policy?

A. The board of directors
B. Middle management
C. Security administrators
D. Network administrators

Answer

A. The board of directors

Explanation

The board of directors is ultimately accountable for the development of an IS security policy.

CISA Question 1208

Question

What should an IS auditor do if he or she observes that project-approval procedures do not exist?

A. Advise senior management to invest in project-management training for the staff
B. Create project-approval procedures for future project implementations
C. Assign project leaders
D. Recommend to management that formal approval procedures be adopted and documented

Answer

D. Recommend to management that formal approval procedures be adopted and documented

Explanation

If an IS auditor observes that project-approval procedures do not exist, the IS auditor should recommend to management that formal approval procedures be adopted and documented.

CISA Question 1209

Question

Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. True or false?

A. True
B. False

Answer

A. True

Explanation

Proper segregation of duties prohibits a system analyst from performing quality-assurance functions.

CISA Question 1210

Question

Who is accountable for maintaining appropriate security measures over information assets?

A. Data and systems owners
B. Data and systems users
C. Data and systems custodians
D. Data and systems auditors

Answer

A. Data and systems owners

Explanation

Data and systems owners are accountable for maintaining appropriate security measures over information assets.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.