The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1491
- Question
- Answer
- Explanation
- CISA Question 1492
- Question
- Answer
- Explanation
- CISA Question 1493
- Question
- Answer
- CISA Question 1494
- Question
- Answer
- CISA Question 1495
- Question
- Answer
- CISA Question 1496
- Question
- Answer
- CISA Question 1497
- Question
- Answer
- CISA Question 1498
- Question
- Answer
- CISA Question 1499
- Question
- Answer
- CISA Question 1500
- Question
- Answer
CISA Question 1491
Question
Which of the following would a digital signature MOST likely prevent?
A. Corruption
B. Unauthorized change
C. Repudiation
D. Disclosure
Answer
A. Corruption
Explanation
The main reason of using digital signature is to ensure message integrity.it also helps to ensure authenticity and non-repudiation of the message. A digital signature can never ensure the confidentiality of data.
CISA Question 1492
Question
Which should be reviewed FIRST by an IS auditor to ensure that data is being secured appropriately for an application?
A. Data classification
B. Data encryption
C. Data access
D. Data storage
Answer
A. Data classification
Explanation
Data classification is necessary to provide proper access rights to the users. If you do not classify data according to their sensitivity and importance to the business, you cannot apply proper access rules to them. Data owners are responsible for defining access rules. The data classification process starts with the process of establishing ownership of data. This process also helps to prepare data dictionary.
CISA Question 1493
Question
Which of the following is MOST important when an organization contracts for the long-term use of a custom-developed application?
A. Documented coding standards
B. Error correction management
C. Contract renewal provisions
D. Escrow clause
Answer
C. Contract renewal provisions
CISA Question 1494
Question
The final acceptance testing of a new application system should be the responsibility of the:
A. IS audit team.
B. user group
C. IS management
D. quality assurance team
Answer
B. user group
CISA Question 1495
Question
When developing a business continuity plan (BCP), business unit management’s involvement is MOST important during the:
A. performance of a business impact analysis (BIA).
B. development of business recovery procedures.
C. implementation of a document repository.
D. performance of an IT risk assessment.
Answer
B. development of business recovery procedures.
CISA Question 1496
Question
During a follow-up audit, an IS auditor finds that the auditee has updated virus scanner definitions without adopting the original audit recommendation to increase the frequency of using the scanner. The MOST appropriate action for the auditor is to:
A. prepare a follow-up audit report reiterating the recommendation.
B. escalate the issue to senior management.
C. modify the audit opinion based on the new information available.
D. conclude that the residual risk is beyond tolerable levels of risk.
Answer
C. modify the audit opinion based on the new information available.
CISA Question 1497
Question
Which of the following is the MOST effective control to minimize the risk of cross-site scripting (XSS)?
A. Periodic vulnerability assessments
B. Secure coding practices
C. Network intrusion prevention system
D. Web firewall policy
Answer
B. Secure coding practices
CISA Question 1498
Question
Which of the following is the PRIMARY reason an IS auditor should discuss observations with management before delivering a final report?
A. Identify business risks associated with the observations.
B. Assist the management with control enhancements.
C. Record the proposed course of corrective action.
D. Validate the audit observations.
Answer
D. Validate the audit observations.
CISA Question 1499
Question
Reviewing project plans and status reports throughout the development life cycle will:
A. eliminate the need to perform a risk assessment.
B. postpone documenting the project’s progress until the final phase.
C. guarantee that the project will meet its intended deliverables.
D. facilitate the optimal use of resources over the life of the project.
Answer
D. facilitate the optimal use of resources over the life of the project.
CISA Question 1500
Question
When conducting a post-implementation review, which of the following is the BEST way to determine whether the value from an IT project has been achieved?
A. Calculate the return on investment (ROI).
B. Interview stakeholders.
C. Conduct an earned value analysis (EVA).
D. Survey end users.
Answer
C. Conduct an earned value analysis (EVA).