The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1441
- Question
- Answer
- CISA Question 1442
- Question
- Answer
- CISA Question 1443
- Question
- Answer
- Explanation
- CISA Question 1444
- Question
- Answer
- CISA Question 1445
- Question
- Answer
- CISA Question 1446
- Question
- Answer
- CISA Question 1447
- Question
- Answer
- CISA Question 1448
- Question
- Answer
- CISA Question 1449
- Question
- Answer
- CISA Question 1450
- Question
- Answer
CISA Question 1441
Question
Which of the following must be in place before an IS auditor initiates audit follow-up activities?
A. A heat map with the gaps and recommendations displayed in terms of risk
B. A management response in the final report with a committed implementation date
C. Supporting evidence for the gaps and recommendations mentioned in the audit report
D. Available resources for the activities included in the action plan
Answer
C. Supporting evidence for the gaps and recommendations mentioned in the audit report
CISA Question 1442
Question
An IS auditor is asked to identify risk within an organization’s software development project. The project manager tells the auditor that an agile development methodology is being used to minimize the lengthy development process. Which of the following would be of GREATEST concern to the auditor?
A. Each team does its own testing.
B. The needed work has not yet been fully identified.
C. Some of the developers have not attended recent training.
D. Elements of the project have not been documented.
Answer
B. The needed work has not yet been fully identified.
CISA Question 1443
Question
Which of the following controls can BEST detect accidental corruption during transmission of data across a network?
A. Sequence checking
B. Parity checking
C. Symmetric encryption
D. Check digit verification
Answer
B. Parity checking
Explanation
Parity check is used to detect transmission errors in the data. When a parity check is applied to a single character, it is called vertical or column check. In addition, if a parity check is applied to all the data it is called vertical or row check. By using both types of parity check simultaneously can greatly increase the error detection possibility, which may not be possible when only one type of parity check is used.
CISA Question 1444
Question
An IS auditor is reviewing the results of a business process improvement project. Which of the following should be performed FIRST?
A. Evaluate control gaps between the old and the new processes.
B. Develop compensating controls.
C. Document the impact of control weaknesses in the process.
D. Ensure that lessons learned during the change process are documented.
Answer
A. Evaluate control gaps between the old and the new processes.
CISA Question 1445
Question
Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
A. Complexity of management’s actions plans
B. Recommendation from executive management
C. Audit cycle defined in the audit plan
D. Residual risk from the findings of previous audits
Answer
D. Residual risk from the findings of previous audits
CISA Question 1446
Question
When providing a vendor with data containing personally identifiable information (PII) for offsite testing, the data should be:
A. current
B. encrypted.
C. sanitized.
D. backed up.
Answer
B. encrypted.
CISA Question 1447
Question
A purpose of project closure is to determine the:
A. potential risks affecting the quality of deliverables.
B. lessons learned for use in future projects.
C. project feasibility requirements
D. professional expertise of the project manager.
Answer
B. lessons learned for use in future projects.
CISA Question 1448
Question
The use of symmetric key encryption controls to protect sensitive data transmitted over a communications network requires that:
A. primary keys for encrypting the data be stored in encrypted form.
B. encryption keys be changed only when a compromise is detected at both ends.
C. encryption keys at one end be changed on a regular basis.
D. public keys be stored in encrypted form.
Answer
A. primary keys for encrypting the data be stored in encrypted form.
CISA Question 1449
Question
Which of the following is a reason for implementing a decentralized IT governance model?
A. Standardized controls and economies of scale
B. IT synergy among business units
C. Greater consistency among business units
D. Greater responsiveness to business needs
Answer
D. Greater responsiveness to business needs
CISA Question 1450
Question
An organization allows its employees to use personal mobile devices for work. Which of the following would BEST maintain information security without compromising employee privacy?
A. Partitioning the work environment from personal space on devices
B. Preventing users from adding applications
C. Restricting the use of devices for personal purposes during working hours
D. Installing security software on the devices
Answer
C. Restricting the use of devices for personal purposes during working hours