The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1451
- Question
- Answer
- CISA Question 1452
- Question
- Answer
- CISA Question 1453
- Question
- Answer
- CISA Question 1454
- Question
- Answer
- CISA Question 1455
- Question
- Answer
- CISA Question 1456
- Question
- Answer
- CISA Question 1457
- Question
- Answer
- CISA Question 1458
- Question
- Answer
- CISA Question 1459
- Question
- Answer
- CISA Question 1460
- Question
- Answer
CISA Question 1451
Question
An organization has established three IT processing environments: development, test, and production. The MAJOR reason for separating the development and test environments is to:
A. obtain segregation of duties between IT staff and end users.
B. limit the users’ access rights to the test environment.
C. perform testing in a stable environment.
D. protect the programs under development from unauthorized testing.
Answer
C. perform testing in a stable environment.
CISA Question 1452
Question
During the evaluation of a firm’s newly established whistleblower system, an auditor notes several findings. Which of the following should be the auditor’s
GREATEST concern?
A. New employees have not been informed of the whistleblower policy.
B. The whistleblower’s privacy is not protected.
C. The whistleblower system does not track the time and date of submission.
D. The whistleblower system is only available during business hours.
Answer
B. The whistleblower’s privacy is not protected.
CISA Question 1453
Question
Which of the following methods would be MOST effective in verifying that all changes have been authorized?
A. Reconciling problem tickets with authorized change control entries
B. Reconciling reports of changes in production libraries to authorized change log entries
C. Validating authorized change log entries with individual(s) who promoted into production
D. Reconciling reports of changes in development libraries to supporting documentation
Answer
C. Validating authorized change log entries with individual(s) who promoted into production
CISA Question 1454
Question
An organization is replacing its financial processing system. To help ensure that transactions in the new system are processed accurately, which of the following is MOST appropriate?
A. Compare year-to-date balances between the systems.
B. Reconcile results of parallel processing.
C. Document and test internal controls over the conversion.
D. Review data file conversion procedures.
Answer
B. Reconcile results of parallel processing.
CISA Question 1455
Question
During a follow-up audit, an IS auditor discovers that a recommendation has not been implemented. However, the auditee has implemented a manual workaround that addresses the identified risk, through far less efficiency than the recommended action would. Which of the following would be the auditor’s BEST course of action?
A. Notify management that the risk has been addressed and take no further action.
B. Escalate the remaining issue for further discussion and resolution.
C. Note that the risk has been addressed and notify management of the inefficiency.
D. Insist to management that the original recommendation be implemented.
Answer
C. Note that the risk has been addressed and notify management of the inefficiency.
CISA Question 1456
Question
Which of the following should be an IS auditor’s PRIMARY focus when developing a risk-based IS audit program?
A. Business plans
B. Business processes
C. IT strategic plans
D. Portfolio management
Answer
C. IT strategic plans
CISA Question 1457
Question
Which of the following is the MOST effective way to maintain network integrity when using mobile devices?
A. Perform network reviews.
B. Implement network access control.
C. Implement outbound firewall rules.
D. Review access control lists.
Answer
B. Implement network access control.
CISA Question 1458
Question
An IS auditor is assessing the results of an organization’s post-implementation review of a newly developed information system. Which of the following should be the auditor’s MAIN focus?
A. The procurement contract has been closed.
B. Lessons learned have been identified.
C. The disaster recovery plan has been updated.
D. Benefits realization analysis has been completed.
Answer
C. The disaster recovery plan has been updated.
CISA Question 1459
Question
Which of the following is the MOST significant risk when an application uses individual end user accounts to access the underlying database?
A. User accounts may remain active after a termination.
B. Multiple connects to the database are used and slow the process.
C. Application may not capture a complete audit trail.
D. Users may be able to circumvent application controls.
Answer
A. User accounts may remain active after a termination.
CISA Question 1460
Question
Which of the following is the MOST important difference between end-user computing (EUC) applications and traditional applications?
A. Traditional application documentation is typically less comprehensive than EUC application documentation.
B. Traditional applications require roll-back procedures whereas EUC applications do not.
C. Traditional applications require periodic patching whereas EUC applications do not.
D. Traditional application input controls are typically more robust than EUC application input controls
Answer
C. Traditional applications require periodic patching whereas EUC applications do not.