The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1481
- Question
- Answer
- Explanation
- CISA Question 1482
- Question
- Answer
- CISA Question 1483
- Question
- Answer
- CISA Question 1484
- Question
- Answer
- CISA Question 1485
- Question
- Answer
- CISA Question 1486
- Question
- Answer
- CISA Question 1487
- Question
- Answer
- Explanation
- CISA Question 1488
- Question
- Answer
- Explanation
- CISA Question 1489
- Question
- Answer
- CISA Question 1490
- Question
- Answer
CISA Question 1481
Question
Which of the following is the BEST way to determine if IT is delivering value to the business?
A. Distribute surveys to various end users of IT services.
B. Interview key IT managers and service providers.
C. Review IT service level agreement (SLA) metrics.
D. Analyze downtime frequency and duration.
Answer
C. Review IT service level agreement (SLA) metrics.
Explanation
A service level agreement (SLA) is a written document, which officially describe the details of services, in non-technical terms, provided by the IT department (internal or external) to its customers. The aim of SLA is to maintain and improve the customer satisfaction to an agreed level.
CISA Question 1482
Question
Which of the following would be the PRIMARY benefit of replacing physical keys with an electronic entry system for a data center?
A. Creates an audit trail
B. Enables data mining
C. Ensures compliance
D. Reduces cost
Answer
A. Creates an audit trail
CISA Question 1483
Question
When reviewing the process by which a contract for the outsourcing of various IT functions was completed, an IS auditor would ensure that the successful contractor:
A. has eliminated the risks of outsourcing.
B. maintains an internal audit function.
C. requires a confidentiality agreement to be signed by all employees.
D. was selected according to established business criteria.
Answer
B. maintains an internal audit function.
CISA Question 1484
Question
Which of the following controls BEST ensures appropriate segregation of duties within an accounts payable department?
A. Ensuring that audit trails exist for transactions
B. Restricting access to update programs to accounts payable staff only
C. Restricting program functionality according to user security profiles
D. Including the creator’s user ID as a field in every transaction record created
Answer
C. Restricting program functionality according to user security profiles
CISA Question 1485
Question
An IS auditor is conducting a follow-up internal IS audit and determines that several recommendations from the prior year have not been implemented. Which of the following should be the auditor’s FIRST course of action?
A. Evaluate the recommendations in context of the current IT environment.
B. Continue the audit and disregard prior audit recommendations.
C. Request management implement recommendations from the prior year.
D. Add unimplemented recommendations as findings for the new audit.
Answer
D. Add unimplemented recommendations as findings for the new audit.
CISA Question 1486
Question
In an annual audit cycle, the audit of an organization’s IT department resulted in many findings. Which of the following would be the MOST important consideration when planning the next audit?
A. Limiting the review to the deficient areas
B. Verifying that all recommendations have been implemented
C. Postponing the review until all of the findings have been rectified
D. Following up on the status of all recommendations
Answer
D. Following up on the status of all recommendations
CISA Question 1487
Question
The BEST reason for implementing a virtual private network (VPN) is that it:
A. eases the implementation of data encryption.
B. allows for public use of private networks.
C. enables use of existing hardware platforms.
D. allows for private use of public networks.
Answer
D. allows for private use of public networks.
Explanation
Virtual private networks (VPNs) connect remote users over an insecure public network such as the Internet. The connection is virtual because it is temporary with no physical presence. VPN technology is cost-effective and highly flexible. A VPN creates an encrypted tunnel to securely pass data as follows:
- Between two machines (host-host)
- From a machine to a network (host-gateway)
- From one network to another network (gateway-gateway)
CISA Question 1488
Question
An IS auditor’s PRIMARY concern about a business partner agreement for the exchange of electronic information should be to determine whether there is:
A. a clause that addresses the audit of shared systems.
B. evidence of review and approval by each partner’s legal department.
C. an information classification framework.
D. appropriate control and responsibility defined for each partner.
Answer
C. an information classification framework.
Explanation
The overall purpose of using a formal information classification scheme is to ensure proper handling based on the information content and context. Context refers to the usage of information.
Two major risks are present in the absence of an information classification scheme. The first major risk is that information will be mishandled.
The second major risk is that without an information classification scheme, all of the organization’s data may be subject to scrutiny during legal proceedings. The information classification scheme safeguards knowledge. Failure to implement a records and data classification scheme leads to disaster
CISA Question 1489
Question
An IS auditor has just completed a physical access review of the organization’s primary data center. Which of the following weaknesses should be of MOST concern?
A. Metal keys are used for access.
B. Backups of video cameras are corrupt.
C. There is no mantrap at the main door.
D. There is no manual logging for visitors.
Answer
C. There is no mantrap at the main door.
CISA Question 1490
Question
A computer program used by multiple departments has data quality issues. There is no agreement as to who should be responsible for corrective action. Which of the following is an IS auditor’s BEST course of action?
A. Recommend the IT department be assigned data cleansing responsibility.
B. Modify the program to automatically cleanse the data and close the issue.
C. Assign responsibility to the primary department using the program.
D. Note the disagreement and recommend establishing data governance.
Answer
D. Note the disagreement and recommend establishing data governance.