Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 15

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1511

Question

Which of the following is the MOST reliable way for an IS auditor to evaluate the operational effectiveness of an organization’s data loss prevention (DLP) controls?

A. Verify that confidential files cannot be transmitted to a personal USB device.
B. Conduct interviews to identify possible data protection vulnerabilities.
C. Review data classification levels based on industry best practice.
D. Verify that current DLP software is installed on all computer systems.

Answer

C. Review data classification levels based on industry best practice.

CISA Question 1512

Question

Which of the following should be an IS auditor’s BEST recommendation to prevent installation of unlicensed software on employees’ companyprovided devices?

A. Enforce audit logging of software installation activities.
B. Restrict software installation authority to administrative users only.
C. Implement software blacklisting.
D. Remove unlicensed software from end-user devices.

Answer

A. Enforce audit logging of software installation activities.

CISA Question 1513

Question

In an organization that has a staff-rotation policy, the MOST appropriate access control model is:

A. role-based.
B. discretionary.
C. mandatory.
D. lattice-based.

Answer

A. role-based.

CISA Question 1514

Question

Which of the following should be the MOST important consideration when determining which information system application to audit?

A. Cost-benefit analysis
B. Available resources
C. Business impact analysis
D. Newly implemented systems

Answer

C. Business impact analysis

CISA Question 1515

Question

One advantage of managing an entire collection of projects as a portfolio is that it highlights the need to:

A. identify dependencies between projects.
B. inform users about all ongoing projects.
C. manage the risk of each individual project.
D. manage the quality of each project.

Answer

D. manage the quality of each project.

CISA Question 1516

Question

Which of the following is the BEST reason for an organization to develop a business continuity plan?

A. To develop a detailed description of information systems and processes
B. To identify the users of information systems and processes
C. To avoid the costs resulting from the failure of key systems and processes
D. To establish business unit prioritization of systems, projects, and strategies

Answer

C. To avoid the costs resulting from the failure of key systems and processes

CISA Question 1517

Question

An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor’s BEST recommendation would be to:

A. recruit more monitoring personnel.
B. fine tune the intrusion detection system (IDS).
C. reduce the firewall rules.
D. establish criteria for reviewing alerts.

Answer

D. establish criteria for reviewing alerts.

CISA Question 1518

Question

During an audit of a financial application, it was determined that many terminated users’ accounts were not disabled. Which of the following should be the IS auditor’s NEXT step?

A. Perform a review of terminated users’ account activity.
B. Conclude that IT general controls are ineffective.
C. Communicate risks to the application owner.
D. Perform substantive testing of terminated users’ access rights.

Answer

A. Perform a review of terminated users’ account activity.

CISA Question 1519

Question

An IS auditor performing an audit of backup procedures observes that backup tapes are picked up weekly and stored offsite at a third-party hosting facility. Which of the following recommendations would be the BEST way to protect the data on the backup tapes?

A. Ensure that data is encrypted before leaving the facility.
B. Ensure that the transport company obtains signatures for all shipments.
C. Confirm that data is transported in locked tamper-evident containers.
D. Confirm that data transfers are logged and recorded.

Answer

A. Ensure that data is encrypted before leaving the facility.

CISA Question 1520

Question

An IS auditor is reviewing the performance outcomes of controls in an agile development project. Which of the following would provide the MOST relevant evidence for the auditor to consider?

A. Progress report of outstanding work
B. Product backlog
C. Number of failed builds
D. Composition of the scrum team

Answer

A. Progress report of outstanding work