Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 15

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1551

Question

During an audit, the IS auditor finds that in many cases excessive rights were not removed from a system. Which of the following would be the auditor’s BEST recommendation?

A. IT security should regularly revoke excessive system rights.
B. System administrators should ensure consistency of assigned rights.
C. Line management should regularly review and request modification of access rights.
D. Human resources should delete access rights of terminated employees.

Answer

D. Human resources should delete access rights of terminated employees.

CISA Question 1552

Question

In planning a major system development project, function point analysis would assist in:

A. estimating the elapsed time of the project.
B. estimating the size of a system development task.
C. analyzing the functions undertaken by system users as an aid to job redesign.
D. determining the business functions undertaken by a system or program.

Answer

C. analyzing the functions undertaken by system users as an aid to job redesign.

CISA Question 1553

Question

The performance of an order-processing system can be measured MOST reliably by monitoring:

A. input/request queue length.
B. turnaround time of completed transactions.
C. application and database servers’ CPU load.
D. heartbeats between server systems.

Answer

B. turnaround time of completed transactions.

CISA Question 1554

Question

Which of the following actions should an organization’s security policy require an employee to take upon finding a security breach?

A. Report the incident to the manager immediately.
B. Inform IS audit management immediately.
C. Confirm the breach can be exploited.
D. Devise appropriate countermeasures.

Answer

A. Report the incident to the manager immediately.

CISA Question 1555

Question

A new system development project is running late against a critical implementation deadline. Which of the following is the MOST important activity?

A. Document last-minute enhancements.
B. Perform user acceptance testing.
C. Perform a pre-implementation audit.
D. Ensure that code has been reviewed.

Answer

D. Ensure that code has been reviewed.

CISA Question 1556

Question

When conducting a follow-up of previous audit findings, an IS auditor is told by management that a recommendation to make security changes to an application has not been implemented. The IS auditor should FIRST determine whether:

A. additional time to implement changes is needed.
B. the associated risk is still relevant.
C. the recommendation should be re-issued.
D. the issue should be escalated.

Answer

A. additional time to implement changes is needed.

CISA Question 1557

Question

Which of the following is appropriate when an IS auditor is conducting an exit meeting with senior management?

A. Eliminate significant findings where audit and management agree on risk acceptance.
B. Agree with senior management on the risk grading of the audit report.
C. Document written responses from management along with an implementation plan.
D. Escalate disputed recommendations to the audit committee.

Answer

C. Document written responses from management along with an implementation plan.

CISA Question 1558

Question

Which of the following is a MAJOR benefit of using a wireless network?

A. Faster network speed
B. Stronger authentication
C. Protection against eavesdropping
D. Lower installation cost

Answer

B. Stronger authentication

CISA Question 1559

Question

While performing a risk-based audit, which of the following would BEST enable an IS auditor to identify and categorize risk?

A. Understanding the control framework
B. Developing a comprehensive risk model
C. Understanding the business environment
D. Adopting qualitative risk analysis

Answer

C. Understanding the business environment

CISA Question 1560

Question

Which of the following should occur EARLIEST in a business continuity management lifecycle?

A. Defining business continuity procedures
B. Identifying critical business processes
C. Developing a training and awareness program
D. Carrying out a threat and risk assessment

Answer

B. Identifying critical business processes