The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1551
- Question
- Answer
- CISA Question 1552
- Question
- Answer
- CISA Question 1553
- Question
- Answer
- CISA Question 1554
- Question
- Answer
- CISA Question 1555
- Question
- Answer
- CISA Question 1556
- Question
- Answer
- CISA Question 1557
- Question
- Answer
- CISA Question 1558
- Question
- Answer
- CISA Question 1559
- Question
- Answer
- CISA Question 1560
- Question
- Answer
CISA Question 1551
Question
During an audit, the IS auditor finds that in many cases excessive rights were not removed from a system. Which of the following would be the auditor’s BEST recommendation?
A. IT security should regularly revoke excessive system rights.
B. System administrators should ensure consistency of assigned rights.
C. Line management should regularly review and request modification of access rights.
D. Human resources should delete access rights of terminated employees.
Answer
D. Human resources should delete access rights of terminated employees.
CISA Question 1552
Question
In planning a major system development project, function point analysis would assist in:
A. estimating the elapsed time of the project.
B. estimating the size of a system development task.
C. analyzing the functions undertaken by system users as an aid to job redesign.
D. determining the business functions undertaken by a system or program.
Answer
C. analyzing the functions undertaken by system users as an aid to job redesign.
CISA Question 1553
Question
The performance of an order-processing system can be measured MOST reliably by monitoring:
A. input/request queue length.
B. turnaround time of completed transactions.
C. application and database servers’ CPU load.
D. heartbeats between server systems.
Answer
B. turnaround time of completed transactions.
CISA Question 1554
Question
Which of the following actions should an organization’s security policy require an employee to take upon finding a security breach?
A. Report the incident to the manager immediately.
B. Inform IS audit management immediately.
C. Confirm the breach can be exploited.
D. Devise appropriate countermeasures.
Answer
A. Report the incident to the manager immediately.
CISA Question 1555
Question
A new system development project is running late against a critical implementation deadline. Which of the following is the MOST important activity?
A. Document last-minute enhancements.
B. Perform user acceptance testing.
C. Perform a pre-implementation audit.
D. Ensure that code has been reviewed.
Answer
D. Ensure that code has been reviewed.
CISA Question 1556
Question
When conducting a follow-up of previous audit findings, an IS auditor is told by management that a recommendation to make security changes to an application has not been implemented. The IS auditor should FIRST determine whether:
A. additional time to implement changes is needed.
B. the associated risk is still relevant.
C. the recommendation should be re-issued.
D. the issue should be escalated.
Answer
A. additional time to implement changes is needed.
CISA Question 1557
Question
Which of the following is appropriate when an IS auditor is conducting an exit meeting with senior management?
A. Eliminate significant findings where audit and management agree on risk acceptance.
B. Agree with senior management on the risk grading of the audit report.
C. Document written responses from management along with an implementation plan.
D. Escalate disputed recommendations to the audit committee.
Answer
C. Document written responses from management along with an implementation plan.
CISA Question 1558
Question
Which of the following is a MAJOR benefit of using a wireless network?
A. Faster network speed
B. Stronger authentication
C. Protection against eavesdropping
D. Lower installation cost
Answer
B. Stronger authentication
CISA Question 1559
Question
While performing a risk-based audit, which of the following would BEST enable an IS auditor to identify and categorize risk?
A. Understanding the control framework
B. Developing a comprehensive risk model
C. Understanding the business environment
D. Adopting qualitative risk analysis
Answer
C. Understanding the business environment
CISA Question 1560
Question
Which of the following should occur EARLIEST in a business continuity management lifecycle?
A. Defining business continuity procedures
B. Identifying critical business processes
C. Developing a training and awareness program
D. Carrying out a threat and risk assessment
Answer
B. Identifying critical business processes