Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 15

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1561

Question

An IS auditor is performing an audit of a large organization’s operating system maintenance procedures. Which of the following findings presents the GREATEST risk?

A. Some internal servers cannot be patched due to software incompatibility.
B. The configuration management database is not up-to-date.
C. Vulnerability testing is not performed on the development servers.
D. Critical patches are applied immediately while others follow quarterly release cycles.

Answer

C. Vulnerability testing is not performed on the development servers.

CISA Question 1562

Question

Which of the following BEST facilitates compliance with requirements mandating the security of confidential data?

A. Classification of data
B. Security awareness training
C. Encryption of external data transmissions
D. Standardized escalation protocols for breaches

Answer

C. Encryption of external data transmissions

CISA Question 1563

Question

A small startup organization does not have the resources to implement segregation of duties. Which of the following is the MOST effective compensating control?

A. Rotation of log monitoring and analysis responsibilities
B. Additional management reviews and reconciliations
C. Third-party assessments
D. Mandatory vacations

Answer

D. Mandatory vacations

CISA Question 1564

Question

Which of the following activities is MOST important to consider when conducting IS audit planning?

A. Results from previous audits are reviewed.
B. Audit scheduling is based on skill set of audit team.
C. Resources are allocated to areas of high risk.
D. The audit committee agrees on risk rankings.

Answer

C. Resources are allocated to areas of high risk.

CISA Question 1565

Question

The MOST appropriate person to chair the steering committee for an enterprise-wide system development should normally be the:

A. project manager
B. IS director
C. executive level manager.
D. business analyst

Answer

C. executive level manager.

CISA Question 1566

Question

An IS auditor has been asked to audit a complex system with computerized and manual elements. Which of the following should be identified FIRST?

A. Manual controls
B. System risks
C. Programmed controls
D. Input validation

Answer

D. Input validation

CISA Question 1567

Question

Which of the following is the BEST way to mitigate the risk of unintentional modifications associated with complex calculations in end-user computing (EUC)?

A. Verify EUC results through manual calculations.
B. Operate copies of EUC programs out of a secure library.
C. Implement data integrity checks.
D. Utilize an independent party to review the source calculations.

Answer

C. Implement data integrity checks.

CISA Question 1568

Question

An IS auditor plans to review all access attempts to a video-monitored and proximity card-controlled communications room. Which of the following would be MOST useful to the auditor?

A. System electronic log
B. Security incident log
C. Manual sign-in and sign-out log
D. Alarm system with CCTV

Answer

A. System electronic log

CISA Question 1569

Question

Which of the following BEST ensures that effective change management is in place in an IS environment?

A. User authorization procedures for application access are well established.
B. User-prepared detailed test criteria for acceptance testing of the software.
C. Adequate testing was carried out by the development team.
D. Access to production source and object programs is well controlled.

Answer

A. User authorization procedures for application access are well established.

CISA Question 1570

Question

Which of the following is the GREATEST concern when an organization allows personal devices to connect to its network?

A. It is difficult to enforce the security policy on personal devices
B. Help desk employees will require additional training to support devices.
C. IT infrastructure costs will increase.
D. It is difficult to maintain employee privacy.

Answer

A. It is difficult to enforce the security policy on personal devices