The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1561
- Question
- Answer
- CISA Question 1562
- Question
- Answer
- CISA Question 1563
- Question
- Answer
- CISA Question 1564
- Question
- Answer
- CISA Question 1565
- Question
- Answer
- CISA Question 1566
- Question
- Answer
- CISA Question 1567
- Question
- Answer
- CISA Question 1568
- Question
- Answer
- CISA Question 1569
- Question
- Answer
- CISA Question 1570
- Question
- Answer
CISA Question 1561
Question
An IS auditor is performing an audit of a large organization’s operating system maintenance procedures. Which of the following findings presents the GREATEST risk?
A. Some internal servers cannot be patched due to software incompatibility.
B. The configuration management database is not up-to-date.
C. Vulnerability testing is not performed on the development servers.
D. Critical patches are applied immediately while others follow quarterly release cycles.
Answer
C. Vulnerability testing is not performed on the development servers.
CISA Question 1562
Question
Which of the following BEST facilitates compliance with requirements mandating the security of confidential data?
A. Classification of data
B. Security awareness training
C. Encryption of external data transmissions
D. Standardized escalation protocols for breaches
Answer
C. Encryption of external data transmissions
CISA Question 1563
Question
A small startup organization does not have the resources to implement segregation of duties. Which of the following is the MOST effective compensating control?
A. Rotation of log monitoring and analysis responsibilities
B. Additional management reviews and reconciliations
C. Third-party assessments
D. Mandatory vacations
Answer
D. Mandatory vacations
CISA Question 1564
Question
Which of the following activities is MOST important to consider when conducting IS audit planning?
A. Results from previous audits are reviewed.
B. Audit scheduling is based on skill set of audit team.
C. Resources are allocated to areas of high risk.
D. The audit committee agrees on risk rankings.
Answer
C. Resources are allocated to areas of high risk.
CISA Question 1565
Question
The MOST appropriate person to chair the steering committee for an enterprise-wide system development should normally be the:
A. project manager
B. IS director
C. executive level manager.
D. business analyst
Answer
C. executive level manager.
CISA Question 1566
Question
An IS auditor has been asked to audit a complex system with computerized and manual elements. Which of the following should be identified FIRST?
A. Manual controls
B. System risks
C. Programmed controls
D. Input validation
Answer
D. Input validation
CISA Question 1567
Question
Which of the following is the BEST way to mitigate the risk of unintentional modifications associated with complex calculations in end-user computing (EUC)?
A. Verify EUC results through manual calculations.
B. Operate copies of EUC programs out of a secure library.
C. Implement data integrity checks.
D. Utilize an independent party to review the source calculations.
Answer
C. Implement data integrity checks.
CISA Question 1568
Question
An IS auditor plans to review all access attempts to a video-monitored and proximity card-controlled communications room. Which of the following would be MOST useful to the auditor?
A. System electronic log
B. Security incident log
C. Manual sign-in and sign-out log
D. Alarm system with CCTV
Answer
A. System electronic log
CISA Question 1569
Question
Which of the following BEST ensures that effective change management is in place in an IS environment?
A. User authorization procedures for application access are well established.
B. User-prepared detailed test criteria for acceptance testing of the software.
C. Adequate testing was carried out by the development team.
D. Access to production source and object programs is well controlled.
Answer
A. User authorization procedures for application access are well established.
CISA Question 1570
Question
Which of the following is the GREATEST concern when an organization allows personal devices to connect to its network?
A. It is difficult to enforce the security policy on personal devices
B. Help desk employees will require additional training to support devices.
C. IT infrastructure costs will increase.
D. It is difficult to maintain employee privacy.
Answer
A. It is difficult to enforce the security policy on personal devices