The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1931
- Question
- Answer
- CISA Question 1932
- Question
- Answer
- CISA Question 1933
- Question
- Answer
- CISA Question 1934
- Question
- Answer
- CISA Question 1935
- Question
- Answer
- CISA Question 1936
- Question
- Answer
- CISA Question 1937
- Question
- Answer
- CISA Question 1938
- Question
- Answer
- CISA Question 1939
- Question
- Answer
- CISA Question 1940
- Question
- Answer
CISA Question 1931
Question
An organization is migrating its human resources (HR) application to an infrastructure as a Service (IaaS) model in a private cloud. Who is PRIMARILY responsible for the security configurations of the deployed application’s operating system?
A. The organization
B. The operating system vendor
C. The cloud provider
D. The cloud provider’s external auditor
Answer
A. The organization
CISA Question 1932
Question
Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts payable system. Which of the following is the IS auditor’s BEST recommendation for a compensating control?
A. Require written authorization for all payment transactions
B. Reconcile payment transactions with invoices
C. Restrict payment authorization to senior staff members
D. Review payment transaction history
Answer
D. Review payment transaction history
CISA Question 1933
Question
An algorithm in an email program analyzes traffic to quarantine emails identified as spam. The algorithm in the program is BEST characterized as which type of control?
A. Corrective
B. Detective
C. Directive
D. Preventive
Answer
D. Preventive
CISA Question 1934
Question
Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?
A. Formulas within macros
B. Encryption of the spreadsheet
C. Version history
D. Reconciliation of key calculations
Answer
D. Reconciliation of key calculations
CISA Question 1935
Question
An audit has identified that business units have purchased cloud-based applications without IT’s support. What is the GREATEST risk associated with this situation?
A. The application purchases did not follow procurement policy.
B. The applications may not reasonably protect data.
C. The applications could be modified without advanced notice.
D. The applications are not included in business continuity plans (BCPs).
Answer
B. The applications may not reasonably protect data.
CISA Question 1936
Question
Which of the following controls is BEST implemented through system configuration?
A. Network user accounts for temporary workers expire after 90 days
B. Financial data in key reports is traced to source systems for completeness and accuracy
C. Application user access is reviewed every 180 days for appropriateness
D. Computer operations personnel initiate batch processing jobs daily
Answer
A. Network user accounts for temporary workers expire after 90 days
CISA Question 1937
Question
Which of the following is the GREATEST risk associated with vulnerability scanning tools used to identify security weaknesses?
A. False positives
B. False negatives
C. Use of open source tools
D. Outdated signatures for detection
Answer
B. False negatives
CISA Question 1938
Question
A checksum is classified as which type of control?
A. Corrective control
B. Detective control
C. Preventive control
D. Administrative control
Answer
B. Detective control
CISA Question 1939
Question
Which of the following is the BEST use of a balanced scorecard when evaluating IT performance?
A. Monitoring alignment of IT with the rest of the organization
B. Determining compliance with relevant regulatory requirements
C. Monitoring alignment of the IT project portfolio to budget
D. Evaluating implementation of the business strategy
Answer
A. Monitoring alignment of IT with the rest of the organization
CISA Question 1940
Question
Which of the following metrics would be MOST useful to an IS auditor when assessing the resilience of an application programming interface (API)?
A. Number of developers adopting the API for their applications
B. Number of patches released within a time interval for the API
C. Number of API calls expected versus actually received within a time interval
D. Number of defects logged during development compared to other APIs
Answer
C. Number of API calls expected versus actually received within a time interval