Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 19

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1931

Question

An organization is migrating its human resources (HR) application to an infrastructure as a Service (IaaS) model in a private cloud. Who is PRIMARILY responsible for the security configurations of the deployed application’s operating system?

A. The organization
B. The operating system vendor
C. The cloud provider
D. The cloud provider’s external auditor

Answer

A. The organization

CISA Question 1932

Question

Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts payable system. Which of the following is the IS auditor’s BEST recommendation for a compensating control?

A. Require written authorization for all payment transactions
B. Reconcile payment transactions with invoices
C. Restrict payment authorization to senior staff members
D. Review payment transaction history

Answer

D. Review payment transaction history

CISA Question 1933

Question

An algorithm in an email program analyzes traffic to quarantine emails identified as spam. The algorithm in the program is BEST characterized as which type of control?

A. Corrective
B. Detective
C. Directive
D. Preventive

Answer

D. Preventive

CISA Question 1934

Question

Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?

A. Formulas within macros
B. Encryption of the spreadsheet
C. Version history
D. Reconciliation of key calculations

Answer

D. Reconciliation of key calculations

CISA Question 1935

Question

An audit has identified that business units have purchased cloud-based applications without IT’s support. What is the GREATEST risk associated with this situation?

A. The application purchases did not follow procurement policy.
B. The applications may not reasonably protect data.
C. The applications could be modified without advanced notice.
D. The applications are not included in business continuity plans (BCPs).

Answer

B. The applications may not reasonably protect data.

CISA Question 1936

Question

Which of the following controls is BEST implemented through system configuration?

A. Network user accounts for temporary workers expire after 90 days
B. Financial data in key reports is traced to source systems for completeness and accuracy
C. Application user access is reviewed every 180 days for appropriateness
D. Computer operations personnel initiate batch processing jobs daily

Answer

A. Network user accounts for temporary workers expire after 90 days

CISA Question 1937

Question

Which of the following is the GREATEST risk associated with vulnerability scanning tools used to identify security weaknesses?

A. False positives
B. False negatives
C. Use of open source tools
D. Outdated signatures for detection

Answer

B. False negatives

CISA Question 1938

Question

A checksum is classified as which type of control?

A. Corrective control
B. Detective control
C. Preventive control
D. Administrative control

Answer

B. Detective control

CISA Question 1939

Question

Which of the following is the BEST use of a balanced scorecard when evaluating IT performance?

A. Monitoring alignment of IT with the rest of the organization
B. Determining compliance with relevant regulatory requirements
C. Monitoring alignment of the IT project portfolio to budget
D. Evaluating implementation of the business strategy

Answer

A. Monitoring alignment of IT with the rest of the organization

CISA Question 1940

Question

Which of the following metrics would be MOST useful to an IS auditor when assessing the resilience of an application programming interface (API)?

A. Number of developers adopting the API for their applications
B. Number of patches released within a time interval for the API
C. Number of API calls expected versus actually received within a time interval
D. Number of defects logged during development compared to other APIs

Answer

C. Number of API calls expected versus actually received within a time interval

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.