Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 19

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1941

Question

An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner. Which of the following is the auditor’s BEST recommendation?

A. Upgrade hardware to newer technology
B. Build a virtual environment
C. Hire temporary contract workers for the IT function
D. Increase the capacity of existing systems

Answer

B. Build a virtual environment

CISA Question 1942

Question

Which of the following is MOST important when duties in a small organization cannot be appropriately segregated?

A. Exception reporting
B. Variance reporting
C. Independent reviews
D. Audit trail

Answer

D. Audit trail

CISA Question 1943

Question

In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to `never expire`. Which of the following recommendations would BEST address the risk with minimal disruption to the business?

A. Modify the access management policy to make allowances for application accounts
B. Introduce database access monitoring into the environment
C. Modify applications to no longer require direct access to the database
D. Schedule downtime to implement password changes

Answer

B. Introduce database access monitoring into the environment

CISA Question 1944

Question

An IS audit found that malware entered the organization through a spreadsheet macro, and the auditor recommended that spreadsheet macros be disabled. All macros were disabled except those needed by the finance team for reporting purposes. Which of the following is the auditor’s BEST course of action?

A. Close the recommendation, as most of the risk has been mitigated
B. Advise management to disable the spreadsheet macros for the finance users
C. Recommend alternate reporting methods that do not use spreadsheet macros
D. Escalate the issue to the audit committee

Answer

C. Recommend alternate reporting methods that do not use spreadsheet macros

CISA Question 1945

Question

A data breach has occurred due to malware. Which of the following should be the FIRST course of action?

A. Notify customers of the breach
B. Notify the cyber insurance company
C. Shut down the affected systems
D. Quarantine the impacted systems

Answer

D. Quarantine the impacted systems

CISA Question 1946

Question

Which of the following is the MAJOR advantage of automating internal controls?

A. To help identify transactions with no segregation of duties
B. To enable the review of large value transactions
C. To efficiently test large volumes of data
D. To assist in performing analytical reviews

Answer

C. To efficiently test large volumes of data

CISA Question 1947

Question

Batch processes running in multiple countries are merged to one batch job to be executed in a single data center. Which of the following is the GREATEST concern with this approach?

A. The job execution approval process at the regional level may be compromised
B. The knowledge base maintained by current staff may be lost
C. Change management may become highly complex after job integration
D. Restart of the batch job after disruption may impair the integrity of databases

Answer

D. Restart of the batch job after disruption may impair the integrity of databases

CISA Question 1948

Question

An organization is disposing of a system containing sensitive data and has deleted all files from the disk. An IS auditor should be concerned because:

A. deleted data cannot easily be retrieved.
B. deleting the files logically does not overwrite the files’ physical data.
C. backup copies of files were not deleted as well.
D. deleting all files separately is not as efficient as formatting the hard disk.

Answer

B. deleting the files logically does not overwrite the files’ physical data.

CISA Question 1949

Question

Which of the following is the GREATEST risk associated with conducting penetration testing on a business-critical application production environment?

A. Data integrity may become compromised
B. This type of testing may not adhere to audit standards
C. System owners may not be informed in advance
D. Results may differ from those obtained in the test environment

Answer

A. Data integrity may become compromised

CISA Question 1950

Question

Which of the following is the BEST way to mitigate the risk associated with technology obsolescence?

A. Make provisions in the budgets for potential upgrades
B. Create a technology watch team that evaluates emerging trends
C. Invest in current technology
D. Create tactical and strategic IS plans

Answer

D. Create tactical and strategic IS plans

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.