The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1951
- Question
- Answer
- CISA Question 1952
- Question
- Answer
- CISA Question 1953
- Question
- Answer
- CISA Question 1954
- Question
- Answer
- CISA Question 1955
- Question
- Answer
- CISA Question 1956
- Question
- Answer
- CISA Question 1957
- Question
- Answer
- CISA Question 1958
- Question
- Answer
- CISA Question 1959
- Question
- Answer
- CISA Question 1960
- Question
- Answer
CISA Question 1951
Question
Which of the following encryption methods offers the BEST wireless security?
A. Wired equivalent privacy (WEP)
B. Secure Sockets Layer (SSL)
C. Data encryption standard (DES)
D. Wi-Fi Protected Access 2 (WPA2)
Answer
D. Wi-Fi Protected Access 2 (WPA2)
CISA Question 1952
Question
Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?
A. Transaction log review
B. User awareness training
C. Mandatory holidays
D. Background check
Answer
A. Transaction log review
CISA Question 1953
Question
Of the following, who are the MOST appropriate staff for ensuring the alignment of user authorization tables with approved authorization forms?
A. IT managers
B. System owners
C. Database administrators (DBAs)
D. Security administrators
Answer
B. System owners
CISA Question 1954
Question
An organization maintains an inventory of the IT applications used by its staff. Which of the following would pose the GREATEST concern with regard to the quality of the inventory data?
A. Inventory data is available on and downloadable from the corporate intranet.
B. The application owner and contact information fields are not required to be completed.
C. The inventory does not contain a formal risk ranking for all the IT applications.
D. The organization has not established a formal recertification process for the inventory data.
Answer
B. The application owner and contact information fields are not required to be completed.
CISA Question 1955
Question
The use of which of the following would BEST enhance a process improvement program?
A. Project management methodologies
B. Capability maturity models
C. Balanced scorecard
D. Model-based design notations
Answer
C. Balanced scorecard
CISA Question 1956
Question
Which of the following is the GREATEST concern associated with a high number of IT policy exceptions approved by management?
A. The exceptions may result in noncompliance.
B. The exceptions may negatively impact process efficiency.
C. The exceptions are likely to continue indefinitely.
D. The exceptions may elevate the level of operational risk.
Answer
A. The exceptions may result in noncompliance.
CISA Question 1957
Question
An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system. End users indicated concerns with the accuracy of critical automatic calculations made by the system. The auditor’s FIRST course of action should be to:
A. verify completeness of user acceptance testing (UAT).
B. verify results to determine validity of user concerns.
C. review initial business requirements.
D. review recent changes to the system
Answer
B. verify results to determine validity of user concerns.
CISA Question 1958
Question
Which of the following is the MOST effective accuracy control for entry of a valid numeric part number?
A. Hash totals
B. Comparison to historical order pattern
C. Self-checking digit
D. Online review of description
Answer
C. Self-checking digit
CISA Question 1959
Question
Which of the following is the BEST indication that an information security program is aligned with organizational objectives?
A. The information security steering committee sets organizational security priorities.
B. Senior management conducts regular reviews of information security policies.
C. Information security processes are in place throughout the system development life cycle (SDLC).
D. Risk is managed to within organizational tolerances.
Answer
C. Information security processes are in place throughout the system development life cycle (SDLC).
CISA Question 1960
Question
During an operational audit of a biometric system used to control physical access, which of the following should be of GREATEST concern to an IS auditor?
A. False positives
B. Lack of biometric training
C. User acceptance of biometrics
D. False negatives
Answer
D. False negatives