ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 19

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 1971

Question

Which of the following is the MOST important process to ensure planned IT system changes are completed in an efficient manner?

A. Configuration management
B. Demand management
C. Release management
D. Incident management

Answer

C. Release management

CISA Question 1972

Question

Which type of control is in place when an organization requires new employees to complete training on applicable privacy and data protection regulations?

A. Directive control
B. Detective control
C. Corrective control
D. Preventive control

Answer

D. Preventive control

CISA Question 1973

Question

To address issues related to privileged users identified in an IS audit, management implemented a security information and event management (SIEM) system.
Which type of control is in place?

A. Directive
B. Corrective
C. Detective
D. Preventive

Answer

C. Detective

CISA Question 1974

Question

Which of the following control techniques BEST ensures the integrity of system interface transmissions?

A. Reasonableness check
B. Validity check
C. Completeness check
D. Parity check

Answer

C. Completeness check

CISA Question 1975

Question

Which of the following roles is BEST suited to determine information classification?

A. Data custodian
B. Data owner
C. Privacy officer
D. Information security manager

Answer

B. Data owner

CISA Question 1976

Question

Which of the following is MOST essential to quality management?

A. Adherence to a globally recognized quality standard
B. Application of statistical process control methods
C. Commitment on the part of executive management
D. Teamwork by all representatives of the quality group

Answer

C. Commitment on the part of executive management

CISA Question 1977

Question

Of the following, who is BEST suited to establish an organization’s risk tolerance?

A. Senior leadership
B. Chief audit executive (CAE)
C. Information system owner
D. Information security officer

Answer

A. Senior leadership

CISA Question 1978

Question

Which of the following would provide the MOST useful information for evaluating whether network availability is meeting the performance objectives set by management?

A. Capability maturity model
B. Balanced scorecard
C. IT value analysis
D. Gap analysis

Answer

B. Balanced scorecard

CISA Question 1979

Question

An IS auditor follows up on a recent security incident and finds the incident response was not adequate. Which of the following findings should be considered MOST critical?

A. The attack could not be traced back to the originating person.
B. The security weakness facilitating the attack was not identified.
C. Appropriate response documentation was not maintained.
D. The attack was not automatically blocked by the intrusion detection system (IDS).

Answer

B. The security weakness facilitating the attack was not identified.

CISA Question 1980

Question

A senior IS auditor suspects that a PC may have been used to perpetrate a fraud in a finance department. The auditor should FIRST report this suspicion to:

A. audit management
B. the audit committee
C. the police
D. auditee line management

Answer

B. the audit committee