The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 111
- Question
- Answer
- Reference
- CISA Question 112
- Question
- Answer
- CISA Question 113
- Question
- Answer
- CISA Question 114
- Question
- Answer
- CISA Question 115
- Question
- Answer
- CISA Question 116
- Question
- Answer
- CISA Question 117
- Question
- Answer
- CISA Question 118
- Question
- Answer
- CISA Question 119
- Question
- Answer
- CISA Question 120
- Question
- Answer
CISA Question 111
Question
Which of the following would be of GREATEST concern to an IS auditor reviewing backup and recovery controls?
A. Restores from backups are not periodically tested
B. Weekly and monthly backups are stored onsite.
C. Backup procedures are not documented.
D. Backups are stored in an external hard drive.
Answer
B. Weekly and monthly backups are stored onsite.
Reference
ISACA Journal > Issues > 2018 > Volume 1 > IS Audit Basics: Backup and Recovery
https://www.isaca.org/resources/isaca-journal/issues/2018/volume-1/is-audit-basics-backup-and-recovery
CISA Question 112
Question
Which of the following is the BEST way to reduce sampling risk?
A. Align the sampling approach with the one used by external auditors.
B. Plan the audit in accordance with generally accepted auditing principles.
C. Assign experienced auditors to the sampling process.
D. Ensure each item has an equal chance to be selected.
Answer
B. Plan the audit in accordance with generally accepted auditing principles.
CISA Question 113
Question
Which of the following are examples of detective controls?
A. Continuity of operations planning and backup procedures
B. Use of access control software and deploying encryption software
C. Check points in production jobs and rerun procedures
D. Source code review and echo checks in telecommunications
Answer
C. Check points in production jobs and rerun procedures
CISA Question 114
Question
Which of the following techniques would provide the BEST assurance to an IS auditor that all necessary data has been successfully migrated from a legacy system to a modern platform?
A. Interviews with migration staff
B. Statistical sampling
C. Review of logs from the migration process
D. Data analytics
Answer
C. Review of logs from the migration process
CISA Question 115
Question
The activation of a pandemic response plan has resulted in a remote workforce situation. Which of the following technologies poses the GREATEST risk to data confidentiality?
A. Rapid increase in the number of virtual private network (VPN) users
B. Remotely managed network switches
C. BYOD devices without adequate endpoint protection
D. On-premise employee workstations left unattended
Answer
C. BYOD devices without adequate endpoint protection
CISA Question 116
Question
Which of the following is MOST important to include in a contract to outsource data processing that involves customer personally identifiable information (PII)?
A. The vendor must provide an independent report of its data processing facilities.
B. The vendor must sign a nondisclosure agreement (NDA) with the organization.
C. The vendor must compensate the organization if service levels are not met.
D. The vendor must comply with the organization’s legal and regulatory requirements.
Answer
A. The vendor must provide an independent report of its data processing facilities.
CISA Question 117
Question
Which of the following is the PRIMARY reason for using a digital signature?
A. Authenticate the sender of a message
B. Provide confidentiality to the transmission
C. Provide availability to the transmission
D. Verify the integrity of the data and the identity of the recipient
Answer
D. Verify the integrity of the data and the identity of the recipient
CISA Question 118
Question
Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?
A. Regularly update business impact assessments.
B. Make senior managers responsible for their plan sections .
C. Prepare detailed plans for each business function.
D. Involve staff at all levels in periodic paper walk-through exercises.
Answer
A. Regularly update business impact assessments.
CISA Question 119
Question
A financial institution is launching a mobile banking service utilizing multi-factor authentication. This access control is an example of which of the following?
A. Directive control
B. Detective control
C. Preventive control
D. Corrective control
Answer
C. Preventive control
CISA Question 120
Question
An IS auditor finds that a document related to a client has been leaked. Which of the following should be the auditor’s NEXT step?
A. Notify appropriate law enforcement.
B. Report data leakage finding to senior management.
C. Report data leakage finding to regulatory authorities.
D. Determine the classification of data leaked.
Answer
D. Determine the classification of data leaked.