Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 2

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 111

Question

Which of the following would be of GREATEST concern to an IS auditor reviewing backup and recovery controls?

A. Restores from backups are not periodically tested
B. Weekly and monthly backups are stored onsite.
C. Backup procedures are not documented.
D. Backups are stored in an external hard drive.

Answer

B. Weekly and monthly backups are stored onsite.

Reference

ISACA Journal > Issues > 2018 > Volume 1 > IS Audit Basics: Backup and Recovery
https://www.isaca.org/resources/isaca-journal/issues/2018/volume-1/is-audit-basics-backup-and-recovery

CISA Question 112

Question

Which of the following is the BEST way to reduce sampling risk?

A. Align the sampling approach with the one used by external auditors.
B. Plan the audit in accordance with generally accepted auditing principles.
C. Assign experienced auditors to the sampling process.
D. Ensure each item has an equal chance to be selected.

Answer

B. Plan the audit in accordance with generally accepted auditing principles.

CISA Question 113

Question

Which of the following are examples of detective controls?

A. Continuity of operations planning and backup procedures
B. Use of access control software and deploying encryption software
C. Check points in production jobs and rerun procedures
D. Source code review and echo checks in telecommunications

Answer

C. Check points in production jobs and rerun procedures

CISA Question 114

Question

Which of the following techniques would provide the BEST assurance to an IS auditor that all necessary data has been successfully migrated from a legacy system to a modern platform?

A. Interviews with migration staff
B. Statistical sampling
C. Review of logs from the migration process
D. Data analytics

Answer

C. Review of logs from the migration process

CISA Question 115

Question

The activation of a pandemic response plan has resulted in a remote workforce situation. Which of the following technologies poses the GREATEST risk to data confidentiality?

A. Rapid increase in the number of virtual private network (VPN) users
B. Remotely managed network switches
C. BYOD devices without adequate endpoint protection
D. On-premise employee workstations left unattended

Answer

C. BYOD devices without adequate endpoint protection

CISA Question 116

Question

Which of the following is MOST important to include in a contract to outsource data processing that involves customer personally identifiable information (PII)?

A. The vendor must provide an independent report of its data processing facilities.
B. The vendor must sign a nondisclosure agreement (NDA) with the organization.
C. The vendor must compensate the organization if service levels are not met.
D. The vendor must comply with the organization’s legal and regulatory requirements.

Answer

A. The vendor must provide an independent report of its data processing facilities.

CISA Question 117

Question

Which of the following is the PRIMARY reason for using a digital signature?

A. Authenticate the sender of a message
B. Provide confidentiality to the transmission
C. Provide availability to the transmission
D. Verify the integrity of the data and the identity of the recipient

Answer

D. Verify the integrity of the data and the identity of the recipient

CISA Question 118

Question

Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?

A. Regularly update business impact assessments.
B. Make senior managers responsible for their plan sections .
C. Prepare detailed plans for each business function.
D. Involve staff at all levels in periodic paper walk-through exercises.

Answer

A. Regularly update business impact assessments.

CISA Question 119

Question

A financial institution is launching a mobile banking service utilizing multi-factor authentication. This access control is an example of which of the following?

A. Directive control
B. Detective control
C. Preventive control
D. Corrective control

Answer

C. Preventive control

CISA Question 120

Question

An IS auditor finds that a document related to a client has been leaked. Which of the following should be the auditor’s NEXT step?

A. Notify appropriate law enforcement.
B. Report data leakage finding to senior management.
C. Report data leakage finding to regulatory authorities.
D. Determine the classification of data leaked.

Answer

D. Determine the classification of data leaked.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker