ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 20

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 2191

Question

Which of the following reports can MOST effectively be used to analyze a systems performance problem?

A. Synchronization report
B. Console log
C. Utilization report
D. Database usage log

Answer

B. Console log

CISA Question 2192

Question

During a post-implementation review, a step in determining whether a project met user requirements is to review the:

A. integrity of key calculations.
B. change requests initiated after go-live.
C. completeness of user documentation.
D. effectiveness of user training.

Answer

B. change requests initiated after go-live.

CISA Question 2193

Question

The application systems quality assurance (QA) function should:

A. assist programmers in designing and developing applications.
B. design and develop quality applications by employing system development methodology.
C. compare programs to approved system changes.
D. ensure adherence of programs to standards.

Answer

D. ensure adherence of programs to standards.

CISA Question 2194

Question

During a post-implementation review, which of the following is the BEST evidence that user requirements have been met?

A. Help desk incident tickets
B. End-user documentation
C. Operator error logs
D. User acceptance testing sign-offs

Answer

A. Help desk incident tickets

CISA Question 2195

Question

An organization is moving its on-site application servers to a service provider that operates a virtualized environment shared by multiple customers. Which of the following is the MOST significant risk to the organization?

A. Account hacking from other clients
B. Competing workloads from other clients
C. Service provider access to organizational data
D. Service provider limiting the right to audit

Answer

B. Competing workloads from other clients

CISA Question 2196

Question

The MAIN objective of incident management is to:

A. have an external computer security incident response team assess damage.
B. permit the incident to go on and follow the trail back to the beginning.
C. test for readiness to respond when facing an incident.
D. keep the business going while the response is occurring.

Answer

C. test for readiness to respond when facing an incident.

CISA Question 2197

Question

Which of the following tools is MOST helpful in estimating budgets for tasks within a large IT business application project?

A. Balanced scorecard
B. Gantt chart
C. Function point analysis (FPA)
D. Critical path methodology (CPM)

Answer

B. Gantt chart

CISA Question 2198

Question

An organization uses a web server hosting critical applications. Which of the following would represent the HIGHEST risk regarding the availability and integrity of the web server?

A. Inadequate rotation of backups
B. Not disabling the server’s external drives
C. Not applying program fixes on a regular basis
D. Placing the web server in the DMZ

Answer

C. Not applying program fixes on a regular basis

CISA Question 2199

Question

Which of the following is the BEST method to assess the adequacy of security awareness in an organization?

A. Confirming a security awareness program exists
B. Interviewing employees about security responsibility
C. Administering security survey questionnaires
D. Observing employee security behaviors

Answer

C. Administering security survey questionnaires

CISA Question 2200

Question

The purpose of data migration testing is to validate data:

A. availability.
B. retention.
C. completeness.
D. confidentiality.

Answer

C. completeness.