The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2201
- Question
- Answer
- CISA Question 2202
- Question
- Answer
- CISA Question 2203
- Question
- Answer
- CISA Question 2204
- Question
- Answer
- CISA Question 2205
- Question
- Answer
- CISA Question 2206
- Question
- Answer
- CISA Question 2207
- Question
- Answer
- CISA Question 2208
- Question
- Answer
- CISA Question 2209
- Question
- Answer
- CISA Question 2210
- Question
- Answer
CISA Question 2201
Question
Which of the following test approaches would utilize data analytics to validate customer authentication controls for banking transactions?
A. Review transactions completed for one period that have blank customer identification fields.
B. Attempt to complete a monetary transaction and leave the customer identification fields blank.
C. Review the business requirements document for customer identification requirements.
D. Evaluate configuration settings for transactions requiring customer identification.
Answer
B. Attempt to complete a monetary transaction and leave the customer identification fields blank.
CISA Question 2202
Question
Which of the following documents would be MOST useful in detecting a weakness in segregation of duties?
A. Entity-relationship diagram
B. Process flowchart
C. Data flow diagram
D. Systems flowchart
Answer
B. Process flowchart
CISA Question 2203
Question
Which of the following tools are MOST helpful for benchmarking an existing IT capability?
A. Prior IS audit reports
B. IT maturity models
C. Risk assessments
D. IT balanced scorecards
Answer
D. IT balanced scorecards
CISA Question 2204
Question
Which of the following controls is MOST effective in detecting spam?
A. Denying transmission control protocol (TCP) connections in the mail server
B. Refusing Internet protocol (IP) connections at the router
C. Registering the recipient with keepers of spam lists
D. Using heuristic filters based on the content of the message
Answer
D. Using heuristic filters based on the content of the message
CISA Question 2205
Question
In which of the following cloud service models does the user organization have the GREATEST control over the accuracy of configuration items in its configuration management database (CMDB)?
A. Database as a Service (DbaaS)
B. Software as a Service (SaaS)
C. Platform as a Service (PaaS)
D. Infrastructure as a Service (IaaS)
Answer
D. Infrastructure as a Service (IaaS)
CISA Question 2206
Question
Which of the following is the BEST method to maintain an audit trail of changes made to the source code of a program?
A. Standardize file naming conventions.
B. Utilize automated version control.
C. Document details on a change register.
D. Embed details within source code.
Answer
B. Utilize automated version control.
CISA Question 2207
Question
An IS auditor finds that a required security patch was not installed on a critical server for more than 6 months. The NEXT course of action should be to:
A. determine the root cause of the delay.
B. review patch management procedures.
C. request the patch be installed as soon as possible.
D. notify senior management of audit findings.
Answer
B. review patch management procedures.
CISA Question 2208
Question
Which of the following should be the FIRST step in the incident response process for a suspected breach?
A. Inform potentially affected customers of the security breach.
B. Notify business management of the security breach.
C. Engage a third party to independently evaluate the alerted breach.
D. Research the validity of the alerted breach.
Answer
D. Research the validity of the alerted breach.
CISA Question 2209
Question
Which of the following would provide the BEST assurance that an organization’s backup media is adequate in the case of a disaster?
A. Scheduled maintenance of the backup device
B. Regular recovery of production systems in a test environment
C. Scheduled read/write tests of the backup media
D. Regular review of backup logs to ensure that all data from the production environment is included
Answer
B. Regular recovery of production systems in a test environment
CISA Question 2210
Question
Which of the following should be considered when examining fire suppression systems as part of a data center environmental controls review?
A. Maintenance procedures
B. Onsite replacement availability
C. Insurance coverage
D. Installation manuals
Answer
A. Maintenance procedures