ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 22

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 2351

Question

Following the discovery of inaccuracies in a data warehouse, an organization has implemented data profiling, cleansing, and handling filters to enhance the quality of data obtained from connected sources. Which type of control has been applied?

A. Directive control
B. Corrective control
C. Compensating control
D. Detective control

Answer

B. Corrective control

CISA Question 2352

Question

Which of the following is the MOST likely result of the ongoing deterioration of a detective control?

A. Increased number of data loss events
B. Increased security incident response time
C. Decreased effectiveness of root cause analysis
D. Decreased overall recovery time

Answer

A. Increased number of data loss events

CISA Question 2353

Question

Which of the following would be the GREATEST risk associated with a new chat feature on a retailer’s website?

A. Productivity loss
B. Reputational damage
C. Data loss
D. System downtime

Answer

C. Data loss

CISA Question 2354

Question

Which of the following would represent an acceptable test of an organization’s business continuity plan (BCP)?

A. Benchmarking the plan against similar organizations
B. Paper test involving functional areas
C. Full test of computer operations at an emergency site
D. Walk-through of the plan with technology suppliers

Answer

C. Full test of computer operations at an emergency site

CISA Question 2355

Question

Which of the following is MOST helpful in preventing a systems failure from occurring when an application is replaced using the abrupt changeover technique?

A. Comprehensive documentation
B. Comprehensive testing
C. Threat and risk assessment
D. Change management

Answer

A. Comprehensive documentation

CISA Question 2356

Question

The information security function in a large organization is MOST effective when:

A. decentralized as close to the user as possible.
B. the function reports directly to the IS operations manager.
C. partnered with the IS development team to determine access rights.
D. established at a corporate-wide level.

Answer

D. established at a corporate-wide level.

CISA Question 2357

Question

Which of the following areas of responsibility would cause the GREATEST segregation of duties conflict if the individual who performs the related tasks also has approval authority?

A. Purchase requisitions and purchase orders
B. Invoices and reconciliations
C. Vendor selection and statements of work
D. Good receipts and payments

Answer

D. Good receipts and payments

CISA Question 2358

Question

Which of the following is an example of a preventive control in an accounts payable system?

A. The system only allows payments to vendors who are included in the system’s master vendor list.
B. Policies and procedures are clearly communicated to all members of the accounts payable department.
C. The system produces daily payment summary reports that staff use to compare against invoice totals.
D. Backups of the system and its data are performed on a nightly basis and tested periodically.

Answer

A. The system only allows payments to vendors who are included in the system’s master vendor list.

CISA Question 2359

Question

An IT organization’s incident response plan is which type of control?

A. Preventive
B. Corrective
C. Detective
D. Directive

Answer

B. Corrective

CISA Question 2360

Question

Which of the following entities is BEST suited to define the data classification levels within an organization?

A. Database administrator (DBA) based on the data schema
B. Legal compliance team based on the application regulations
C. Business owner responsible for the respective data
D. System administrator responsible for data security controls

Answer

C. Business owner responsible for the respective data