The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2481
- Question
- Answer
- CISA Question 2482
- Question
- Answer
- CISA Question 2483
- Question
- Answer
- CISA Question 2484
- Question
- Answer
- CISA Question 2485
- Question
- Answer
- CISA Question 2486
- Question
- Answer
- CISA Question 2487
- Question
- Answer
- CISA Question 2488
- Question
- Answer
- CISA Question 2489
- Question
- Answer
- CISA Question 2490
- Question
- Answer
CISA Question 2481
Question
An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?
A. Appoint data quality champions across the organization
B. Obtain error codes indicating failed data feeds
C. Purchase data cleansing tools from a reputable vendor
D. Implement business rules to reject invalid data
Answer
D. Implement business rules to reject invalid data
CISA Question 2482
Question
As IS auditor discovers that due to resource constraints, a database administrator (DBA) is responsible for developing and executing changes into the production environment. Which of the following should the auditor do FIRST?
A. Identify whether any compensating controls exist
B. Report a potential segregation of duties (SoD) violation
C. Determine whether another database administrator could make the changes
D. Ensure a change management process is followed prior to implementation
Answer
D. Ensure a change management process is followed prior to implementation
CISA Question 2483
Question
Two organizations will share ownership of a new enterprise resource management (ERM) system. To help ensure the successful implementation of the system, it is MOST important to define:
A. access to data
B. the governance model
C. custody of assets
D. appropriate procedures
Answer
A. access to data
CISA Question 2484
Question
An organization has recently incorporated robotic process automation. Which of the following would be of GREATEST concern to an IS auditor?
A. Controls have not been tested
B. A governance structure has not been implemented
C. A risk assessment has not been conducted
D. The adoption rate for the new technology has been low
Answer
C. A risk assessment has not been conducted
CISA Question 2485
Question
The PRIMARY responsibility of a project steering committee is to:
A. ensure that each project deadline is met
B. undertake final acceptance of the system for implementation
C. ensure that systems developed meet business needs
D. provide day-to-day guidance and oversight
Answer
D. provide day-to-day guidance and oversight
CISA Question 2486
Question
An organization is implementing the use of mobile devices that will connect to sensitive corporate applications. Which of the following is the BEST recommendation to mitigate risk of data leakage?
A. Remote data wipe
B. GPS tracking software
C. Encrypted RFID tags
D. Data encryption
Answer
D. Data encryption
CISA Question 2487
Question
Which of the following should be reviewed FIRST when assessing the effectiveness of an organization’s network security procedures and controls?
A. Data recovery capability
B. Inventory of authorized devices
C. Vulnerability remediation
D. Malware defenses
Answer
B. Inventory of authorized devices
CISA Question 2488
Question
A development team has designed a new application and incorporated best practices for secure coding. Prior to launch, which of the following is the IS auditor’s BEST recommendation to mitigate the associated security risk?
A. User acceptance testing
B. Unit testing
C. Integration testing
D. Penetration testing
Answer
A. User acceptance testing
CISA Question 2489
Question
Which of the following is MOST important to the effective management of an end user-developed application?
A. Implementing best practice folder structures
B. Continuous monitoring to facilitate prompt escalation of issues
C. Assigning risk ratings based on probability and impact
D. Stress testing the application through use of data outliers
Answer
B. Continuous monitoring to facilitate prompt escalation of issues
CISA Question 2490
Question
Which of the following methodologies is MOST appropriate to use for developing software with incomplete requirements?
A. Process-based
B. Critical chain
C. Waterfall
D. Agile
Answer
D. Agile