Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 23

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2481

Question

An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?

A. Appoint data quality champions across the organization
B. Obtain error codes indicating failed data feeds
C. Purchase data cleansing tools from a reputable vendor
D. Implement business rules to reject invalid data

Answer

D. Implement business rules to reject invalid data

CISA Question 2482

Question

As IS auditor discovers that due to resource constraints, a database administrator (DBA) is responsible for developing and executing changes into the production environment. Which of the following should the auditor do FIRST?

A. Identify whether any compensating controls exist
B. Report a potential segregation of duties (SoD) violation
C. Determine whether another database administrator could make the changes
D. Ensure a change management process is followed prior to implementation

Answer

D. Ensure a change management process is followed prior to implementation

CISA Question 2483

Question

Two organizations will share ownership of a new enterprise resource management (ERM) system. To help ensure the successful implementation of the system, it is MOST important to define:

A. access to data
B. the governance model
C. custody of assets
D. appropriate procedures

Answer

A. access to data

CISA Question 2484

Question

An organization has recently incorporated robotic process automation. Which of the following would be of GREATEST concern to an IS auditor?

A. Controls have not been tested
B. A governance structure has not been implemented
C. A risk assessment has not been conducted
D. The adoption rate for the new technology has been low

Answer

C. A risk assessment has not been conducted

CISA Question 2485

Question

The PRIMARY responsibility of a project steering committee is to:

A. ensure that each project deadline is met
B. undertake final acceptance of the system for implementation
C. ensure that systems developed meet business needs
D. provide day-to-day guidance and oversight

Answer

D. provide day-to-day guidance and oversight

CISA Question 2486

Question

An organization is implementing the use of mobile devices that will connect to sensitive corporate applications. Which of the following is the BEST recommendation to mitigate risk of data leakage?

A. Remote data wipe
B. GPS tracking software
C. Encrypted RFID tags
D. Data encryption

Answer

D. Data encryption

CISA Question 2487

Question

Which of the following should be reviewed FIRST when assessing the effectiveness of an organization’s network security procedures and controls?

A. Data recovery capability
B. Inventory of authorized devices
C. Vulnerability remediation
D. Malware defenses

Answer

B. Inventory of authorized devices

CISA Question 2488

Question

A development team has designed a new application and incorporated best practices for secure coding. Prior to launch, which of the following is the IS auditor’s BEST recommendation to mitigate the associated security risk?

A. User acceptance testing
B. Unit testing
C. Integration testing
D. Penetration testing

Answer

A. User acceptance testing

CISA Question 2489

Question

Which of the following is MOST important to the effective management of an end user-developed application?

A. Implementing best practice folder structures
B. Continuous monitoring to facilitate prompt escalation of issues
C. Assigning risk ratings based on probability and impact
D. Stress testing the application through use of data outliers

Answer

B. Continuous monitoring to facilitate prompt escalation of issues

CISA Question 2490

Question

Which of the following methodologies is MOST appropriate to use for developing software with incomplete requirements?

A. Process-based
B. Critical chain
C. Waterfall
D. Agile

Answer

D. Agile

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.