Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 24

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2591

Question

An IT strategic plan that BEST leverages IT in achieving organizational goals will include:

A. a risk-based ranking of projects.
B. a comparison of future needs against current capabilities.
C. IT budgets linked to the organization’s budget.
D. enterprise architecture impacts.

Answer

B. a comparison of future needs against current capabilities.

CISA Question 2592

Question

Which of the following would BEST enable an organization to address the security risks associated with a recently implemented bring your own device (BYOD) strategy?

A. Mobile device upgrade program
B. Mobile device tracking program
C. Mobile device awareness program
D. Mobile device testing program

Answer

C. Mobile device awareness program

CISA Question 2593

Question

A request for proposal (RFP) for the acquisition of computer hardware should include:

A. the requirement that the supplier allow a right of audit.
B. maximum cost restriction.
C. support and maintenance requirements.
D. detailed specification of the current hardware infrastructure.

Answer

C. support and maintenance requirements.

CISA Question 2594

Question

An IS auditor previously worked in an organization’s IT department and was involved with the design of the business continuity plan (BCP). The IS auditor has now been asked to review this same BCP. The auditor should FIRST:

A. document the conflict in the audit report.
B. decline the audit assignment.
C. communicate the conflict of interest to the audit manager prior to starting the assignment.
D. communicate the conflict of interest to the audit committee prior to starting the assignment.

Answer

D. communicate the conflict of interest to the audit committee prior to starting the assignment.

CISA Question 2595

Question

An organization recently decided to send the backup of its customer relationship management (CRM) system to its cloud provider for recovery.
Which of the following should be of GREATEST concern to an IS auditor reviewing this process?

A. Backups are sent and stored in unencrypted format.
B. Validation of backup data has not been performed.
C. The cloud provider is located in a different country.
D. Testing of restore data has not been performed.

Answer

B. Validation of backup data has not been performed.

CISA Question 2596

Question

Which of the following is MOST important for an organization to review before sharing data with an external business partner via an application programming interface (API)?

A. The business partner’s web application log files
B. The business partner’s help desk incident tickets
C. The business partner’s security practices
D. The business partner’s data center access logs

Answer

C. The business partner’s security practices

CISA Question 2597

Question

Which of the following is the MOST important consideration when establishing vulnerability scanning on critical IT infrastructure?

A. The scanning will not degrade system performance.
B. The scanning will be followed by penetration testing.
C. The scanning will be cost-effective.
D. The scanning will be performed during non-peak hours.

Answer

D. The scanning will be performed during non-peak hours.

CISA Question 2598

Question

Which of the following factors constitutes a strength in regard to the use of a disaster recovery planning reciprocal agreement?

A. Changes to the hardware or software environment by one company could make the agreement ineffective or obsolete.
B. Reciprocal agreements may not be formally established in a contract.
C. The two companies might share a need for a specialized piece of equipment.
D. A disaster could occur that would affect both companies.

Answer

C. The two companies might share a need for a specialized piece of equipment.

CISA Question 2599

Question

Audit software designed to detect invalid data, extreme values, or linear correlations between data elements can be classified as which type of data analytics tool?

A. Descriptive
B. Diagnostic
C. Predictive
D. Prescriptive

Answer

B. Diagnostic

CISA Question 2600

Question

Which of the following should be a PRIMARY control objective when designing controls for system interfaces?

A. Ensure peer-to-peer data transfers are minimized.
B. Ensure all data transferred through system interfaces is encrypted.
C. Ensure managed file transfer (MFT) systems have restart capability for interruptions.
D. Ensure data on the sending system is identical to the data on the receiving system.

Answer

B. Ensure all data transferred through system interfaces is encrypted.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker