The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2531
- Question
- Answer
- CISA Question 2532
- Question
- Answer
- CISA Question 2533
- Question
- Answer
- CISA Question 2534
- Question
- Answer
- CISA Question 2535
- Question
- Answer
- CISA Question 2536
- Question
- Answer
- CISA Question 2537
- Question
- Answer
- CISA Question 2538
- Question
- Answer
- CISA Question 2539
- Question
- Answer
- CISA Question 2540
- Question
- Answer
CISA Question 2531
Question
An organization is planning to develop a system using rapid application development (RAD) in order to meet quick turnaround times. Which of the following is the GREATEST potential risk associated with this type of application development?
A. Users may be unavailable to contribute.
B. Costs could spiral out of control.
C. User requirements may not be met.
D. The project deadline could be delayed.
Answer
C. User requirements may not be met.
CISA Question 2532
Question
A startup company is considering the use of a cloud service provider to obtain additional computing power needed for software development and testing. Which of the following service models is MOST appropriate in this situation?
A. Database as a Service (DBaaS)
B. Software as a Service (SaaS)
C. Storage as a Service (STaaS)
D. Platform as a Service (PaaS)
Answer
D. Platform as a Service (PaaS)
CISA Question 2533
Question
During which process is regression testing MOST commonly used?
A. Stress testing
B. Program development
C. System modification
D. Unit testing
Answer
D. Unit testing
CISA Question 2534
Question
Which of the following should be of MOST concern to an IS auditor reviewing the information systems acquisition, development, and implementation process?
A. Data owners are not trained on the use of data conversion tools.
B. There is no process for post-implementation approval of emergency changes.
C. System deployment is routinely performed by contractors.
D. There is no system documentation available for review.
Answer
D. There is no system documentation available for review.
CISA Question 2535
Question
Which of the following is MOST important to have in place before developing a disaster recovery plan (DRP)?
A. A duplicate processing facility
B. Defined acceptable downtime
C. Appropriate insurance coverage
D. System restoration procedures
Answer
B. Defined acceptable downtime
CISA Question 2536
Question
An IS auditor is preparing a data set for a data analytics project. The data will be used to benchmark a new computer-assisted audit technique (CAAT) tool being developed. Which of the following will help to ensure the data cannot be identified?
A. Data masking
B. Encryption
C. Anonymization
D. Data redaction
Answer
B. Encryption
CISA Question 2537
Question
What is the PRIMARY reason for conducting a risk assessment when developing an annual IS audit plan?
A. Identify and prioritize audit areas
B. Determine the existence of controls in audit areas
C. Provide assurance material items will be covered
D. Decide which audit procedures and techniques to use
Answer
A. Identify and prioritize audit areas
CISA Question 2538
Question
During an audit in a small organization, an IS auditor finds that some developers have access to migrate changes to the production environment.
Which of the following should the auditor do NEXT?
A. Review change logs for segregation of duties.
B. Verify whether compensating controls exist.
C. Advise immediate removal of developer access to production.
D. Review the information security policy.
Answer
A. Review change logs for segregation of duties.
CISA Question 2539
Question
Assurance tasks required to support security accreditation/certification should be identified:
A. during the project planning stage.
B. after necessary modifications are completed.
C. during the user acceptance phase.
D. after the quality-assurance plan development.
Answer
A. during the project planning stage.
CISA Question 2540
Question
An IS auditor identified hard-coded credentials within the source code of recently developed software when evaluating its readiness for implementation. Which of the following would be the auditor’s BEST recommendation?
A. Ensure source code reviews and debugging are performed and documented.
B. Ensure revisions of source code can be tracked and rollback can be performed.
C. Ensure documented evidence of source code being kept in escrow is retained.
D. Ensure log reports are retained of all persons updating software source code.
Answer
B. Ensure revisions of source code can be tracked and rollback can be performed.