Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 24

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2531

Question

An organization is planning to develop a system using rapid application development (RAD) in order to meet quick turnaround times. Which of the following is the GREATEST potential risk associated with this type of application development?

A. Users may be unavailable to contribute.
B. Costs could spiral out of control.
C. User requirements may not be met.
D. The project deadline could be delayed.

Answer

C. User requirements may not be met.

CISA Question 2532

Question

A startup company is considering the use of a cloud service provider to obtain additional computing power needed for software development and testing. Which of the following service models is MOST appropriate in this situation?

A. Database as a Service (DBaaS)
B. Software as a Service (SaaS)
C. Storage as a Service (STaaS)
D. Platform as a Service (PaaS)

Answer

D. Platform as a Service (PaaS)

CISA Question 2533

Question

During which process is regression testing MOST commonly used?

A. Stress testing
B. Program development
C. System modification
D. Unit testing

Answer

D. Unit testing

CISA Question 2534

Question

Which of the following should be of MOST concern to an IS auditor reviewing the information systems acquisition, development, and implementation process?

A. Data owners are not trained on the use of data conversion tools.
B. There is no process for post-implementation approval of emergency changes.
C. System deployment is routinely performed by contractors.
D. There is no system documentation available for review.

Answer

D. There is no system documentation available for review.

CISA Question 2535

Question

Which of the following is MOST important to have in place before developing a disaster recovery plan (DRP)?

A. A duplicate processing facility
B. Defined acceptable downtime
C. Appropriate insurance coverage
D. System restoration procedures

Answer

B. Defined acceptable downtime

CISA Question 2536

Question

An IS auditor is preparing a data set for a data analytics project. The data will be used to benchmark a new computer-assisted audit technique (CAAT) tool being developed. Which of the following will help to ensure the data cannot be identified?

A. Data masking
B. Encryption
C. Anonymization
D. Data redaction

Answer

B. Encryption

CISA Question 2537

Question

What is the PRIMARY reason for conducting a risk assessment when developing an annual IS audit plan?

A. Identify and prioritize audit areas
B. Determine the existence of controls in audit areas
C. Provide assurance material items will be covered
D. Decide which audit procedures and techniques to use

Answer

A. Identify and prioritize audit areas

CISA Question 2538

Question

During an audit in a small organization, an IS auditor finds that some developers have access to migrate changes to the production environment.
Which of the following should the auditor do NEXT?

A. Review change logs for segregation of duties.
B. Verify whether compensating controls exist.
C. Advise immediate removal of developer access to production.
D. Review the information security policy.

Answer

A. Review change logs for segregation of duties.

CISA Question 2539

Question

Assurance tasks required to support security accreditation/certification should be identified:

A. during the project planning stage.
B. after necessary modifications are completed.
C. during the user acceptance phase.
D. after the quality-assurance plan development.

Answer

A. during the project planning stage.

CISA Question 2540

Question

An IS auditor identified hard-coded credentials within the source code of recently developed software when evaluating its readiness for implementation. Which of the following would be the auditor’s BEST recommendation?

A. Ensure source code reviews and debugging are performed and documented.
B. Ensure revisions of source code can be tracked and rollback can be performed.
C. Ensure documented evidence of source code being kept in escrow is retained.
D. Ensure log reports are retained of all persons updating software source code.

Answer

B. Ensure revisions of source code can be tracked and rollback can be performed.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker