ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 24

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 2541

Question

Which of the following is the BEST indication of the completeness of interface control documents used for the development of a new application?

A. All documents have been reviewed by end users.
B. All inputs and outputs for potential actions are included.
C. Failed interface data transfers prevent subsequent processes.
D. Both successful and failed interface data transfers are recorded.

Answer

B. All inputs and outputs for potential actions are included.

CISA Question 2542

Question

An organization has implemented a distributed security administration system to replace the previous centralized one. The IS auditor’s GREATEST concern should be that:

A. security procedures may be inadequate to support the change.
B. end-user acceptance of the new system is likely to be difficult to obtain.
C. the new system will require additional training.
D. a distributed security system is inherently a weak security system.

Answer

A. security procedures may be inadequate to support the change.

CISA Question 2543

Question

The MOST efficient way to confirm that an ERP system being implemented satisfies business expectations is to utilize which of the following types of testing?

A. Parallel
B. Pilot
C. Sociability
D. Alpha

Answer

B. Pilot

CISA Question 2544

Question

Implementing which of the following would BEST address issues relating to the aging of IT systems?

A. IT project management
B. Release management
C. Application portfolio management
D. Configuration management

Answer

B. Release management

CISA Question 2545

Question

Which of the following controls should be implemented to BEST minimize system downtime for maintenance?

A. Nightly full backups
B. Virtualization
C. Warm site
D. Clustering

Answer

D. Clustering

CISA Question 2546

Question

Which of the following procedures should be implemented prior to disposing of surplus computer equipment to employees?

A. Use operating system commands to delete all files from the hard drive.
B. Have the employee receiving the machine sign a nondisclosure agreement.
C. Use application delete commands to remove files.
D. Overwrite the hard drive with random data.

Answer

D. Overwrite the hard drive with random data.

CISA Question 2547

Question

During a software acquisition review, an IS auditor should recommend that there be a software escrow agreement when:

A. the estimated life for the product is less than 3 years.
B. the deliverables do not include the source code.
C. the product is new in the market.
D. there is no service level agreement (SLA).

Answer

B. the deliverables do not include the source code.

CISA Question 2548

Question

A technology service organization has recently acquired a new subsidiary. What should be the IS auditor’s NEXT course of action when considering the impact on the development of the IT audit plan?

A. Review the revised business impact analysis (BIA).
B. Proceed with the current audit plan.
C. Perform a risk assessment.
D. Include the new systems in the audit plan.

Answer

C. Perform a risk assessment.

CISA Question 2549

Question

When evaluating the recent implementation of an intrusion detection system (IDS), an IS auditor should be MOST concerned with inappropriate:

A. encryption.
B. training.
C. tuning.
D. patching.

Answer

C. tuning.

CISA Question 2550

Question

An effective implementation of security roles and responsibilities is BEST evidenced across an enterprise when:

A. operational activities are aligned with policies.
B. policies are signed off by users.
C. policies are rolled out and disseminated.
D. reviews and updates of policies are regularly performed.

Answer

A. operational activities are aligned with policies.