The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2551
- Question
- Answer
- CISA Question 2552
- Question
- Answer
- CISA Question 2553
- Question
- Answer
- CISA Question 2554
- Question
- Answer
- CISA Question 2555
- Question
- Answer
- CISA Question 2556
- Question
- Answer
- CISA Question 2557
- Question
- Answer
- CISA Question 2558
- Question
- Answer
- CISA Question 2559
- Question
- Answer
- CISA Question 2560
- Question
- Answer
CISA Question 2551
Question
An IS auditor has been asked to audit the proposed acquisition of new computer hardware. The auditor’s PRIMARY concern is that:
A. the implementation plan meets user requirements.
B. a clear business case has been established.
C. the new hardware meets established security standards.
D. a full, visible audit trail will be included.
Answer
C. the new hardware meets established security standards.
CISA Question 2552
Question
In a decentralized organization, the selection and purchase of IS products is acceptable as long as which of the following conditions exists?
A. The same operating system is used throughout the organization.
B. Various offices are independent and exchange data on an occasional basis.
C. Acquired items are consistent with the organization’s short- and long-term IS strategy plans.
D. Managers undertake a full cost-benefit analysis before deciding what to purchase.
Answer
C. Acquired items are consistent with the organization’s short- and long-term IS strategy plans.
CISA Question 2553
Question
At a project steering committee meeting, it is stated that adding controls to business processes undergoing re-engineering is an unnecessary cost. The IS auditor’s BEST response is that the actual control overhead for a business process is:
A. usually considerable, but the benefits of good controls always exceed the cost.
B. the responsibility of the project manager, and the cost should have been included in the budget.
C. usually difficult to ascertain but is justifiable, because controls are essential to doing business
D. usually less than the potential cost of failure caused by lack of controls.
Answer
D. usually less than the potential cost of failure caused by lack of controls.
CISA Question 2554
Question
At what point in software development should the user acceptance test plan be prepared?
A. Implementation planning
B. Requirements definition
C. Transfer into production
D. Feasibility study
Answer
D. Feasibility study
CISA Question 2555
Question
Which of the following is MOST likely to be included in a post-implementation review?
A. Results of live processing
B. Current sets of test data
C. Test results
D. Development methodology
Answer
A. Results of live processing
CISA Question 2556
Question
An organization has implemented data storage hardware. Which of the following should an IS auditor review to assess if IT is maximizing storage and network utilization?
A. Capacity management plans
B. Downtime statistics
C. The quality management systems
D. Routine and non-routine job schedules
Answer
A. Capacity management plans
CISA Question 2557
Question
A post-implementation review of a system implementation has identified that the defined objectives were changed several times without the approval of the project board. What should the IS auditor do NEXT?
A. Notify the project sponsor and request that the project be reopened.
B. Ask management to obtain retrospective approvals.
C. Notify the project management office and raise a finding.
D. Determine whether the revised objectives are appropriate.
Answer
D. Determine whether the revised objectives are appropriate.
CISA Question 2558
Question
An IS auditor is involved in the user testing phase of a development project. The developers wish to use a copy of a peak volume transaction file from the production process to show that the development can cope with the required volume. What is the auditor’s PRIMARY concern?
A. Sensitive production data may be read by unauthorized persons.
B. The error-handling and credibility checks may not be fully proven.
C. Users may not wish for production data to be made available for testing.
D. All functionality of the new process may not be tested.
Answer
A. Sensitive production data may be read by unauthorized persons.
CISA Question 2559
Question
Which of the following should be the PRIMARY consideration when developing an IT strategy?
A. IT key performance indicators based on business objectives
B. Alignment with overall business objectives
C. Alignment with the IT investment portfolio
D. Short and long-term plans for the enterprise IT architecture
Answer
B. Alignment with overall business objectives
CISA Question 2560
Question
An organization implements a data loss prevention tool as a control to mitigate the risk of sensitive data leaving the organization via electronic mail. Which of the following would provide the BEST indication of adequate control design?
A. Management has formally approved the control design.
B. Management presents evidence that data loss incidents have decreased.
C. Security administrators can demonstrate the functions of the tool.
D. Rules enforced by the tool were based on the classification of the data.
Answer
C. Security administrators can demonstrate the functions of the tool.