Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 24

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2551

Question

An IS auditor has been asked to audit the proposed acquisition of new computer hardware. The auditor’s PRIMARY concern is that:

A. the implementation plan meets user requirements.
B. a clear business case has been established.
C. the new hardware meets established security standards.
D. a full, visible audit trail will be included.

Answer

C. the new hardware meets established security standards.

CISA Question 2552

Question

In a decentralized organization, the selection and purchase of IS products is acceptable as long as which of the following conditions exists?

A. The same operating system is used throughout the organization.
B. Various offices are independent and exchange data on an occasional basis.
C. Acquired items are consistent with the organization’s short- and long-term IS strategy plans.
D. Managers undertake a full cost-benefit analysis before deciding what to purchase.

Answer

C. Acquired items are consistent with the organization’s short- and long-term IS strategy plans.

CISA Question 2553

Question

At a project steering committee meeting, it is stated that adding controls to business processes undergoing re-engineering is an unnecessary cost. The IS auditor’s BEST response is that the actual control overhead for a business process is:

A. usually considerable, but the benefits of good controls always exceed the cost.
B. the responsibility of the project manager, and the cost should have been included in the budget.
C. usually difficult to ascertain but is justifiable, because controls are essential to doing business
D. usually less than the potential cost of failure caused by lack of controls.

Answer

D. usually less than the potential cost of failure caused by lack of controls.

CISA Question 2554

Question

At what point in software development should the user acceptance test plan be prepared?

A. Implementation planning
B. Requirements definition
C. Transfer into production
D. Feasibility study

Answer

D. Feasibility study

CISA Question 2555

Question

Which of the following is MOST likely to be included in a post-implementation review?

A. Results of live processing
B. Current sets of test data
C. Test results
D. Development methodology

Answer

A. Results of live processing

CISA Question 2556

Question

An organization has implemented data storage hardware. Which of the following should an IS auditor review to assess if IT is maximizing storage and network utilization?

A. Capacity management plans
B. Downtime statistics
C. The quality management systems
D. Routine and non-routine job schedules

Answer

A. Capacity management plans

CISA Question 2557

Question

A post-implementation review of a system implementation has identified that the defined objectives were changed several times without the approval of the project board. What should the IS auditor do NEXT?

A. Notify the project sponsor and request that the project be reopened.
B. Ask management to obtain retrospective approvals.
C. Notify the project management office and raise a finding.
D. Determine whether the revised objectives are appropriate.

Answer

D. Determine whether the revised objectives are appropriate.

CISA Question 2558

Question

An IS auditor is involved in the user testing phase of a development project. The developers wish to use a copy of a peak volume transaction file from the production process to show that the development can cope with the required volume. What is the auditor’s PRIMARY concern?

A. Sensitive production data may be read by unauthorized persons.
B. The error-handling and credibility checks may not be fully proven.
C. Users may not wish for production data to be made available for testing.
D. All functionality of the new process may not be tested.

Answer

A. Sensitive production data may be read by unauthorized persons.

CISA Question 2559

Question

Which of the following should be the PRIMARY consideration when developing an IT strategy?

A. IT key performance indicators based on business objectives
B. Alignment with overall business objectives
C. Alignment with the IT investment portfolio
D. Short and long-term plans for the enterprise IT architecture

Answer

B. Alignment with overall business objectives

CISA Question 2560

Question

An organization implements a data loss prevention tool as a control to mitigate the risk of sensitive data leaving the organization via electronic mail. Which of the following would provide the BEST indication of adequate control design?

A. Management has formally approved the control design.
B. Management presents evidence that data loss incidents have decreased.
C. Security administrators can demonstrate the functions of the tool.
D. Rules enforced by the tool were based on the classification of the data.

Answer

C. Security administrators can demonstrate the functions of the tool.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker