Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 24

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2561

Question

Which of the following is the BEST guidance from an IS auditor to an organization planning an initiative to improve the effectiveness of its IT processes?

A. IT staff should be surveyed to identify current IT process weaknesses and suggest improvements.
B. The organization should use a capability maturity model to identify current maturity levels for each IT process.
C. IT management should include process improvements in staff performance
D. The organization should refer to prior audit reports to identify the specific IT processes to be improved.

Answer

B. The organization should use a capability maturity model to identify current maturity levels for each IT process.

CISA Question 2562

Question

What is the BEST population to select from when testing that programs are migrated to production with proper approval?

A. List of changes provided by application programming managers
B. List of production programs
C. Completed change request forms
D. Change advisory board meeting minutes

Answer

C. Completed change request forms

CISA Question 2563

Question

When conducting a requirements analysis for a project the BEST approach would be to:

A. conduct a control self-assessment.
B. consult key stakeholders.
C. test operational deliverables.
D. prototype the requirements.

Answer

B. consult key stakeholders.

CISA Question 2564

Question

During the procurement process, which of the following would be the BEST indication that prospective vendors will meet the organization’s needs?

A. An account transition manager has been identified.
B. Expected service levels are defined.
C. The vendor’s subcontractors have been identified.
D. The service catalog is documented.

Answer

B. Expected service levels are defined.

CISA Question 2565

Question

Which of the following is MOST important to consider when creating audit follow-up procedures?

A. Whether the organization has sufficient funds to address the issue
B. Whether management has determined if risk is within the organization’s risk appetite
C. Whether follow-up procedures would determine if identified risks have been mitigated
D. Whether the auditee has allotted sufficient time for the follow-up

Answer

C. Whether follow-up procedures would determine if identified risks have been mitigated

CISA Question 2566

Question

What is the PRIMARY advantage of prototyping as part of systems development?

A. Maximizes user satisfaction
B. Eliminates the need for internal controls
C. Increases accuracy in reporting
D. Reduces the need for compliance testing

Answer

A. Maximizes user satisfaction

CISA Question 2567

Question

Which of the following is the MOST effective mechanism for ensuring that critical IT operational problems are reported to executive management in a timely manner?

A. Regular meetings
B. Escalation procedures
C. Service level monitoring
D. Periodic status reports

Answer

C. Service level monitoring

CISA Question 2568

Question

Which of the following is the BEST time for an IS auditor to perform a post-implementation review?

A. When the system has stabilized.
B. After the completion of user testing.
C. Before decommissioning the legacy system.
D. Immediately after the new system goes into production.

Answer

A. When the system has stabilized.

CISA Question 2569

Question

Following an unauthorized disclosure of data, an organization needs to implement data loss prevention (DLP) measures. The IS auditor’s BEST recommendation should be to:

A. install DLP software on corporate servers to prevent recurrence.
B. monitor and block outgoing emails based on common DLP criteria.
C. restrict removable media access on all computer systems.
D. establish a risk and control framework.

Answer

D. establish a risk and control framework.

CISA Question 2570

Question

When determining the specifications for a server supporting an online application using more than a hundred endpoints, which of the following is the MOST important factor to be considered?

A. High availability of different systems
B. Cost-benefit comparison between the available systems
C. Reputation of the vendors and their customer base
D. Transaction volume estimate during peak periods

Answer

D. Transaction volume estimate during peak periods

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker