Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 25

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2601

Question

Which of the following should be of GREATEST concern to an organization’s board when reviewing the internal audit department’s quality assurance and improvement program?

A. The program does not include periodic external assessments.
B. Program metrics have not been updated in over two years.
C. The program has not been approved by senior management.
D. The program does not incorporate recommendations from prior audits.

Answer

C. The program has not been approved by senior management.

CISA Question 2602

Question

Which of the following would BEST help in classifying an organization’s data?

A. Data retention requirements
B. Impact of data loss or disclosure
C. Analysis of existing data handling procedures
D. Industry best practices for data classification

Answer

B. Impact of data loss or disclosure

CISA Question 2603

Question

The IS security group is planning to implement single sign-on. What is the IS auditor’s PRIMARY concern?

A. Integrated access rules will increase users’ access privileges.
B. Managing user IDs/passwords will require increased efforts.
C. Integrated access rules will restrict users’ access privileges.
D. Compromise of a user ID/password will yield more privileges.

Answer

D. Compromise of a user ID/password will yield more privileges.

CISA Question 2604

Question

When an organization outsources a payroll system to a cloud service provider, the IS auditor’s PRIMARY concern should be the:

A. service level agreement (SLA) is not reviewed annually.
B. lack of independent assurance from a third party.
C. service provider’s data center is on the ground floor.
D. service provider’s platform is not compatible with legacy systems.

Answer

B. lack of independent assurance from a third party.

CISA Question 2605

Question

Which of the following is the GREATEST advantage of implementing an IT enterprise architecture framework within an organization?

A. It helps to identify security issues in systems across the organization.
B. It better equips an organization to adopt innovative and emerging technologies.
C. It reduces the overlap of infrastructure technologies within the organization.
D. It improves the organization’s ability to meet service level agreements (SLAs).

Answer

A. It helps to identify security issues in systems across the organization.

CISA Question 2606

Question

Which of the following is the PRIMARY objective of using a capability maturity model as a tool to communicate audit results to senior management?

A. To evaluate management’s action plan
B. To confirm audit findings
C. To illustrate improvement opportunities
D. To prioritize remediation efforts

Answer

A. To evaluate management’s action plan

CISA Question 2607

Question

A configuration management audit identified that predefined automated procedures are used when deploying and configuring application infrastructure in a cloud- based environment. Which of the following is MOST important for the IS auditor to review?

A. Contracts of vendors responsible for maintaining provisioning tools
B. Processes for making changes to cloud environment specifications
C. Storage location of configuration management documentation
D. Number of administrators with access to cloud management consoles

Answer

B. Processes for making changes to cloud environment specifications

CISA Question 2608

Question

The results of a feasibility study for acquiring a new system should provide management with a clear understanding of:

A. the approach to meeting data processing needs.
B. how hardware selection criteria are aligned with the IS strategic plan.
C. critical application systems’ utilization of computer resources.
D. application security over critical data processing.

Answer

A. the approach to meeting data processing needs.

CISA Question 2609

Question

Which of the following helps to ensure the integrity of data for an interface between a new billing system and an accounts receivable system?

A. Audit logs are available for 30 days.
B. Access to the data requires authentication.
C. Data files are encrypted during transmission.
D. Control totals are calculated.

Answer

D. Control totals are calculated.

CISA Question 2610

Question

Which of the following is the PRIMARY function of technology-driven enterprise architecture?

A. To provide guidance on technological decisions in the context of business strategy
B. To determine how new technologies fit into existing networks and data flows
C. To help develop project documentation and related business process roadmaps
D. To re-engineer business processes to make better use of technology

Answer

D. To re-engineer business processes to make better use of technology

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.