The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
CISA Question 2601
Question
Which of the following should be of GREATEST concern to an organization’s board when reviewing the internal audit department’s quality assurance and improvement program?
A. The program does not include periodic external assessments.
B. Program metrics have not been updated in over two years.
C. The program has not been approved by senior management.
D. The program does not incorporate recommendations from prior audits.
Answer
C. The program has not been approved by senior management.
CISA Question 2602
Question
Which of the following would BEST help in classifying an organization’s data?
A. Data retention requirements
B. Impact of data loss or disclosure
C. Analysis of existing data handling procedures
D. Industry best practices for data classification
Answer
B. Impact of data loss or disclosure
CISA Question 2603
Question
The IS security group is planning to implement single sign-on. What is the IS auditor’s PRIMARY concern?
A. Integrated access rules will increase users’ access privileges.
B. Managing user IDs/passwords will require increased efforts.
C. Integrated access rules will restrict users’ access privileges.
D. Compromise of a user ID/password will yield more privileges.
Answer
D. Compromise of a user ID/password will yield more privileges.
CISA Question 2604
Question
When an organization outsources a payroll system to a cloud service provider, the IS auditor’s PRIMARY concern should be the:
A. service level agreement (SLA) is not reviewed annually.
B. lack of independent assurance from a third party.
C. service provider’s data center is on the ground floor.
D. service provider’s platform is not compatible with legacy systems.
Answer
B. lack of independent assurance from a third party.
CISA Question 2605
Question
Which of the following is the GREATEST advantage of implementing an IT enterprise architecture framework within an organization?
A. It helps to identify security issues in systems across the organization.
B. It better equips an organization to adopt innovative and emerging technologies.
C. It reduces the overlap of infrastructure technologies within the organization.
D. It improves the organization’s ability to meet service level agreements (SLAs).
Answer
A. It helps to identify security issues in systems across the organization.
CISA Question 2606
Question
Which of the following is the PRIMARY objective of using a capability maturity model as a tool to communicate audit results to senior management?
A. To evaluate management’s action plan
B. To confirm audit findings
C. To illustrate improvement opportunities
D. To prioritize remediation efforts
Answer
A. To evaluate management’s action plan
CISA Question 2607
Question
A configuration management audit identified that predefined automated procedures are used when deploying and configuring application infrastructure in a cloud- based environment. Which of the following is MOST important for the IS auditor to review?
A. Contracts of vendors responsible for maintaining provisioning tools
B. Processes for making changes to cloud environment specifications
C. Storage location of configuration management documentation
D. Number of administrators with access to cloud management consoles
Answer
B. Processes for making changes to cloud environment specifications
CISA Question 2608
Question
The results of a feasibility study for acquiring a new system should provide management with a clear understanding of:
A. the approach to meeting data processing needs.
B. how hardware selection criteria are aligned with the IS strategic plan.
C. critical application systems’ utilization of computer resources.
D. application security over critical data processing.
Answer
A. the approach to meeting data processing needs.
CISA Question 2609
Question
Which of the following helps to ensure the integrity of data for an interface between a new billing system and an accounts receivable system?
A. Audit logs are available for 30 days.
B. Access to the data requires authentication.
C. Data files are encrypted during transmission.
D. Control totals are calculated.
Answer
D. Control totals are calculated.
CISA Question 2610
Question
Which of the following is the PRIMARY function of technology-driven enterprise architecture?
A. To provide guidance on technological decisions in the context of business strategy
B. To determine how new technologies fit into existing networks and data flows
C. To help develop project documentation and related business process roadmaps
D. To re-engineer business processes to make better use of technology
Answer
D. To re-engineer business processes to make better use of technology
