The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2611
- Question
- Answer
- CISA Question 2612
- Question
- Answer
- CISA Question 2613
- Question
- Answer
- CISA Question 2614
- Question
- Answer
- CISA Question 2615
- Question
- Answer
- CISA Question 2616
- Question
- Answer
- CISA Question 2617
- Question
- Answer
- CISA Question 2618
- Question
- Answer
- CISA Question 2619
- Question
- Answer
- CISA Question 2620
- Question
- Answer
CISA Question 2611
Question
An IS audit had identified that default passwords for a newly implemented application were not changed. During the follow-up audit, which of the following would provide the BEST evidence that the finding was effectively addressed?
A. Written confirmation from management that the passwords were changed
B. Screenshots of system parameters requiring password changes on next login
C. Application log files that record the password changes
D. System-generated emails requiring application users to change passwords
Answer
C. Application log files that record the password changes
CISA Question 2612
Question
An IS auditor is asked to provide feedback on the systems options analysis for a new project. The BEST course of action for the IS auditor would be to:
A. identify the best alternative.
B. request at least one other alternative.
C. comment on the criteria used to assess the alternatives.
D. retain comments as findings for the audit report.
Answer
C. comment on the criteria used to assess the alternatives.
CISA Question 2613
Question
Of the following, who should authorize a project management team’s request to take a mission-critical application offline to implement a new release and configuration?
A. Chief information security officer (CISO)
B. Project manager
C. Application administrator
D. Business process owner
Answer
D. Business process owner
CISA Question 2614
Question
An IS auditor was involved in the design phase for a new system’s security architecture. For the planned post-implementation audit, which of the following would be the MOST appropriate course of action for the auditor?
A. Have another auditor review the security architecture.
B. Disclose the independence issues in the audit report.
C. Change the audit scope to exclude security architecture.
D. Postpone the post-implementation audit to a later date.
Answer
A. Have another auditor review the security architecture.
CISA Question 2615
Question
Which of the following is MOST important for the successful completion of a new application system?
A. Appropriate training of system analysts
B. Steering committee approval of the new system
C. Completion of a positive cost-benefit analysis
D. User participation in the project development
Answer
B. Steering committee approval of the new system
CISA Question 2616
Question
Which of the following is the BEST way to help ensure new IT implementations align with enterprise architecture principles and requirements?
A. Conduct enterprise architecture reviews as part of the change advisory board.
B. Consider stakeholder concerns when defining the enterprise architecture.
C. Document the security view as part of the enterprise architecture.
D. Perform mandatory post-implementation reviews of IT implementations
Answer
D. Perform mandatory post-implementation reviews of IT implementations
CISA Question 2617
Question
As part of a quality assurance initiative, an organization has engaged an external auditor to evaluate the internal IS audit function. Which of the following observations should be of MOST concern?
A. Audit reports are not approved by the audit committee.
B. Audit reports do not state they are conducted in accordance with industry standards.
C. The audit team is not sufficiently leveraging data analytics.
D. Audit engagements are not risk-based.
Answer
B. Audit reports do not state they are conducted in accordance with industry standards.
CISA Question 2618
Question
When designing a data analytics process, which of the following should be the stakeholder’s role in automating data extraction and validation?
A. Performing the business case analysis for the data analytics initiative
B. Indicating which data elements are necessary to make informed decisions
C. Designing the workflow necessary for the data analytics tool to evaluate the appropriate data
D. Allocating the resources necessary to purchase the appropriate software packages
Answer
B. Indicating which data elements are necessary to make informed decisions
CISA Question 2619
Question
Which of the following BEST supports an organization’s planning efforts for investments in IT initiatives?
A. Capability maturity model
B. Enterprise architecture
C. Agile project management
D. Continuous gap assessment
Answer
B. Enterprise architecture
CISA Question 2620
Question
When initiating an IT project, which of the following should be completed FIRST?
A. Project plan
B. Request for proposal
C. Feasibility study
D. Requirements definition
Answer
C. Feasibility study