The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2631
- Question
- Answer
- CISA Question 2632
- Question
- Answer
- CISA Question 2633
- Question
- Answer
- CISA Question 2634
- Question
- Answer
- CISA Question 2635
- Question
- Answer
- CISA Question 2636
- Question
- Answer
- CISA Question 2637
- Question
- Answer
- CISA Question 2638
- Question
- Answer
- CISA Question 2639
- Question
- Answer
- CISA Question 2640
- Question
- Answer
CISA Question 2631
Question
An IS auditor performing an application development review attends development team meetings. The IS auditor’s independence will be compromised if the IS auditor:
A. designs and executes the user’s acceptance test plan.
B. re-performs test procedures used by the development team.
C. reviews the result of systems tests that were performed by the development team.
D. assists in developing an integrated test facility (ITF) on the system.
Answer
B. re-performs test procedures used by the development team.
CISA Question 2632
Question
Which of the following is the BEST development methodology to help manage project requirements in a rapidly changing environment?
A. Object-oriented system development
B. Waterfall development process
C. Iterative development process
D. Prototyping
Answer
C. Iterative development process
CISA Question 2633
Question
Which of the following is the BEST recommendation for the establishment of an information security policy?
A. The policy should be developed by IS management.
B. The development and approval should be overseen by business area management.
C. The policy and guidelines should be developed by the human resources department.
D. The policy should be developed by the security administrator.
Answer
B. The development and approval should be overseen by business area management.
CISA Question 2634
Question
When developing a business continuity plan (BCP), which of the following steps should be completed FIRST?
A. Ensure that offsite backups can be efficiently restored.
B. Identity alternatives to critical applications.
C. Review the business continuity insurance policy.
D. Carry out a risk assessment.
Answer
D. Carry out a risk assessment.
CISA Question 2635
Question
Which of the following testing approaches provides the GREATEST assurance that only approved systems development releases have been implemented in the production environment?
A. Test whether a sample of approved developments have releases in production migration logs.
B. Test whether a sample of developments in the systems development register have documented approvals.
C. Test whether a sample of releases in production migration logs have corresponding approvals.
D. Test whether a sample of releases followed the organization’s segregation of duties access.
Answer
C. Test whether a sample of releases in production migration logs have corresponding approvals.
CISA Question 2636
Question
Incorporating the results of a maturity model assessment is MOST useful in the development of:
A. balanced scorecards.
B. strategic implementation plans.
C. key performance indicators (KPIs).
D. key risk indicators (KRIs).
Answer
C. key performance indicators (KPIs).
CISA Question 2637
Question
Which of the following stakeholders should be PRIMARILY responsible for developing, implementing, and monitoring metrics for security activities?
A. Chief technology officer
B. Security incident response team
C. Chief information security officer
D. IT steering committee
Answer
C. Chief information security officer
CISA Question 2638
Question
Which of the following is the MOST important consideration when developing an incident response program?
A. Senior management support
B. Technical skills of response staff
C. Number of dedicated response staff
D. Incident response procedures
Answer
A. Senior management support
CISA Question 2639
Question
An organization has outsourced the development of a core application. However, the organization plans to bring the support and future maintenance of the application back in-house. Which of the following findings should be the IS auditor’s GREATEST concern?
A. A training plan for business users has not been developed.
B. The cost of outsourcing is lower than in-house development.
C. The vendor development team is located overseas.
D. The data model is not dearly documented.
Answer
D. The data model is not dearly documented.
CISA Question 2640
Question
Which of the following would provide the MOST useful input to IS audit management when developing an action plan for improving internal audit’s performance?
A. Feedback from departments that have participated in IS audits
B. Industry benchmarking analysis
C. An external quality assessment review
D. Results train an improvement initiative overseen by executive management
Answer
D. Results train an improvement initiative overseen by executive management