Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 25

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2631

Question

An IS auditor performing an application development review attends development team meetings. The IS auditor’s independence will be compromised if the IS auditor:

A. designs and executes the user’s acceptance test plan.
B. re-performs test procedures used by the development team.
C. reviews the result of systems tests that were performed by the development team.
D. assists in developing an integrated test facility (ITF) on the system.

Answer

B. re-performs test procedures used by the development team.

CISA Question 2632

Question

Which of the following is the BEST development methodology to help manage project requirements in a rapidly changing environment?

A. Object-oriented system development
B. Waterfall development process
C. Iterative development process
D. Prototyping

Answer

C. Iterative development process

CISA Question 2633

Question

Which of the following is the BEST recommendation for the establishment of an information security policy?

A. The policy should be developed by IS management.
B. The development and approval should be overseen by business area management.
C. The policy and guidelines should be developed by the human resources department.
D. The policy should be developed by the security administrator.

Answer

B. The development and approval should be overseen by business area management.

CISA Question 2634

Question

When developing a business continuity plan (BCP), which of the following steps should be completed FIRST?

A. Ensure that offsite backups can be efficiently restored.
B. Identity alternatives to critical applications.
C. Review the business continuity insurance policy.
D. Carry out a risk assessment.

Answer

D. Carry out a risk assessment.

CISA Question 2635

Question

Which of the following testing approaches provides the GREATEST assurance that only approved systems development releases have been implemented in the production environment?

A. Test whether a sample of approved developments have releases in production migration logs.
B. Test whether a sample of developments in the systems development register have documented approvals.
C. Test whether a sample of releases in production migration logs have corresponding approvals.
D. Test whether a sample of releases followed the organization’s segregation of duties access.

Answer

C. Test whether a sample of releases in production migration logs have corresponding approvals.

CISA Question 2636

Question

Incorporating the results of a maturity model assessment is MOST useful in the development of:

A. balanced scorecards.
B. strategic implementation plans.
C. key performance indicators (KPIs).
D. key risk indicators (KRIs).

Answer

C. key performance indicators (KPIs).

CISA Question 2637

Question

Which of the following stakeholders should be PRIMARILY responsible for developing, implementing, and monitoring metrics for security activities?

A. Chief technology officer
B. Security incident response team
C. Chief information security officer
D. IT steering committee

Answer

C. Chief information security officer

CISA Question 2638

Question

Which of the following is the MOST important consideration when developing an incident response program?

A. Senior management support
B. Technical skills of response staff
C. Number of dedicated response staff
D. Incident response procedures

Answer

A. Senior management support

CISA Question 2639

Question

An organization has outsourced the development of a core application. However, the organization plans to bring the support and future maintenance of the application back in-house. Which of the following findings should be the IS auditor’s GREATEST concern?

A. A training plan for business users has not been developed.
B. The cost of outsourcing is lower than in-house development.
C. The vendor development team is located overseas.
D. The data model is not dearly documented.

Answer

D. The data model is not dearly documented.

CISA Question 2640

Question

Which of the following would provide the MOST useful input to IS audit management when developing an action plan for improving internal audit’s performance?

A. Feedback from departments that have participated in IS audits
B. Industry benchmarking analysis
C. An external quality assessment review
D. Results train an improvement initiative overseen by executive management

Answer

D. Results train an improvement initiative overseen by executive management

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker