Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 25

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2641

Question

A risk analysis is MOST useful when applied during which phase of the system development process?

A. Pre-implementation
B. Testing
C. Design
D. Feasibility

Answer

C. Design

CISA Question 2642

Question

Which of the following is MOST important with regard to an application development acceptance test?

A. The quality assurance (QA) team is in charge of the testing process.
B. User management approves the test design before the test is started.
C. The programming team is involved in the testing process.
D. All data files are tested for valid information before conversion

Answer

D. All data files are tested for valid information before conversion

CISA Question 2643

Question

An IS auditor determines that a business impact analysis (BIA) was not conducted during the development of a business continuity plan (BCP).
What is the MOST significant risk that could result from this situation?

A. Responsibilities are not property defined.
B. Recovery time objectives (RTOs) are not correctly determined.
C. Key performance indicators (KPIs) are not aligned.
D. Critical business applications are not covered.

Answer

D. Critical business applications are not covered.

CISA Question 2644

Question

At which stage of the software development life cycle should an organization identity privacy considerations?

A. Design
B. Testing
C. Development
D. Requirements

Answer

D. Requirements

CISA Question 2645

Question

A review of an organization’s IT portfolio revealed several applications that are not in use. The BEST way to prevent this situation from recurring would be to implement:

A. a formal request for proposal (RFP) process
B. an information asset acquisition policy
C. asset life cycle management
D. business case development procedures

Answer

D. business case development procedures

CISA Question 2646

Question

An organization is in the process of acquiring a competitor. The information security manager has been asked to report on the security posture of the target acquisition. Which of the following should be the security manager’s FIRST course of action?

A. Implement a security dashboard
B. Quantity the potential risk
C. Perform a gap analysis
D. Perform a vulnerability assessment

Answer

A. Implement a security dashboard

CISA Question 2647

Question

When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:

A. each party’s security responsibilities
B. details of expected security metrics
C. penalties for noncompliance with security policy
D. recovery time objectives (RTOs)

Answer

A. each party’s security responsibilities

CISA Question 2648

Question

During the due diligence phase of an acquisition, the MOST important course of action for an information security manager would be to:

A. review the state of security awareness
B. perform a gap analysis
C. perform a risk assessment
D. review information security policies

Answer

C. perform a risk assessment

CISA Question 2649

Question

Following a recent acquisition, an information security manager has been requested the outstanding risk reported early in the acquisition process.
Which of the following would be the manager’s BEST course of action?

A. Perform a vulnerability assessment of the acquired company’s infrastructure.
B. Re-evaluate the risk treatment plan for the outstanding risk.
C. Re-assess the outstanding risk of the acquired company.
D. Add the outstanding risk to the acquiring organization’s risk registry

Answer

C. Re-assess the outstanding risk of the acquired company.

CISA Question 2650

Question

Following request for proposal (RFP) responses, a project seeking to acquire a new application system has identified a short list of vendors. At this point, the IS auditor should:

A. encourage contact with current users of the vendor’s products
B. perform a detailed cost-benefit exercise on the proposed application
C. require that contract terms include a right-to-audit clause
D. recommend performing system integration tests

Answer

C. require that contract terms include a right-to-audit clause

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.