Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 25

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2641

Question

A risk analysis is MOST useful when applied during which phase of the system development process?

A. Pre-implementation
B. Testing
C. Design
D. Feasibility

Answer

C. Design

CISA Question 2642

Question

Which of the following is MOST important with regard to an application development acceptance test?

A. The quality assurance (QA) team is in charge of the testing process.
B. User management approves the test design before the test is started.
C. The programming team is involved in the testing process.
D. All data files are tested for valid information before conversion

Answer

D. All data files are tested for valid information before conversion

CISA Question 2643

Question

An IS auditor determines that a business impact analysis (BIA) was not conducted during the development of a business continuity plan (BCP).
What is the MOST significant risk that could result from this situation?

A. Responsibilities are not property defined.
B. Recovery time objectives (RTOs) are not correctly determined.
C. Key performance indicators (KPIs) are not aligned.
D. Critical business applications are not covered.

Answer

D. Critical business applications are not covered.

CISA Question 2644

Question

At which stage of the software development life cycle should an organization identity privacy considerations?

A. Design
B. Testing
C. Development
D. Requirements

Answer

D. Requirements

CISA Question 2645

Question

A review of an organization’s IT portfolio revealed several applications that are not in use. The BEST way to prevent this situation from recurring would be to implement:

A. a formal request for proposal (RFP) process
B. an information asset acquisition policy
C. asset life cycle management
D. business case development procedures

Answer

D. business case development procedures

CISA Question 2646

Question

An organization is in the process of acquiring a competitor. The information security manager has been asked to report on the security posture of the target acquisition. Which of the following should be the security manager’s FIRST course of action?

A. Implement a security dashboard
B. Quantity the potential risk
C. Perform a gap analysis
D. Perform a vulnerability assessment

Answer

A. Implement a security dashboard

CISA Question 2647

Question

When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:

A. each party’s security responsibilities
B. details of expected security metrics
C. penalties for noncompliance with security policy
D. recovery time objectives (RTOs)

Answer

A. each party’s security responsibilities

CISA Question 2648

Question

During the due diligence phase of an acquisition, the MOST important course of action for an information security manager would be to:

A. review the state of security awareness
B. perform a gap analysis
C. perform a risk assessment
D. review information security policies

Answer

C. perform a risk assessment

CISA Question 2649

Question

Following a recent acquisition, an information security manager has been requested the outstanding risk reported early in the acquisition process.
Which of the following would be the manager’s BEST course of action?

A. Perform a vulnerability assessment of the acquired company’s infrastructure.
B. Re-evaluate the risk treatment plan for the outstanding risk.
C. Re-assess the outstanding risk of the acquired company.
D. Add the outstanding risk to the acquiring organization’s risk registry

Answer

C. Re-assess the outstanding risk of the acquired company.

CISA Question 2650

Question

Following request for proposal (RFP) responses, a project seeking to acquire a new application system has identified a short list of vendors. At this point, the IS auditor should:

A. encourage contact with current users of the vendor’s products
B. perform a detailed cost-benefit exercise on the proposed application
C. require that contract terms include a right-to-audit clause
D. recommend performing system integration tests

Answer

C. require that contract terms include a right-to-audit clause

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker