The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2731
- Question
- Answer
- CISA Question 2732
- Question
- Answer
- CISA Question 2733
- Question
- Answer
- CISA Question 2734
- Question
- Answer
- CISA Question 2735
- Question
- Answer
- CISA Question 2736
- Question
- Answer
- CISA Question 2737
- Question
- Answer
- CISA Question 2738
- Question
- Answer
- CISA Question 2739
- Question
- Answer
- CISA Question 2740
- Question
- Answer
CISA Question 2731
Question
An audit committee is reviewing an annual IT risk assessment. Which of the following is the BEST justification for the audits selected?
A. Likelihood of an IT process failure
B. Key IT general process controls
C. Applications impacted
D. Underlying business risks
Answer
D. Underlying business risks
CISA Question 2732
Question
A security company and service provider have merged, and the CEO has requested one comprehensive set of security policies be developed for the newly formed company. The IS auditor’s BEST recommendation would be to:
A. conduct a policy gap assessment.
B. adopt an industry standard security policy.
C. implement the service provider’s policies.
D. implement the security company’s policies.
Answer
A. conduct a policy gap assessment.
CISA Question 2733
Question
A start-up company acquiring servers for its order-taking system is unable to predict the volume of transactions. Which of the following is MOST important for the company to consider?
A. Scalability
B. Configuration
C. Optimization
D. Compatibility
Answer
A. Scalability
CISA Question 2734
Question
An IS auditor reviewing the acquisition of new equipment would consider which of the following to be a significant weakness?
A. Staff involved in the evaluation were aware of the vendors being evaluated.
B. Independent consultants prepared the request for proposal (RFP) documents.
C. Evaluation criteria were finalized after the initial assessment of responses.
D. The closing date for responses was extended after a request from potential vendors.
Answer
C. Evaluation criteria were finalized after the initial assessment of responses.
CISA Question 2735
Question
A (chief information officer) CIO has asked an IS auditor to implement several security controls for an organization’s IT processes and systems.
The auditor should:
A. perform the assignment and future audits with due professional care.
B. obtain approval from executive management for the implementation.
C. refuse due to independence issues.
D. communicate the conflict of interest to audit management.
Answer
D. communicate the conflict of interest to audit management.
CISA Question 2736
Question
An organization is in the process of deciding whether to allow a bring your own device (BYOD) program. If approved, which of the following should be the FIRST control required before implementation?
A. Device baseline configurations
B. Device registration
C. An acceptable use policy
D. An awareness program
Answer
B. Device registration
CISA Question 2737
Question
What is the BEST indicator of successful implementation of an organization’s information security policy?
A. Reduced number of successful phishing incidents
B. Reduced number of help desk calls
C. Reduced number of noncompliance penalties incurred
D. Reduced number of false-positive security events
Answer
C. Reduced number of noncompliance penalties incurred
CISA Question 2738
Question
The BEST way to evaluate the effectiveness of a newly developed application is to:
A. perform a post-implementation review.
B. analyze load-testing results.
C. review acceptance-testing results.
D. perform a pre-implementation review.
Answer
C. review acceptance-testing results.
CISA Question 2739
Question
A company has implemented an IT segregation of duties policy. In a role-based environment, which of the following roles may be assigned to an approach developer?
A. IT operator
B. Database administration
C. System administration
D. Emergency support
Answer
D. Emergency support
CISA Question 2740
Question
During an internal audit review of an HR recruitment system implementation, the IS auditor notes a number of defects were unresolved at the time the system went live. Which of the following is the auditor’s MOST important task prior to formulating an audit opinion?
A. Identify the root cause of the defects to confirm severity.
B. Review the user acceptance test results.
C. Verify risk acceptance by the project steering committee.
D. Confirm the timeline for migration of the defects.
Answer
B. Review the user acceptance test results.