Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 26

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2731

Question

An audit committee is reviewing an annual IT risk assessment. Which of the following is the BEST justification for the audits selected?

A. Likelihood of an IT process failure
B. Key IT general process controls
C. Applications impacted
D. Underlying business risks

Answer

D. Underlying business risks

CISA Question 2732

Question

A security company and service provider have merged, and the CEO has requested one comprehensive set of security policies be developed for the newly formed company. The IS auditor’s BEST recommendation would be to:

A. conduct a policy gap assessment.
B. adopt an industry standard security policy.
C. implement the service provider’s policies.
D. implement the security company’s policies.

Answer

A. conduct a policy gap assessment.

CISA Question 2733

Question

A start-up company acquiring servers for its order-taking system is unable to predict the volume of transactions. Which of the following is MOST important for the company to consider?

A. Scalability
B. Configuration
C. Optimization
D. Compatibility

Answer

A. Scalability

CISA Question 2734

Question

An IS auditor reviewing the acquisition of new equipment would consider which of the following to be a significant weakness?

A. Staff involved in the evaluation were aware of the vendors being evaluated.
B. Independent consultants prepared the request for proposal (RFP) documents.
C. Evaluation criteria were finalized after the initial assessment of responses.
D. The closing date for responses was extended after a request from potential vendors.

Answer

C. Evaluation criteria were finalized after the initial assessment of responses.

CISA Question 2735

Question

A (chief information officer) CIO has asked an IS auditor to implement several security controls for an organization’s IT processes and systems.
The auditor should:

A. perform the assignment and future audits with due professional care.
B. obtain approval from executive management for the implementation.
C. refuse due to independence issues.
D. communicate the conflict of interest to audit management.

Answer

D. communicate the conflict of interest to audit management.

CISA Question 2736

Question

An organization is in the process of deciding whether to allow a bring your own device (BYOD) program. If approved, which of the following should be the FIRST control required before implementation?

A. Device baseline configurations
B. Device registration
C. An acceptable use policy
D. An awareness program

Answer

B. Device registration

CISA Question 2737

Question

What is the BEST indicator of successful implementation of an organization’s information security policy?

A. Reduced number of successful phishing incidents
B. Reduced number of help desk calls
C. Reduced number of noncompliance penalties incurred
D. Reduced number of false-positive security events

Answer

C. Reduced number of noncompliance penalties incurred

CISA Question 2738

Question

The BEST way to evaluate the effectiveness of a newly developed application is to:

A. perform a post-implementation review.
B. analyze load-testing results.
C. review acceptance-testing results.
D. perform a pre-implementation review.

Answer

C. review acceptance-testing results.

CISA Question 2739

Question

A company has implemented an IT segregation of duties policy. In a role-based environment, which of the following roles may be assigned to an approach developer?

A. IT operator
B. Database administration
C. System administration
D. Emergency support

Answer

D. Emergency support

CISA Question 2740

Question

During an internal audit review of an HR recruitment system implementation, the IS auditor notes a number of defects were unresolved at the time the system went live. Which of the following is the auditor’s MOST important task prior to formulating an audit opinion?

A. Identify the root cause of the defects to confirm severity.
B. Review the user acceptance test results.
C. Verify risk acceptance by the project steering committee.
D. Confirm the timeline for migration of the defects.

Answer

B. Review the user acceptance test results.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker