Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 27

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2851

Question

When deciding whether a third party can be used in resolving a suspected security breach, which of the following should be the MOST important consideration for IT management?

A. Audit approval
B. Third-party cost
C. Incident priority rating
D. Data sensitivity

Answer

D. Data sensitivity

CISA Question 2852

Question

An organization’s audit charter PRIMARILY:

A. describes the auditors’ authority to conduct audits.
B. documents the audit process and reporting standards.
C. formally records the annual and quarterly audit plans.
D. defines the auditors’ code of conduct.

Answer

A. describes the auditors’ authority to conduct audits.

CISA Question 2853

Question

Which of the following BEST demonstrates that IT strategy is aligned with organizational goals and objectives?

A. Organizational strategies are communicated to the chief information officer (CIO).
B. Business stakeholders are involved in approving the IT strategy.
C. The chief information officer (CIO) is involved in approving the organizational strategies.
D. IT strategies are communicated to all business stakeholders.

Answer

B. Business stakeholders are involved in approving the IT strategy.

CISA Question 2854

Question

Which of the following BEST indicates that an organization has effective governance in place?

A. The organization is compliant with local government regulations.
B. The organization’s board of directors executes on the management strategy.
C. The organization’s board of directors reviews metrics for strategic initiatives.
D. The organization regularly updates governance-related policies and procedures.

Answer

D. The organization regularly updates governance-related policies and procedures.

CISA Question 2855

Question

Which of the following falls within the scope of an information security governance committee?

A. Approving access to critical financial systems
B. Prioritizing information security technology initiatives
C. Reviewing content for information security awareness programs
D. Selecting the organization’s external security auditors

Answer

B. Prioritizing information security technology initiatives

CISA Question 2856

Question

During an IT governance audit, an IS auditor notes that IT policies and procedures are not regularly reviewed and updated. The GREATEST concern to the IS auditor is that policies and procedures might not:

A. reflect current practices.
B. incorporate changes to relevant laws.
C. be subject to adequate quality assurance (QA).
D. include new systems and corresponding process changes.

Answer

D. include new systems and corresponding process changes.

CISA Question 2857

Question

Which of the following focus areas is a responsibility of IT management rather than IT governance?

A. Risk optimization
B. IT resource optimization
C. IT controls implementation
D. Benefits realization

Answer

C. IT controls implementation

CISA Question 2858

Question

What is the MOST effective way for an IS auditor to determine whether employees understand the organization’s information security policy?

A. Ensure the policy is current.
B. Survey employees.
C. Review the organization’s employee training log
D. Ensure the policy is communicated throughout the organization.

Answer

B. Survey employees.

CISA Question 2859

Question

Which of the following is the BEST audit procedure to determine whether a firewall is configured in compliance with the organization’s security policy?

A. Reviewing the system log
B. Reviewing the parameter settings
C. Interviewing the firewall administrator
D. Reviewing the actual procedures

Answer

B. Reviewing the parameter settings

CISA Question 2860

Question

Which of the following is MOST important for an IS auditor to review when evaluating the completeness of an organization’s personally identifiable information (PII) inventory?

A. Data flows
B. Data retention
C. Data ownership
D. Data policy

Answer

B. Data retention

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.