The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2861
- Question
- Answer
- CISA Question 2862
- Question
- Answer
- CISA Question 2863
- Question
- Answer
- CISA Question 2864
- Question
- Answer
- CISA Question 2865
- Question
- Answer
- CISA Question 2866
- Question
- Answer
- CISA Question 2867
- Question
- Answer
- CISA Question 2868
- Question
- Answer
- CISA Question 2869
- Question
- Answer
- CISA Question 2870
- Question
- Answer
CISA Question 2861
Question
During an information security audit of a mid-sized organization, an IS auditor notes that the organization’s information security policy is not sufficient. What is the auditor’s BEST recommendation for the organization?
A. Identify and close gaps compared to a best-practice framework.
B. Perform a benchmark with competitors’ policies.
C. Obtain an external consultant’s support to rewrite the policy.
D. Define roles and responsibilities for regularly updating the policy.
Answer
A. Identify and close gaps compared to a best-practice framework.
CISA Question 2862
Question
When reviewing an organization’s security awareness program, it is MOST important to verify that training occurs:
A. on a continual basis.
B. within the first few months of employment.
C. before access to information is granted.
D. whenever security policies are updated.
Answer
A. on a continual basis.
CISA Question 2863
Question
An organization has an acceptable use policy in place, but users do not formally acknowledge the policy. Which of the following is the MOST significant risk from this finding?
A. Violation of industry standards
B. Lack of user accountability
C. Noncompliance with documentation requirements
D. Lack of data for measuring compliance
Answer
B. Lack of user accountability
CISA Question 2864
Question
A financial services organization has just been granted a banking license. Which of the following is MOST important for the organization to ensure when updating its IT security policy?
A. The policy has been approved by the board and executive management.
B. The policy is required to be reviewed at regular intervals.
C. The policy is consistent with relevant human resources policies.
D. The policy reflects legislative and regulatory requirements.
Answer
D. The policy reflects legislative and regulatory requirements.
CISA Question 2865
Question
To help determine whether a controls-reliant approach to auditing financial systems in a company should be used, which sequence of IS audit work is MOST appropriate?
A. Review of major financial applications followed by a review of IT governance processes
B. Review of application controls followed by a test of key business process controls
C. Review of the general IS controls followed by a review of the application controls
D. Detailed examination of financial transactions followed by review of the general ledger
Answer
A. Review of major financial applications followed by a review of IT governance processes
CISA Question 2866
Question
An IT balanced scorecard is MOST useful in determining the effectiveness of which of the following?
A. Key IT controls
B. Change management processes
C. IT department’s financial position
D. Governance of enterprise IT
Answer
D. Governance of enterprise IT
CISA Question 2867
Question
In the IT department where segregation of duties is not feasible due to a limited number of resources, a team member is performing the functions of computer operator and reviewer of application logs. Which of the following would be the IS auditor’s BEST recommendation?
A. Develop procedures to verify that the application logs are not modified.
B. Prevent the operator from performing application development activities.
C. Assign an independent second reviewer to verify the application logs.
D. Restrict the computer operator’s access to the production environment.
Answer
A. Develop procedures to verify that the application logs are not modified.
CISA Question 2868
Question
Which of the following is the PRIMARY benefit of including IT management and staff when conducting control self-assessments (CSAs) within an organization?
A. It helps to identify risk to the business.
B. It improves the efficiency of business and IT operational processes.
C. It increases buy-in for more stringent controls.
D. It reduces the workload of external and internal auditors.
Answer
A. It helps to identify risk to the business.
CISA Question 2869
Question
Which of the following is the PRIMARY advantage of the IT portfolio management approach over the balanced scorecard approach when managing IT investments?
A. The influence of qualitative factors on investment decisions.
B. Agility in adjusting investment decisions.
C. Incorporation of organizational strategy in investment decisions.
D. Use of the organization’s risk appetite in investment decisions.
Answer
D. Use of the organization’s risk appetite in investment decisions.
CISA Question 2870
Question
The BEST way to evaluate a shared control environment is to obtain an assurance report and review which of the following?
A. Control self-assessment (CSA)
B. Service level agreement (SLA)
C. Master service agreement
D. Complementary user entity controls
Answer
C. Master service agreement