Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 27

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2861

Question

During an information security audit of a mid-sized organization, an IS auditor notes that the organization’s information security policy is not sufficient. What is the auditor’s BEST recommendation for the organization?

A. Identify and close gaps compared to a best-practice framework.
B. Perform a benchmark with competitors’ policies.
C. Obtain an external consultant’s support to rewrite the policy.
D. Define roles and responsibilities for regularly updating the policy.

Answer

A. Identify and close gaps compared to a best-practice framework.

CISA Question 2862

Question

When reviewing an organization’s security awareness program, it is MOST important to verify that training occurs:

A. on a continual basis.
B. within the first few months of employment.
C. before access to information is granted.
D. whenever security policies are updated.

Answer

A. on a continual basis.

CISA Question 2863

Question

An organization has an acceptable use policy in place, but users do not formally acknowledge the policy. Which of the following is the MOST significant risk from this finding?

A. Violation of industry standards
B. Lack of user accountability
C. Noncompliance with documentation requirements
D. Lack of data for measuring compliance

Answer

B. Lack of user accountability

CISA Question 2864

Question

A financial services organization has just been granted a banking license. Which of the following is MOST important for the organization to ensure when updating its IT security policy?

A. The policy has been approved by the board and executive management.
B. The policy is required to be reviewed at regular intervals.
C. The policy is consistent with relevant human resources policies.
D. The policy reflects legislative and regulatory requirements.

Answer

D. The policy reflects legislative and regulatory requirements.

CISA Question 2865

Question

To help determine whether a controls-reliant approach to auditing financial systems in a company should be used, which sequence of IS audit work is MOST appropriate?

A. Review of major financial applications followed by a review of IT governance processes
B. Review of application controls followed by a test of key business process controls
C. Review of the general IS controls followed by a review of the application controls
D. Detailed examination of financial transactions followed by review of the general ledger

Answer

A. Review of major financial applications followed by a review of IT governance processes

CISA Question 2866

Question

An IT balanced scorecard is MOST useful in determining the effectiveness of which of the following?

A. Key IT controls
B. Change management processes
C. IT department’s financial position
D. Governance of enterprise IT

Answer

D. Governance of enterprise IT

CISA Question 2867

Question

In the IT department where segregation of duties is not feasible due to a limited number of resources, a team member is performing the functions of computer operator and reviewer of application logs. Which of the following would be the IS auditor’s BEST recommendation?

A. Develop procedures to verify that the application logs are not modified.
B. Prevent the operator from performing application development activities.
C. Assign an independent second reviewer to verify the application logs.
D. Restrict the computer operator’s access to the production environment.

Answer

A. Develop procedures to verify that the application logs are not modified.

CISA Question 2868

Question

Which of the following is the PRIMARY benefit of including IT management and staff when conducting control self-assessments (CSAs) within an organization?

A. It helps to identify risk to the business.
B. It improves the efficiency of business and IT operational processes.
C. It increases buy-in for more stringent controls.
D. It reduces the workload of external and internal auditors.

Answer

A. It helps to identify risk to the business.

CISA Question 2869

Question

Which of the following is the PRIMARY advantage of the IT portfolio management approach over the balanced scorecard approach when managing IT investments?

A. The influence of qualitative factors on investment decisions.
B. Agility in adjusting investment decisions.
C. Incorporation of organizational strategy in investment decisions.
D. Use of the organization’s risk appetite in investment decisions.

Answer

D. Use of the organization’s risk appetite in investment decisions.

CISA Question 2870

Question

The BEST way to evaluate a shared control environment is to obtain an assurance report and review which of the following?

A. Control self-assessment (CSA)
B. Service level agreement (SLA)
C. Master service agreement
D. Complementary user entity controls

Answer

C. Master service agreement

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.