Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 27

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2871

Question

Which of the following is the BEST compensating control for a lack of proper segregation of duties in an IT department?

A. Authorization forms
B. Audit trail reviews
C. System activity logging
D. Control self-assessment (CSA)

Answer

C. System activity logging

CISA Question 2872

Question

Which of the following will MOST effectively help to manage the challenges associated with end user-developed application systems?

A. Developing classifications based on risk
B. Introducing redundant support capacity
C. Prohibiting creation of executable files
D. Applying control practices used by IT

Answer

D. Applying control practices used by IT

CISA Question 2873

Question

Which of the following would BEST provide executive management with current information on IT-related costs and IT performance indicators?

A. IT dashboard
B. Risk register
C. IT service-management plan
D. Continuous audit reports

Answer

A. IT dashboard

CISA Question 2874

Question

Which of the following should be reviewed as part of a data integrity test?

A. Completeness
B. Confidentiality
C. Data backup
D. Redundancy

Answer

A. Completeness

CISA Question 2875

Question

When testing segregation of duties, which of the following audit techniques provides the MOST reliable evidence?

A. Observing daily operations for the area in scope
B. Evaluating the department structure via the organizational chart
C. Reviewing departmental procedure handbooks
D. Interviewing managers and end users

Answer

A. Observing daily operations for the area in scope

CISA Question 2876

Question

Which of the following roles combined with the role of a database administrator (DBA) will create a segregation of duties conflict?

A. Quality assurance
B. Systems analyst
C. Application end user
D. Security administrator

Answer

D. Security administrator

CISA Question 2877

Question

The MOST effective way to determine if IT is meeting business requirements is to establish:

A. industry benchmarks.
B. organizational goals.
C. a capability model.
D. key performance indicators (KPIs).

Answer

D. key performance indicators (KPIs).

CISA Question 2878

Question

For mission-critical applications with a low recovery time objective (RTO), which of the following is the BEST backup strategy?

A. Frequent back-ups to tape
B. Mirroring
C. Use of virtual tape libraries
D. Archiving to conventional disk

Answer

B. Mirroring

CISA Question 2879

Question

Which of the following controls will BEST ensure that the board of directors receives sufficient information about IT?

A. The CIO reports on performance and corrective actions in a timely manner.
B. Regular meetings occur between the board, the CIO, and a technology committee.
C. The CIO regularly sends IT trend reports to the board.
D. Board members are knowledgeable about IT, and the CIO is consulted on IT issues.

Answer

D. Board members are knowledgeable about IT, and the CIO is consulted on IT issues.

CISA Question 2880

Question

Which of the following is the PRIMARY role of an IS auditor with regard to data privacy?

A. Ensuring compliance with data privacy laws
B. Communicating data privacy requirements to the organization
C. Drafting the organization’s data privacy policy
D. Verifying that privacy practices match privacy statements

Answer

A. Ensuring compliance with data privacy laws