Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 28

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2951

Question

Which of the following findings should be of MOST concern to an IS auditor when evaluating information security governance within an organization?

A. The data center manager has final sign-off on security projects.
B. The information security oversight committee meets quarterly.
C. The information security department has difficulty filling vacancies.
D. Information security policies were last updated two years ago.

Answer

C. The information security department has difficulty filling vacancies.

CISA Question 2952

Question

Which of the following is MOST important for an IS auditor to consider during a review of the IT governance of an organization?

A. Funding allocations
B. Risk management methodology
C. Defined service levels
D. Decision making responsibilities

Answer

C. Defined service levels

CISA Question 2953

Question

Which of the following is the MOST appropriate action to formalize IT governance in an organization?

A. Evaluating the IT strategy
B. Modifying IT goals and strategy
C. Establishing an IT steering committee
D. Implementing risk management

Answer

C. Establishing an IT steering committee

CISA Question 2954

Question

Which of the following is the MOST important benefit of involving IS audit when implementing governance of enterprise IT?

A. Identifying relevant roles for an enterprise IT governance framework
B. Verifying that legal, regulatory and contractual requirements are being met
C. Making decisions regarding risk response and monitoring of residual risk
D. Providing independent and objective feedback to facilitate improvement of IT processes

Answer

D. Providing independent and objective feedback to facilitate improvement of IT processes

CISA Question 2955

Question

When reviewing an organization’s IT governance processes, which of the following provides the BEST indication that information security expectations are being met at all levels?

A. Achievement of established security metrics
B. Approval of the security program by senior management
C. Utilization of an internationally recognized security standard
D. Implementation of a comprehensive security awareness program

Answer

A. Achievement of established security metrics

CISA Question 2956

Question

Which of the following findings would have the GREATEST impact on the objective of a business intelligence system?

A. Key control have not been tested in a year.
B. Decision support queries use database functions proprietary to the vendor.
C. The hot site for disaster recovery does not include the decision support system.
D. Management reports have not been evaluated since implementation.

Answer

D. Management reports have not been evaluated since implementation.

CISA Question 2957

Question

Which of the following is the FIRST step when conducting a business impact analysis (BIA)?

A. Identifying critical information resources
B. Identifying events impacting continuity of operations
C. Analyzing past transaction volumes
D. Creating a data classification scheme

Answer

A. Identifying critical information resources

CISA Question 2958

Question

Which of the following would BEST enable alignment of IT with business objectives?

A. Leveraging an IT framework
B. Completing an IT risk assessment
C. Adopting industry best practices
D. Monitoring key performance indicators (KPIs)

Answer

D. Monitoring key performance indicators (KPIs)

CISA Question 2959

Question

Which of the following human resources management practices BEST leads to the detection of fraudulent activity?

A. Background checks
B. Time reporting
C. Employee code of ethics
D. Mandatory time off

Answer

D. Mandatory time off

CISA Question 2960

Question

Which of the following is MOST important to ensure when planning a black box penetration test?

A. The test results will be documented and communicated to management.
B. Diagrams of the organization’s network architecture are available.
C. The environment and penetration test scope have been determined.
D. The management of the client organization is aware of the testing.

Answer

C. The environment and penetration test scope have been determined.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.