The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3021
- Question
- Answer
- CISA Question 3022
- Question
- Answer
- CISA Question 3023
- Question
- Answer
- CISA Question 3024
- Question
- Answer
- CISA Question 3025
- Question
- Answer
- CISA Question 3026
- Question
- Answer
- CISA Question 3027
- Question
- Answer
- CISA Question 3028
- Question
- Answer
- CISA Question 3029
- Question
- Answer
- CISA Question 3030
- Question
- Answer
CISA Question 3021
Question
When auditing the IT governance of an organization planning to outsource a critical financial application to a cloud vendor, the MOST important consideration for the auditor should be:
A. the cost of the outsourced system.
B. the inclusion of a service termination clause.
C. alignment with industry standards.
D. alignment with business requirements.
Answer
D. alignment with business requirements.
CISA Question 3022
Question
Which of the following is MOST critical for the effective implementation of IT governance?
A. Internal auditor commitment
B. Supportive corporate culture
C. Strong risk management practices
D. Documented policies
Answer
B. Supportive corporate culture
CISA Question 3023
Question
An IS auditor is reviewing an organization’s network vulnerability scan results. Which of the following processes would the scan results MOST likely feed into?
A. Firewall maintenance
B. Patch management
C. Incident response
D. Traffic management
Answer
A. Firewall maintenance
CISA Question 3024
Question
An IS auditor determines that an online retailer processing credit card information does not have a data classification process. The auditor’s NEXT step should be to:
A. recommend encryption of all sensitive data at rest
B. determine existing controls around sensitive data
C. recommend the implementation of data loss prevention (DLP) tools
D. inquire if there have been any data loss incidents
Answer
B. determine existing controls around sensitive data
CISA Question 3025
Question
An organization has made a strategic decision to split into separate operating entities to improve profitability. However, the IT infrastructure remains shared between the entities. Which of the following would BEST help to ensure that IS audit still covers key risk areas within the IT environment as part of its annual plan?
A. Increasing the frequency of risk-based IS audits for each business entity
B. Revising IS audit plans to focus on IT changes introduced after the split
C. Conducting an audit of newly introduced IT policies and procedures
D. Developing a risk-based plan considering each entity’s business processes
Answer
D. Developing a risk-based plan considering each entity’s business processes
CISA Question 3026
Question
Software quality assurance (QA) reviews are planned as part of system development. At which stage in the development process should the first review be initiated?
A. At pre-implementation planning
B. As a part of the user requirements definition
C. Immediately prior to user acceptance testing
D. During the feasibility study
Answer
D. During the feasibility study
CISA Question 3027
Question
An organization was severely impacted after an advanced persistent threat (APT) attack. Afterwards, it was found that the initial breach happened a month prior to the attack. Management’s GREATEST concern should be:
A. results of the past internal penetration test
B. the effectiveness of monitoring processes
C. the installation of critical security patches
D. external firewall policies
Answer
B. the effectiveness of monitoring processes
CISA Question 3028
Question
An organization has outsourced some of its subprocesses to a service provider. When scoping the audit of the provider, the organization’s internal auditor should FIRST:
A. evaluate operational controls of the provider
B. discuss audit objectives with the provider
C. review internal audit reports of the provider
D. review the contract with the provider
Answer
B. discuss audit objectives with the provider
CISA Question 3029
Question
During a review of the IT strategic plan, an IS auditor finds several IT initiatives focused on delivering new systems and technology are not aligned with the organization’s strategy. Witch of the following would be the IS auditor’s BEST recommendation?
A. Reassess the return on investment for the IT initiatives
B. Modify IT initiatives that do not map to business strategies
C. Utilize a balanced scorecard to align IT initiatives to business strategies
D. Reassess IT initiatives that do not map business strategies
Answer
D. Reassess IT initiatives that do not map business strategies
CISA Question 3030
Question
The objectives of business process improvement should PRIMARILY include:
A. minimal impact on staff
B. incremental changes in productivity
C. changes of organizational boundaries
D. performance optimization
Answer
D. performance optimization