Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 29

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3021

Question

When auditing the IT governance of an organization planning to outsource a critical financial application to a cloud vendor, the MOST important consideration for the auditor should be:

A. the cost of the outsourced system.
B. the inclusion of a service termination clause.
C. alignment with industry standards.
D. alignment with business requirements.

Answer

D. alignment with business requirements.

CISA Question 3022

Question

Which of the following is MOST critical for the effective implementation of IT governance?

A. Internal auditor commitment
B. Supportive corporate culture
C. Strong risk management practices
D. Documented policies

Answer

B. Supportive corporate culture

CISA Question 3023

Question

An IS auditor is reviewing an organization’s network vulnerability scan results. Which of the following processes would the scan results MOST likely feed into?

A. Firewall maintenance
B. Patch management
C. Incident response
D. Traffic management

Answer

A. Firewall maintenance

CISA Question 3024

Question

An IS auditor determines that an online retailer processing credit card information does not have a data classification process. The auditor’s NEXT step should be to:

A. recommend encryption of all sensitive data at rest
B. determine existing controls around sensitive data
C. recommend the implementation of data loss prevention (DLP) tools
D. inquire if there have been any data loss incidents

Answer

B. determine existing controls around sensitive data

CISA Question 3025

Question

An organization has made a strategic decision to split into separate operating entities to improve profitability. However, the IT infrastructure remains shared between the entities. Which of the following would BEST help to ensure that IS audit still covers key risk areas within the IT environment as part of its annual plan?

A. Increasing the frequency of risk-based IS audits for each business entity
B. Revising IS audit plans to focus on IT changes introduced after the split
C. Conducting an audit of newly introduced IT policies and procedures
D. Developing a risk-based plan considering each entity’s business processes

Answer

D. Developing a risk-based plan considering each entity’s business processes

CISA Question 3026

Question

Software quality assurance (QA) reviews are planned as part of system development. At which stage in the development process should the first review be initiated?

A. At pre-implementation planning
B. As a part of the user requirements definition
C. Immediately prior to user acceptance testing
D. During the feasibility study

Answer

D. During the feasibility study

CISA Question 3027

Question

An organization was severely impacted after an advanced persistent threat (APT) attack. Afterwards, it was found that the initial breach happened a month prior to the attack. Management’s GREATEST concern should be:

A. results of the past internal penetration test
B. the effectiveness of monitoring processes
C. the installation of critical security patches
D. external firewall policies

Answer

B. the effectiveness of monitoring processes

CISA Question 3028

Question

An organization has outsourced some of its subprocesses to a service provider. When scoping the audit of the provider, the organization’s internal auditor should FIRST:

A. evaluate operational controls of the provider
B. discuss audit objectives with the provider
C. review internal audit reports of the provider
D. review the contract with the provider

Answer

B. discuss audit objectives with the provider

CISA Question 3029

Question

During a review of the IT strategic plan, an IS auditor finds several IT initiatives focused on delivering new systems and technology are not aligned with the organization’s strategy. Witch of the following would be the IS auditor’s BEST recommendation?

A. Reassess the return on investment for the IT initiatives
B. Modify IT initiatives that do not map to business strategies
C. Utilize a balanced scorecard to align IT initiatives to business strategies
D. Reassess IT initiatives that do not map business strategies

Answer

D. Reassess IT initiatives that do not map business strategies

CISA Question 3030

Question

The objectives of business process improvement should PRIMARILY include:

A. minimal impact on staff
B. incremental changes in productivity
C. changes of organizational boundaries
D. performance optimization

Answer

D. performance optimization

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.