The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3101
- Question
- Answer
- CISA Question 3102
- Question
- Answer
- CISA Question 3103
- Question
- Answer
- CISA Question 3104
- Question
- Answer
- CISA Question 3105
- Question
- Answer
- CISA Question 3106
- Question
- Answer
- CISA Question 3107
- Question
- Answer
- CISA Question 3108
- Question
- Answer
- CISA Question 3109
- Question
- Answer
- CISA Question 3110
- Question
- Answer
CISA Question 3101
Question
Rather than decommission an entire legacy application, an organization’s IT department has chosen to replace specific modules while maintaining those still relevant. Which of the following artifacts is MOST important for an IS auditor to review?
A. IT service management catalog and service level requirements
B. Security requirements for legacy data masking and data destruction
C. Applicable licensing agreements for the application
D. Future state architecture and requirements
Answer
D. Future state architecture and requirements
CISA Question 3102
Question
Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system. What is the BEST control to ensure that data are accurately entered into the system?
A. Reasonableness checks for each cost type
B. Validity checks, preventing entry of character data
C. Display back of project detail after entry
D. Reconciliation of total amounts by project
Answer
D. Reconciliation of total amounts by project
CISA Question 3103
Question
To help ensure the accuracy and completeness of end-user computing output, it is MOST important to include strong:
A. reconciliation controls.
B. change management controls.
C. access management controls.
D. documentation controls.
Answer
A. reconciliation controls.
CISA Question 3104
Question
An IS auditor has completed a service level management audit related to order management services provided by a third party. Which of the following is the MOST significant finding?
A. The third party has offshore support arrangements.
B. Penalties for missing service levels are limited.
C. The service level agreement does not define how availability is measured.
D. Service desk support is not available outside the company’s business hours.
Answer
B. Penalties for missing service levels are limited.
CISA Question 3105
Question
Management decided to accept the residual risk of an audit finding and not take the recommended actions. The internal audit team believes the acceptance is inappropriate and has discussed the situation with executive management. After this discussion, there is still disagreement regarding the decision. Which of the following is the BEST course of action by internal audit?
A. Report this matter to the audit committee without notifying executive management.
B. Document in the audit report that management has accepted the residual risk and take no further actions.
C. Report the issue to the audit committee in a joint meeting with executive management for resolution.
D. Schedule another meeting with executive management to convince them of taking action as recommended.
Answer
C. Report the issue to the audit committee in a joint meeting with executive management for resolution.
CISA Question 3106
Question
Which of the following is the MOST effective means of helping management and the IT strategy committee to monitor IT performance?
A. End-user satisfaction surveys
B. Gap analysis
C. Measurement of service levels against metrics
D. Infrastructure monitoring reports
Answer
C. Measurement of service levels against metrics
CISA Question 3107
Question
An IS auditor has been asked to advise on the design and implementation of IT management best practices. Which of the following actions would impair the auditor’s independence?
A. Providing consulting advice for managing applications
B. Designing an embedded audit module
C. Implementing risk response on management’s behalf
D. Evaluating the risk management process
Answer
C. Implementing risk response on management’s behalf
CISA Question 3108
Question
An organization was recently notified by its regulatory body of significant discrepancies in its reporting data. A preliminary investigation revealed that the discrepancies were caused by problems with the organization’s data quality. Management has directed the data quality team to enhance their program. The audit committee has asked internal audit to be advisors to the process. To ensure that management concerns are addressed, which data set should internal audit recommend be reviewed FIRST?
A. Data impacting business objectives
B. Data supporting financial statements
C. Data reported to the regulatory body
D. Data with customer personal information
Answer
A. Data impacting business objectives
CISA Question 3109
Question
Which of the following is the BEST way for management to ensure the effectiveness of the cybersecurity incident response process?
A. Periodic update of incident response process documentation
B. Periodic reporting of cybersecurity incidents to key stakeholders
C. Periodic tabletop exercises involving key stakeholders
D. Periodic cybersecurity training for staff involved in incident response
Answer
C. Periodic tabletop exercises involving key stakeholders
CISA Question 3110
Question
Which of the following is the BEST source for describing the objectives of an organization’s information systems?
A. Business process owners
B. End users
C. IT management
D. Information security management
Answer
D. Information security management