Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 30

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3101

Question

Rather than decommission an entire legacy application, an organization’s IT department has chosen to replace specific modules while maintaining those still relevant. Which of the following artifacts is MOST important for an IS auditor to review?

A. IT service management catalog and service level requirements
B. Security requirements for legacy data masking and data destruction
C. Applicable licensing agreements for the application
D. Future state architecture and requirements

Answer

D. Future state architecture and requirements

CISA Question 3102

Question

Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system. What is the BEST control to ensure that data are accurately entered into the system?

A. Reasonableness checks for each cost type
B. Validity checks, preventing entry of character data
C. Display back of project detail after entry
D. Reconciliation of total amounts by project

Answer

D. Reconciliation of total amounts by project

CISA Question 3103

Question

To help ensure the accuracy and completeness of end-user computing output, it is MOST important to include strong:

A. reconciliation controls.
B. change management controls.
C. access management controls.
D. documentation controls.

Answer

A. reconciliation controls.

CISA Question 3104

Question

An IS auditor has completed a service level management audit related to order management services provided by a third party. Which of the following is the MOST significant finding?

A. The third party has offshore support arrangements.
B. Penalties for missing service levels are limited.
C. The service level agreement does not define how availability is measured.
D. Service desk support is not available outside the company’s business hours.

Answer

B. Penalties for missing service levels are limited.

CISA Question 3105

Question

Management decided to accept the residual risk of an audit finding and not take the recommended actions. The internal audit team believes the acceptance is inappropriate and has discussed the situation with executive management. After this discussion, there is still disagreement regarding the decision. Which of the following is the BEST course of action by internal audit?

A. Report this matter to the audit committee without notifying executive management.
B. Document in the audit report that management has accepted the residual risk and take no further actions.
C. Report the issue to the audit committee in a joint meeting with executive management for resolution.
D. Schedule another meeting with executive management to convince them of taking action as recommended.

Answer

C. Report the issue to the audit committee in a joint meeting with executive management for resolution.

CISA Question 3106

Question

Which of the following is the MOST effective means of helping management and the IT strategy committee to monitor IT performance?

A. End-user satisfaction surveys
B. Gap analysis
C. Measurement of service levels against metrics
D. Infrastructure monitoring reports

Answer

C. Measurement of service levels against metrics

CISA Question 3107

Question

An IS auditor has been asked to advise on the design and implementation of IT management best practices. Which of the following actions would impair the auditor’s independence?

A. Providing consulting advice for managing applications
B. Designing an embedded audit module
C. Implementing risk response on management’s behalf
D. Evaluating the risk management process

Answer

C. Implementing risk response on management’s behalf

CISA Question 3108

Question

An organization was recently notified by its regulatory body of significant discrepancies in its reporting data. A preliminary investigation revealed that the discrepancies were caused by problems with the organization’s data quality. Management has directed the data quality team to enhance their program. The audit committee has asked internal audit to be advisors to the process. To ensure that management concerns are addressed, which data set should internal audit recommend be reviewed FIRST?

A. Data impacting business objectives
B. Data supporting financial statements
C. Data reported to the regulatory body
D. Data with customer personal information

Answer

A. Data impacting business objectives

CISA Question 3109

Question

Which of the following is the BEST way for management to ensure the effectiveness of the cybersecurity incident response process?

A. Periodic update of incident response process documentation
B. Periodic reporting of cybersecurity incidents to key stakeholders
C. Periodic tabletop exercises involving key stakeholders
D. Periodic cybersecurity training for staff involved in incident response

Answer

C. Periodic tabletop exercises involving key stakeholders

CISA Question 3110

Question

Which of the following is the BEST source for describing the objectives of an organization’s information systems?

A. Business process owners
B. End users
C. IT management
D. Information security management

Answer

D. Information security management

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker