The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3191
- Question
- Answer
- CISA Question 3192
- Question
- Answer
- CISA Question 3193
- Question
- Answer
- CISA Question 3194
- Question
- Answer
- CISA Question 3195
- Question
- Answer
- CISA Question 3196
- Question
- Answer
- CISA Question 3197
- Question
- Answer
- CISA Question 3198
- Question
- Answer
- CISA Question 3199
- Question
- Answer
- CISA Question 3200
- Question
- Answer
CISA Question 3191
Question
A company laptop has been stolen, and all photos on the laptop have been published on social media. Which of the following is the IS auditor’s BEST course of action?
A. Ensure that the appropriate authorities have been notified.
B. Review the photos to determine whether they were for business or personal purposes.
C. Verify the organization’s incident reporting policy was followed.
D. Determine if the laptop had the appropriate level of encryption.
Answer
C. Verify the organization’s incident reporting policy was followed.
CISA Question 3192
Question
Which of the following is the BEST way for an IS auditor to reduce sampling risk when performing audit sampling to verify the adequacy of an organization’s internal controls?
A. Outsource the sampling process.
B. Decrease the sampling size.
C. Lower the sample standard deviation.
D. Use a statistical sampling method.
Answer
D. Use a statistical sampling method.
CISA Question 3193
Question
An IS auditor is reviewing a banking mobile application that allows end users to perform financial transactions. Which of the following poses a security risk to the organization?
A. Unpatched security vulnerabilities in the mobile operating system
B. Outdated mobile network settings
C. Application programming interface (API) logic faults
D. Lack of strong device passwords
Answer
A. Unpatched security vulnerabilities in the mobile operating system
CISA Question 3194
Question
When an organization introduces virtualization into its architecture, which of the following should be an IS auditor’s PRIMARY area of focus to verify adequate protection?
A. Maintenance cycles
B. Multiple versions of the same operating system
C. Shared storage space
D. Host operating system configuration
Answer
C. Shared storage space
CISA Question 3195
Question
When evaluating the management practices at a third-party organization providing outsourced services, the IS auditor considers relying on an independent auditor’s report. The IS auditor would FIRST:
A. review the objectives of the audit.
B. examine the independent auditor’s workpapers.
C. discuss the report with the independent auditor.
D. determine if recommendations have been implemented.
Answer
A. review the objectives of the audit.
CISA Question 3196
Question
An IS auditor notes that IT and the business have different opinions on the availability of their application servers. Which of the following should the IS auditor review FIRST in order to understand the problem?
A. The regular performance-reporting documentation
B. The exact definition of the service levels and their measurement
C. The alerting and measurement process on the application servers
D. The actual availability of the servers as part of a substantive test
Answer
B. The exact definition of the service levels and their measurement
CISA Question 3197
Question
A review of IT interface controls finds an organization does not have a process to identify and correct records that do not get transferred to the receiving system.
Which of the following is the IS auditor’s BEST recommendation?
A. Implement software to perform automatic reconciliations of data between systems.
B. Enable automatic encryption, decryption, and electronic signing of data files.
C. Have coders perform manual reconciliation of data between systems.
D. Automate the transfer of data between systems as much as feasible.
Answer
A. Implement software to perform automatic reconciliations of data between systems.
CISA Question 3198
Question
Which of the following findings should be of GREATEST concern to an IS auditor reviewing the effectiveness of an organization’s problem management practices?
A. Problem records are prioritized based on the impact of incidents.
B. Some incidents are closed without problem resolution.
C. Root causes are not adequately identified.
D. Problems are frequently escalated to management for resolution.
Answer
C. Root causes are not adequately identified.
CISA Question 3199
Question
During an audit of an access control system, an IS auditor finds that RFID card readers are not connected via the network to a central server.
Which of the following is the GREATEST risk associated with this finding?
A. Lost or stolen cards cannot be disabled immediately.
B. Card reader firmware updates cannot be rolled out automatically.
C. The system is not easily scalable to accommodate a new device.
D. Incidents cannot be investigated without a centralized log file.
Answer
D. Incidents cannot be investigated without a centralized log file.
CISA Question 3200
Question
Which of the following is the MOST important operational aspect for an IS auditor to consider when assessing an assembly line with quality control sensors accessible via wireless technology?
A. Device updates
B. Resource utilization
C. Device security
D. Known vulnerabilities
Answer
C. Device security