Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 30

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3191

Question

A company laptop has been stolen, and all photos on the laptop have been published on social media. Which of the following is the IS auditor’s BEST course of action?

A. Ensure that the appropriate authorities have been notified.
B. Review the photos to determine whether they were for business or personal purposes.
C. Verify the organization’s incident reporting policy was followed.
D. Determine if the laptop had the appropriate level of encryption.

Answer

C. Verify the organization’s incident reporting policy was followed.

CISA Question 3192

Question

Which of the following is the BEST way for an IS auditor to reduce sampling risk when performing audit sampling to verify the adequacy of an organization’s internal controls?

A. Outsource the sampling process.
B. Decrease the sampling size.
C. Lower the sample standard deviation.
D. Use a statistical sampling method.

Answer

D. Use a statistical sampling method.

CISA Question 3193

Question

An IS auditor is reviewing a banking mobile application that allows end users to perform financial transactions. Which of the following poses a security risk to the organization?

A. Unpatched security vulnerabilities in the mobile operating system
B. Outdated mobile network settings
C. Application programming interface (API) logic faults
D. Lack of strong device passwords

Answer

A. Unpatched security vulnerabilities in the mobile operating system

CISA Question 3194

Question

When an organization introduces virtualization into its architecture, which of the following should be an IS auditor’s PRIMARY area of focus to verify adequate protection?

A. Maintenance cycles
B. Multiple versions of the same operating system
C. Shared storage space
D. Host operating system configuration

Answer

C. Shared storage space

CISA Question 3195

Question

When evaluating the management practices at a third-party organization providing outsourced services, the IS auditor considers relying on an independent auditor’s report. The IS auditor would FIRST:

A. review the objectives of the audit.
B. examine the independent auditor’s workpapers.
C. discuss the report with the independent auditor.
D. determine if recommendations have been implemented.

Answer

A. review the objectives of the audit.

CISA Question 3196

Question

An IS auditor notes that IT and the business have different opinions on the availability of their application servers. Which of the following should the IS auditor review FIRST in order to understand the problem?

A. The regular performance-reporting documentation
B. The exact definition of the service levels and their measurement
C. The alerting and measurement process on the application servers
D. The actual availability of the servers as part of a substantive test

Answer

B. The exact definition of the service levels and their measurement

CISA Question 3197

Question

A review of IT interface controls finds an organization does not have a process to identify and correct records that do not get transferred to the receiving system.
Which of the following is the IS auditor’s BEST recommendation?

A. Implement software to perform automatic reconciliations of data between systems.
B. Enable automatic encryption, decryption, and electronic signing of data files.
C. Have coders perform manual reconciliation of data between systems.
D. Automate the transfer of data between systems as much as feasible.

Answer

A. Implement software to perform automatic reconciliations of data between systems.

CISA Question 3198

Question

Which of the following findings should be of GREATEST concern to an IS auditor reviewing the effectiveness of an organization’s problem management practices?

A. Problem records are prioritized based on the impact of incidents.
B. Some incidents are closed without problem resolution.
C. Root causes are not adequately identified.
D. Problems are frequently escalated to management for resolution.

Answer

C. Root causes are not adequately identified.

CISA Question 3199

Question

During an audit of an access control system, an IS auditor finds that RFID card readers are not connected via the network to a central server.
Which of the following is the GREATEST risk associated with this finding?

A. Lost or stolen cards cannot be disabled immediately.
B. Card reader firmware updates cannot be rolled out automatically.
C. The system is not easily scalable to accommodate a new device.
D. Incidents cannot be investigated without a centralized log file.

Answer

D. Incidents cannot be investigated without a centralized log file.

CISA Question 3200

Question

Which of the following is the MOST important operational aspect for an IS auditor to consider when assessing an assembly line with quality control sensors accessible via wireless technology?

A. Device updates
B. Resource utilization
C. Device security
D. Known vulnerabilities

Answer

C. Device security

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker