ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 30

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 3111

Question

An IS auditor can BEST help management fulfill risk management responsibilities by:

A. highlighting specific risks not being addressed.
B. ensuring the roles for managing IT risk are defined.
C. developing an IT risk management framework.
D. adopting a mechanism for reporting issues.

Answer

C. developing an IT risk management framework.

CISA Question 3112

Question

The chief information officer (CIO) of an organization is concerned that the information security policies may not be comprehensive. Which of the following should an IS auditor recommend be performed FIRST?

A. Obtain a copy of their competitor’s policies.
B. Determine if there is a process to handle exceptions to the policies.
C. Establish a governance board to track compliance with the policies.
D. Compare the policies against an industry framework.

Answer

C. Establish a governance board to track compliance with the policies.

CISA Question 3113

Question

Which of the following groups is MOST likely responsible for the implementation of IT projects?

A. IT steering committee
B. IT compliance committee
C. IT strategy committee
D. IT governance committee

Answer

A. IT steering committee

CISA Question 3114

Question

Which of the following is a key success factor for implementing IT governance?

A. Embedding quality assurance processes
B. Establishing an IT governance committee
C. Aligning IT and business strategies
D. Delivering IT projects within budget

Answer

C. Aligning IT and business strategies

CISA Question 3115

Question

An IT governance framework provides an organization with:

A. a basis for directing and controlling IT.
B. assurance that there will be IT cost reductions.
C. organizational structures to enlarge the market share through IT.
D. assurance that there are surplus IT investments.

Answer

A. a basis for directing and controlling IT.

CISA Question 3116

Question

The MOST important reason why an IT risk assessment should be updated on a regular basis is to:

A. utilize IT resources in a cost-effective manner
B. comply with data classification changes
C. comply with risk management policies
D. react to changes in the IT environment

Answer

D. react to changes in the IT environment

CISA Question 3117

Question

In attribute sampling, what is the relationship between expected error rate and sample size?

A. The expected error rate does not affect the sample size
B. The greater the expected error rate, the smaller the sample size
C. The greater the expected error rate, the greater the sample size
D. The greater the sample size, the lower the expected error rate

Answer

C. The greater the expected error rate, the greater the sample size

CISA Question 3118

Question

Which of the following would be MOST time and cost efficient when performing a control self-assessment (CSA) for an organization with a large number of widely dispersed employees?

A. Top-down and bottom-up analysis
B. Face-to-face interviews
C. Survey questionnaire
D. Facilitated workshops

Answer

C. Survey questionnaire

CISA Question 3119

Question

The decision to accept an IT control risk related to data quality should be the responsibility of the:

A. information security team
B. chief information officer (CIO)
C. business owner
D. IS audit manager

Answer

C. business owner

CISA Question 3120

Question

Which of the following is the MAIN purpose of data classification?

A. Applying the appropriate protective measures
B. Ensuring the segregation of duties
C. Defining parameter requirements for security labels
D. Ensuring integrity of sensitive information

Answer

A. Applying the appropriate protective measures