Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 30

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3151

Question

Which of the following would be the MOST important information to include in a business case for an information security project in a highly regulated industry?

A. Industry comparison analysis
B. Critical audit findings
C. Compliance risk assessment
D. Number of reported security incidents

Answer

C. Compliance risk assessment

CISA Question 3152

Question

The MAIN purpose of documenting information security guidelines for use within a large, international organization is to:

A. ensure that all business units have the same strategic security goals
B. provide evidence for auditors that security practices are adequate
C. explain the organization’s preferred practices for security
D. ensure that all business units implement identical security procedures

Answer

A. ensure that all business units have the same strategic security goals

CISA Question 3153

Question

An organization which uses external cloud services extensively is concerned with risk monitoring and timely response. The BEST way to address this concern is to ensure:

A. the availability of continuous technical support
B. internal security standards are in place
C. a right-to-audit clause is included in contracts
D. appropriate service level agreements (SLAs) are in place

Answer

A. the availability of continuous technical support

CISA Question 3154

Question

Which of the following is the BEST approach to make strategic information security decisions?

A. Establish regular information security status reporting
B. Establish business unit security working groups
C. Establish periodic senior management meetings
D. Establish an information security steering committee

Answer

D. Establish an information security steering committee

CISA Question 3155

Question

An organization’s information security department is creating procedures for handling digital evidence that may be used in court. Which of the following would be the MOST important consideration from a risk standpoint?

A. Ensuring the entire security team reviews the evidence
B. Ensuring that analysis is conducted on the original data
C. Ensuring the original data is kept confidential
D. Ensuring the integrity of the data is preserved

Answer

D. Ensuring the integrity of the data is preserved

CISA Question 3156

Question

An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?

A. Requiring policy acknowledgment and nondisclosure agreements signed by employees
B. Providing education and guidelines to employees on use of social networking sites
C. Establishing strong access controls on confidential data
D. Monitoring employees’ social networking usage

Answer

B. Providing education and guidelines to employees on use of social networking sites

CISA Question 3157

Question

Which of the following requires a consensus by key stakeholders on IT strategic goals and objectives?

A. Balanced scorecards
B. Benchmarking
C. Maturity models
D. Peer reviews

Answer

A. Balanced scorecards

CISA Question 3158

Question

Which of the following should be of GREATEST concern to an IS auditor planning to employ data analytics in an upcoming audit?

A. There is no documented data model
B. Data is from the previous reporting period
C. Available data is incomplete
D. Data fields are used for multiple purposes

Answer

B. Data is from the previous reporting period

CISA Question 3159

Question

What would be of GREATEST concern to an IS auditor reviewing end-user computing (EUC) spreadsheets used for financial reporting in which version control is enforced?

A. Access requests are processed manually
B. Spreadsheets are maintained in various locations
C. Spreadsheet owners are only reviewed annually
D. Spreadsheets are not password protected

Answer

B. Spreadsheets are maintained in various locations

CISA Question 3160

Question

An IS auditor noted that a change to a critical calculation was placed into the production environment without being tested. Which of the following is the BEST way to obtain assurance that the calculation functions correctly?

A. Check regular execution of the calculation batch job
B. Perform substantive testing using computer-assisted audit techniques (CAATs)
C. Obtain post-change approval from management
D. Interview the lead system developer

Answer

B. Perform substantive testing using computer-assisted audit techniques (CAATs)

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker