The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3171
- Question
- Answer
- CISA Question 3172
- Question
- Answer
- CISA Question 3173
- Question
- Answer
- CISA Question 3174
- Question
- Answer
- CISA Question 3175
- Question
- Answer
- CISA Question 3176
- Question
- Answer
- CISA Question 3177
- Question
- Answer
- CISA Question 3178
- Question
- Answer
- CISA Question 3179
- Question
- Answer
- CISA Question 3180
- Question
- Answer
CISA Question 3171
Question
Which of the following is an IS auditor’s BEST recommendation to help an organization increase the efficiency of computing resources?
A. Hardware upgrades
B. Virtualization
C. Real-time backups
D. Overclocking the central processing unit (CPU)
Answer
B. Virtualization
CISA Question 3172
Question
An IS auditor is reviewing an industrial control system (ICS) that uses older unsupported technology in the scope of an upcoming audit. What should the auditor consider the MOST significant concern?
A. Technical specifications are not documented.
B. Disaster recovery plans (DRPs) are not in place.
C. Attack vectors are evolving for industrial control systems.
D. There is a greater risk of system exploitation.
Answer
D. There is a greater risk of system exploitation.
CISA Question 3173
Question
An IS auditor is evaluating an organization’s IT strategy and plans. Which of the following would be of GREATEST concern?
A. There is inadequate documentation of IT strategic planning
B. IT is not engaged in business strategic planning
C. There is not a defined IT security policy
D. The business strategy meeting minutes are not disturbing
Answer
B. IT is not engaged in business strategic planning
CISA Question 3174
Question
Which of the following should be the FIRST step when planning an IS audit of a third-party service provider that monitors network activities?
A. Evaluate the organization’s third-party monitoring process
B. Determine if the organization has a secure connection to the provider
C. Review the roles and responsibilities of the third-party provider
D. Review the third party’s monitoring logs and incident handling
Answer
A. Evaluate the organization’s third-party monitoring process
CISA Question 3175
Question
After delivering an audit report, the audit manager discovers that evidence was overlooked during the audit. This evidence indicates that a procedural control may have failed and could contradict a conclusion of the audit. Which of the following risks is MOST affected by this oversight?
A. Inherent
B. Financial
C. Audit
D. Operational
Answer
D. Operational
CISA Question 3176
Question
Which of the following is the BEST ensures the quality and integrity of test procedures used in audit analytics?
A. Developing and communicating test procedure best practices to audit teams
B. Decentralizing procedures and implementing periodic peer review
C. Developing and implementing an audit data repository
D. Centralizing procedures and implementing change control
Answer
D. Centralizing procedures and implementing change control
CISA Question 3177
Question
External experts were used on a recent IT audit engagement. While assessing the external experts’ work, the internal audit team found some gaps in the evidence that may have impacted their conclusions. What is the internal audit team’s BEST course of action?
A. Engage another expert to conduct the same testing.
B. Recommend the external experts conduct additional testing.
C. Report a scope limitation in their conclusions.
D. Escalate to senior management.
Answer
B. Recommend the external experts conduct additional testing.
CISA Question 3178
Question
Which of the following should be of GREATEST concern to an IS auditor conducting a security review of a point-of-sale (POS) system?
A. Management of POS systems is outsourced to a vendor based in another country.
B. POS systems are not integrated with accounting applications for data transfer.
C. Credit card verification value (CVV) information is stored on local POS systems.
D. An optical scanner is not used to read bar codes for generating sales invoices.
Answer
B. POS systems are not integrated with accounting applications for data transfer.
CISA Question 3179
Question
An IS auditor is planning an audit of an organization’s accounts payable processes. Which of the following controls is MOST important to assess in the audit?
A. Management review and approval of purchase orders
B. Management review and approval of authorization tiers
C. Segregation of duties between issuing purchase orders and making payments
D. Segregation of duties between receiving invoices and setting authorization limits
Answer
C. Segregation of duties between issuing purchase orders and making payments
CISA Question 3180
Question
Which of the following is a PRIMARY role of an IS auditor in a control self-assessment (CSA) workshop?
A. Reporting results of the workshop and recommendations to management
B. Gathering background information prior to the ׀¡SA workshop
C. Analyzing gaps between control design and control framework
D. Assisting participants in evaluating risks and relevant controls
Answer
C. Analyzing gaps between control design and control framework