Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 30

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3171

Question

Which of the following is an IS auditor’s BEST recommendation to help an organization increase the efficiency of computing resources?

A. Hardware upgrades
B. Virtualization
C. Real-time backups
D. Overclocking the central processing unit (CPU)

Answer

B. Virtualization

CISA Question 3172

Question

An IS auditor is reviewing an industrial control system (ICS) that uses older unsupported technology in the scope of an upcoming audit. What should the auditor consider the MOST significant concern?

A. Technical specifications are not documented.
B. Disaster recovery plans (DRPs) are not in place.
C. Attack vectors are evolving for industrial control systems.
D. There is a greater risk of system exploitation.

Answer

D. There is a greater risk of system exploitation.

CISA Question 3173

Question

An IS auditor is evaluating an organization’s IT strategy and plans. Which of the following would be of GREATEST concern?

A. There is inadequate documentation of IT strategic planning
B. IT is not engaged in business strategic planning
C. There is not a defined IT security policy
D. The business strategy meeting minutes are not disturbing

Answer

B. IT is not engaged in business strategic planning

CISA Question 3174

Question

Which of the following should be the FIRST step when planning an IS audit of a third-party service provider that monitors network activities?

A. Evaluate the organization’s third-party monitoring process
B. Determine if the organization has a secure connection to the provider
C. Review the roles and responsibilities of the third-party provider
D. Review the third party’s monitoring logs and incident handling

Answer

A. Evaluate the organization’s third-party monitoring process

CISA Question 3175

Question

After delivering an audit report, the audit manager discovers that evidence was overlooked during the audit. This evidence indicates that a procedural control may have failed and could contradict a conclusion of the audit. Which of the following risks is MOST affected by this oversight?

A. Inherent
B. Financial
C. Audit
D. Operational

Answer

D. Operational

CISA Question 3176

Question

Which of the following is the BEST ensures the quality and integrity of test procedures used in audit analytics?

A. Developing and communicating test procedure best practices to audit teams
B. Decentralizing procedures and implementing periodic peer review
C. Developing and implementing an audit data repository
D. Centralizing procedures and implementing change control

Answer

D. Centralizing procedures and implementing change control

CISA Question 3177

Question

External experts were used on a recent IT audit engagement. While assessing the external experts’ work, the internal audit team found some gaps in the evidence that may have impacted their conclusions. What is the internal audit team’s BEST course of action?

A. Engage another expert to conduct the same testing.
B. Recommend the external experts conduct additional testing.
C. Report a scope limitation in their conclusions.
D. Escalate to senior management.

Answer

B. Recommend the external experts conduct additional testing.

CISA Question 3178

Question

Which of the following should be of GREATEST concern to an IS auditor conducting a security review of a point-of-sale (POS) system?

A. Management of POS systems is outsourced to a vendor based in another country.
B. POS systems are not integrated with accounting applications for data transfer.
C. Credit card verification value (CVV) information is stored on local POS systems.
D. An optical scanner is not used to read bar codes for generating sales invoices.

Answer

B. POS systems are not integrated with accounting applications for data transfer.

CISA Question 3179

Question

An IS auditor is planning an audit of an organization’s accounts payable processes. Which of the following controls is MOST important to assess in the audit?

A. Management review and approval of purchase orders
B. Management review and approval of authorization tiers
C. Segregation of duties between issuing purchase orders and making payments
D. Segregation of duties between receiving invoices and setting authorization limits

Answer

C. Segregation of duties between issuing purchase orders and making payments

CISA Question 3180

Question

Which of the following is a PRIMARY role of an IS auditor in a control self-assessment (CSA) workshop?

A. Reporting results of the workshop and recommendations to management
B. Gathering background information prior to the ׀¡SA workshop
C. Analyzing gaps between control design and control framework
D. Assisting participants in evaluating risks and relevant controls

Answer

C. Analyzing gaps between control design and control framework

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker