The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3201
- Question
- Answer
- CISA Question 3202
- Question
- Answer
- CISA Question 3203
- Question
- Answer
- CISA Question 3204
- Question
- Answer
- CISA Question 3205
- Question
- Answer
- CISA Question 3206
- Question
- Answer
- CISA Question 3207
- Question
- Answer
- CISA Question 3208
- Question
- Answer
- CISA Question 3209
- Question
- Answer
- CISA Question 3210
- Question
- Answer
CISA Question 3201
Question
Which of the following should an IS auditor review FIRST when evaluating a business process for auditing?
A. Evidence that IS-related controls are operating effectively
B. Competence of the personnel performing the process
C. Assignment of responsibility for process management
D. Design and implementation of controls
Answer
D. Design and implementation of controls
CISA Question 3202
Question
Which of the following is the MOST appropriate responsibility of an IS auditor involved in a data center renovation project?
A. Performing independent reviews of responsible parties engaged in the project
B. Ensuring the project progresses as scheduled and milestones are achieved
C. Shortlisting vendors to perform renovations
D. Approving the design of controls for the data center
Answer
A. Performing independent reviews of responsible parties engaged in the project
CISA Question 3203
Question
Which of the following should be established FIRST when initiating a control self-assessment (CSA) program in a small organization?
A. Control register
B. Staff questionnaires
C. Assessor competency
D. Facilitated workshops
Answer
B. Staff questionnaires
CISA Question 3204
Question
What is the BEST strategy to prioritize work when planning a follow-up audit?
A. Target risks that are most easily mitigated.
B. Agree on priorities with risk owners.
C. Target the areas of highest risk.
D. Target risks not reported as mitigated by risk owners.
Answer
B. Agree on priorities with risk owners.
CISA Question 3205
Question
An IS audit team is planning to rely on a system-generated report to reduce the substantive procedures they will need to perform. Which of the following procedures should the IS auditor perform to verify the completeness of the report?
A. Test data for appropriateness.
B. Validate the report query.
C. Establish some criteria for expected results and compare to actual results.
D. Trace a sample of transactions to the internal transactions.
Answer
A. Test data for appropriateness.
CISA Question 3206
Question
An IS auditor reviewing a financial organization’s identity management solution found that some critical business applications do not have identified owners. Which of the following should the auditor do NEXT?
A. Request a business risk acceptance.
B. Discuss the issue with the auditee.
C. Write a finding in the audit report.
D. Revoke access rights to the critical applications.
Answer
B. Discuss the issue with the auditee.
CISA Question 3207
Question
Which of the following BEST indicates to an IS auditor that an IT-related project will deliver value to the organization?
A. The cost of the project is within the organization’s risk appetite.
B. The project will use existing infrastructure to deliver services.
C. Competitors are considering similar IT-based solutions.
D. Requirements are based on stakeholder expectations.
Answer
D. Requirements are based on stakeholder expectations.
CISA Question 3208
Question
An external IS auditor is reviewing the continuous monitoring system for a large bank and notes several potential issues. Which of the following would present the GREATEST concern regarding the reliability of the monitoring system?
A. The system results are not regularly reviewed by management.
B. The measurement method is periodically varied.
C. The monitoring system was configured by internal auditors.
D. The alert threshold is updated periodically.
Answer
A. The system results are not regularly reviewed by management.
CISA Question 3209
Question
An IS auditor is evaluating networked devices at one of the organization’s branch locations. Which of the following observations should be of GREATEST concern?
A. Personal devices are required to connect wirelessly to a guest network.
B. A local executive has a wireless-enabled fish tank connected to the corporate network.
C. Company laptops with built-in cameras are observed with opaque tape blocking the cameras.
D. Four personal laptops with default passwords are connected to the corporate network.
Answer
D. Four personal laptops with default passwords are connected to the corporate network.
CISA Question 3210
Question
An IS auditor has found that despite an increase in phishing attacks over the past two years, there has been a significant decrease in the success rate. Which of the following is the MOST likely reason for this decline?
A. Implementation of an intrusion detection system (IDS)
B. Development of an incident response plan
C. Enhanced training for incident responders
D. Implementation of a security awareness program
Answer
D. Implementation of a security awareness program