Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 31

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3201

Question

Which of the following should an IS auditor review FIRST when evaluating a business process for auditing?

A. Evidence that IS-related controls are operating effectively
B. Competence of the personnel performing the process
C. Assignment of responsibility for process management
D. Design and implementation of controls

Answer

D. Design and implementation of controls

CISA Question 3202

Question

Which of the following is the MOST appropriate responsibility of an IS auditor involved in a data center renovation project?

A. Performing independent reviews of responsible parties engaged in the project
B. Ensuring the project progresses as scheduled and milestones are achieved
C. Shortlisting vendors to perform renovations
D. Approving the design of controls for the data center

Answer

A. Performing independent reviews of responsible parties engaged in the project

CISA Question 3203

Question

Which of the following should be established FIRST when initiating a control self-assessment (CSA) program in a small organization?

A. Control register
B. Staff questionnaires
C. Assessor competency
D. Facilitated workshops

Answer

B. Staff questionnaires

CISA Question 3204

Question

What is the BEST strategy to prioritize work when planning a follow-up audit?

A. Target risks that are most easily mitigated.
B. Agree on priorities with risk owners.
C. Target the areas of highest risk.
D. Target risks not reported as mitigated by risk owners.

Answer

B. Agree on priorities with risk owners.

CISA Question 3205

Question

An IS audit team is planning to rely on a system-generated report to reduce the substantive procedures they will need to perform. Which of the following procedures should the IS auditor perform to verify the completeness of the report?

A. Test data for appropriateness.
B. Validate the report query.
C. Establish some criteria for expected results and compare to actual results.
D. Trace a sample of transactions to the internal transactions.

Answer

A. Test data for appropriateness.

CISA Question 3206

Question

An IS auditor reviewing a financial organization’s identity management solution found that some critical business applications do not have identified owners. Which of the following should the auditor do NEXT?

A. Request a business risk acceptance.
B. Discuss the issue with the auditee.
C. Write a finding in the audit report.
D. Revoke access rights to the critical applications.

Answer

B. Discuss the issue with the auditee.

CISA Question 3207

Question

Which of the following BEST indicates to an IS auditor that an IT-related project will deliver value to the organization?

A. The cost of the project is within the organization’s risk appetite.
B. The project will use existing infrastructure to deliver services.
C. Competitors are considering similar IT-based solutions.
D. Requirements are based on stakeholder expectations.

Answer

D. Requirements are based on stakeholder expectations.

CISA Question 3208

Question

An external IS auditor is reviewing the continuous monitoring system for a large bank and notes several potential issues. Which of the following would present the GREATEST concern regarding the reliability of the monitoring system?

A. The system results are not regularly reviewed by management.
B. The measurement method is periodically varied.
C. The monitoring system was configured by internal auditors.
D. The alert threshold is updated periodically.

Answer

A. The system results are not regularly reviewed by management.

CISA Question 3209

Question

An IS auditor is evaluating networked devices at one of the organization’s branch locations. Which of the following observations should be of GREATEST concern?

A. Personal devices are required to connect wirelessly to a guest network.
B. A local executive has a wireless-enabled fish tank connected to the corporate network.
C. Company laptops with built-in cameras are observed with opaque tape blocking the cameras.
D. Four personal laptops with default passwords are connected to the corporate network.

Answer

D. Four personal laptops with default passwords are connected to the corporate network.

CISA Question 3210

Question

An IS auditor has found that despite an increase in phishing attacks over the past two years, there has been a significant decrease in the success rate. Which of the following is the MOST likely reason for this decline?

A. Implementation of an intrusion detection system (IDS)
B. Development of an incident response plan
C. Enhanced training for incident responders
D. Implementation of a security awareness program

Answer

D. Implementation of a security awareness program

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.