The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3291
- Question
- Answer
- CISA Question 3292
- Question
- Answer
- CISA Question 3293
- Question
- Answer
- CISA Question 3294
- Question
- Answer
- CISA Question 3295
- Question
- Answer
- CISA Question 3296
- Question
- Answer
- CISA Question 3297
- Question
- Answer
- CISA Question 3298
- Question
- Answer
- CISA Question 3299
- Question
- Answer
- CISA Question 3300
- Question
- Answer
CISA Question 3291
Question
During a follow-up audit for a finding related to change management, an IS auditor notes that one of the changes sampled was an emergency change, which follows a different process. Which of the following is the auditor’s BEST course of action?
A. Mark the sample as not applicable in the workpaper and move or to testing the next sample.
B. Select a replacement change for testing.
C. Obtain evidence that the change was approved.
D. Note the sample as a deviation and leave the finding open in the audit tracking log.
Answer
A. Mark the sample as not applicable in the workpaper and move or to testing the next sample.
CISA Question 3292
Question
An IS auditor observed that most users do not comply with physical access controls. The business manager has explained that the control design is inefficient.
What is the auditor’s BEST course of action?
A. Recommend changing the access control process to increase efficiency.
B. Identify the impact of control failure and report the finding with a risk rating.
C. Redesign and retest the physical access control.
D. Work with management to design and implement a better control.
Answer
B. Identify the impact of control failure and report the finding with a risk rating.
CISA Question 3293
Question
Which of the following activities should an IS auditor perform FIRST during an external network security assessment?
A. Exploitation
B. Enumeration
C. Vulnerability scanning
D. Reconnaissance
Answer
B. Enumeration
CISA Question 3294
Question
Which of the following auditing techniques would be used to detect the validity of a credit card transaction based on time, location, and date of purchase?
A. Benford’s analysis
B. Gap analysis
C. Stratified sampling
D. Data mining
Answer
A. Benford’s analysis
CISA Question 3295
Question
An audit group is conducting a risk assessment as part of a risk-based audit strategy. To help ensure the risk assessment results are relevant to the organization, it is MOST important to:
A. understand the organization’s objectives and risk appetite.
B. include operational departments and processes.
C. determine both the inherent risk and detection risk.
D. understand the organization’s controls.
Answer
A. understand the organization’s objectives and risk appetite.
CISA Question 3296
Question
An organization migrated most of its physical servers to virtual ones in its own data center. Which of the following should be of GREATEST concern to an IS auditor reviewing the virtual environment?
A. Hypervisor access control lists are outdated.
B. The configuration management database (CMDB) does not include all virtual machines.
C. Hypervisors have not been updated with the most recent patches.
D. Virtual machine deployments are done without following an approved template.
Answer
D. Virtual machine deployments are done without following an approved template.
CISA Question 3297
Question
During an integrated audit at a retail bank, an IS auditor is evaluating whether monthly service fees are appropriately charged for business accounts and waived for individual consumer accounts. Which of the following test approaches would utilize data analytics to facilitate the testing?
A. Attempt to charge a monthly service fee to an individual consumer account.
B. Evaluate whether user acceptance testing plans were designed and executed appropriately.
C. Review customer accounts over the last year to determine whether appropriate charges were applied.
D. Compare the system configuration settings with the business requirements document.
Answer
C. Review customer accounts over the last year to determine whether appropriate charges were applied.
CISA Question 3298
Question
An IS auditor is reviewing an organization’s method to transport sensitive data between offices. Which of the following would cause the auditor MOST concern?
A. The method relies exclusively on the use of digital signatures.
B. The method relies exclusively on the use of asymmetric encryption algorithms.
C. The method relies exclusively on the use of public key infrastructure.
D. The method relies exclusively on the use of symmetric encryption algorithms.
Answer
D. The method relies exclusively on the use of symmetric encryption algorithms.
CISA Question 3299
Question
An audit of a database management system found the audit log was not restarted following maintenance. Which of the following is the GREATEST concern to the IS auditor?
A. Changes by the database administrators will not be logged.
B. The database optimization will be compromised.
C. The database triggers and pointers will not be optimized.
D. Changes by application users will not be logged.
Answer
A. Changes by the database administrators will not be logged.
CISA Question 3300
Question
Which of the following observations should be of concern to an IS auditor in the fieldwork stage of a procurement audit?
A. Requisitions are being processed by the finance team.
B. The purchase requester receives notifications of goods delivery.
C. Purchase commitments are made prior to requisitions being approved.
D. Requisitions are being facilitated by a third-party procurement service.
Answer
A. Requisitions are being processed by the finance team.