Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 31

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3291

Question

During a follow-up audit for a finding related to change management, an IS auditor notes that one of the changes sampled was an emergency change, which follows a different process. Which of the following is the auditor’s BEST course of action?

A. Mark the sample as not applicable in the workpaper and move or to testing the next sample.
B. Select a replacement change for testing.
C. Obtain evidence that the change was approved.
D. Note the sample as a deviation and leave the finding open in the audit tracking log.

Answer

A. Mark the sample as not applicable in the workpaper and move or to testing the next sample.

CISA Question 3292

Question

An IS auditor observed that most users do not comply with physical access controls. The business manager has explained that the control design is inefficient.
What is the auditor’s BEST course of action?

A. Recommend changing the access control process to increase efficiency.
B. Identify the impact of control failure and report the finding with a risk rating.
C. Redesign and retest the physical access control.
D. Work with management to design and implement a better control.

Answer

B. Identify the impact of control failure and report the finding with a risk rating.

CISA Question 3293

Question

Which of the following activities should an IS auditor perform FIRST during an external network security assessment?

A. Exploitation
B. Enumeration
C. Vulnerability scanning
D. Reconnaissance

Answer

B. Enumeration

CISA Question 3294

Question

Which of the following auditing techniques would be used to detect the validity of a credit card transaction based on time, location, and date of purchase?

A. Benford’s analysis
B. Gap analysis
C. Stratified sampling
D. Data mining

Answer

A. Benford’s analysis

CISA Question 3295

Question

An audit group is conducting a risk assessment as part of a risk-based audit strategy. To help ensure the risk assessment results are relevant to the organization, it is MOST important to:

A. understand the organization’s objectives and risk appetite.
B. include operational departments and processes.
C. determine both the inherent risk and detection risk.
D. understand the organization’s controls.

Answer

A. understand the organization’s objectives and risk appetite.

CISA Question 3296

Question

An organization migrated most of its physical servers to virtual ones in its own data center. Which of the following should be of GREATEST concern to an IS auditor reviewing the virtual environment?

A. Hypervisor access control lists are outdated.
B. The configuration management database (CMDB) does not include all virtual machines.
C. Hypervisors have not been updated with the most recent patches.
D. Virtual machine deployments are done without following an approved template.

Answer

D. Virtual machine deployments are done without following an approved template.

CISA Question 3297

Question

During an integrated audit at a retail bank, an IS auditor is evaluating whether monthly service fees are appropriately charged for business accounts and waived for individual consumer accounts. Which of the following test approaches would utilize data analytics to facilitate the testing?

A. Attempt to charge a monthly service fee to an individual consumer account.
B. Evaluate whether user acceptance testing plans were designed and executed appropriately.
C. Review customer accounts over the last year to determine whether appropriate charges were applied.
D. Compare the system configuration settings with the business requirements document.

Answer

C. Review customer accounts over the last year to determine whether appropriate charges were applied.

CISA Question 3298

Question

An IS auditor is reviewing an organization’s method to transport sensitive data between offices. Which of the following would cause the auditor MOST concern?

A. The method relies exclusively on the use of digital signatures.
B. The method relies exclusively on the use of asymmetric encryption algorithms.
C. The method relies exclusively on the use of public key infrastructure.
D. The method relies exclusively on the use of symmetric encryption algorithms.

Answer

D. The method relies exclusively on the use of symmetric encryption algorithms.

CISA Question 3299

Question

An audit of a database management system found the audit log was not restarted following maintenance. Which of the following is the GREATEST concern to the IS auditor?

A. Changes by the database administrators will not be logged.
B. The database optimization will be compromised.
C. The database triggers and pointers will not be optimized.
D. Changes by application users will not be logged.

Answer

A. Changes by the database administrators will not be logged.

CISA Question 3300

Question

Which of the following observations should be of concern to an IS auditor in the fieldwork stage of a procurement audit?

A. Requisitions are being processed by the finance team.
B. The purchase requester receives notifications of goods delivery.
C. Purchase commitments are made prior to requisitions being approved.
D. Requisitions are being facilitated by a third-party procurement service.

Answer

A. Requisitions are being processed by the finance team.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker