The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3221
- Question
- Answer
- CISA Question 3222
- Question
- Answer
- CISA Question 3223
- Question
- Answer
- CISA Question 3224
- Question
- Answer
- CISA Question 3225
- Question
- Answer
- CISA Question 3226
- Question
- Answer
- CISA Question 3227
- Question
- Answer
- CISA Question 3228
- Question
- Answer
- CISA Question 3229
- Question
- Answer
- CISA Question 3230
- Question
- Answer
CISA Question 3221
Question
An IS audit manager has been advised that hackers have entered the company’s e-commerce server a number of times in the past month. The IS audit group does not have the expertise necessary to investigate this situation. The IS audit manager should:
A. obtain support by contracting external resources.
B. have network security staff conduct the audit.
C. have IS management proceed immediately with control self-assessment (CSA).
D. decline the request on the basis that the staff is not prepared for the task.
Answer
A. obtain support by contracting external resources.
CISA Question 3222
Question
Which of the following is the MOST important objective of a risk assessment performed during the annual audit planning process?
A. Identifying key areas of focus
B. Eliminating areas with low residual risk
C. Engaging management in the audit planning process
D. Assigning audit resources
Answer
A. Identifying key areas of focus
CISA Question 3223
Question
What is the PRIMARY benefit of an audit approach which requires reported findings to be issued together with related action plans, owners, and target dates?
A. It establishes accountability for the action plans
B. It helps to ensure factual accuracy of finding
C. It enforces action plan consensus between auditors and auditees
D. If facilitates easier audit follow-up
Answer
A. It establishes accountability for the action plans
CISA Question 3224
Question
An IS auditor notes that nightly batch processing is frequently incomplete for an application. The auditor should FIRST review controls over which of the following?
A. Application logs
B. Backup procedures
C. Job notification
D. Job scheduling
Answer
D. Job scheduling
CISA Question 3225
Question
Which of the following findings should be of GREATEST concern to an IS auditor conducting a forensic analysis following incidents of suspicious activities on a server?
A. Most suspicious activities were created by system IDs.
B. Audit logs are not enabled on the server.
C. The server’s operating system is outdated.
D. The server is outside the domain.
Answer
B. Audit logs are not enabled on the server.
CISA Question 3226
Question
The PRIMARY reason to formally communicate audit results immediately after the audit has been completed is to ensure:
A. the report is relevant and useful.
B. deadlines and departmental goals are met.
C. the risk identified in the report is immediately mitigated.
D. the auditors adhere to standard audit practices.
Answer
A. the report is relevant and useful.
CISA Question 3227
Question
Which of the following is the BEST audit technique to identify fraudulent activity processing system?
A. Inspect flow and timing of authorizations recorded by the system.
B. Perform statistical analysis and classification of all transactions.
C. Inspect the source code of the application programs.
D. Review a sample of transactions for compliance with policies.
Answer
A. Inspect flow and timing of authorizations recorded by the system.
CISA Question 3228
Question
Following an internal audit of a database, management has committed to enhance password management controls. Which of the following
provides the BEST evidence that management has remediated the audit finding?
A. Screenshots from end users showing updated password settings
B. Interviews with management about remediation completion
C. Change tickets of recent password configuration updates
D. Observation of updated password settings with database administrators (DBAs)
Answer
C. Change tickets of recent password configuration updates
CISA Question 3229
Question
The PRIMARY benefit of a risk-based audit methodology is to:
A. reduce audit scope.
B. identify key controls.
C. understand business processes.
D. prioritize audit resources.
Answer
D. prioritize audit resources.
CISA Question 3230
Question
Which of the following should an IS auditor review when verifying the integrity of a relational database management system (RDBMS)?
A. Cyclic redundancy check value
B. Secret key algorithm used
C. Foreign key attributes
D. Database size value
Answer
A. Cyclic redundancy check value