Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 31

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3221

Question

An IS audit manager has been advised that hackers have entered the company’s e-commerce server a number of times in the past month. The IS audit group does not have the expertise necessary to investigate this situation. The IS audit manager should:

A. obtain support by contracting external resources.
B. have network security staff conduct the audit.
C. have IS management proceed immediately with control self-assessment (CSA).
D. decline the request on the basis that the staff is not prepared for the task.

Answer

A. obtain support by contracting external resources.

CISA Question 3222

Question

Which of the following is the MOST important objective of a risk assessment performed during the annual audit planning process?

A. Identifying key areas of focus
B. Eliminating areas with low residual risk
C. Engaging management in the audit planning process
D. Assigning audit resources

Answer

A. Identifying key areas of focus

CISA Question 3223

Question

What is the PRIMARY benefit of an audit approach which requires reported findings to be issued together with related action plans, owners, and target dates?

A. It establishes accountability for the action plans
B. It helps to ensure factual accuracy of finding
C. It enforces action plan consensus between auditors and auditees
D. If facilitates easier audit follow-up

Answer

A. It establishes accountability for the action plans

CISA Question 3224

Question

An IS auditor notes that nightly batch processing is frequently incomplete for an application. The auditor should FIRST review controls over which of the following?

A. Application logs
B. Backup procedures
C. Job notification
D. Job scheduling

Answer

D. Job scheduling

CISA Question 3225

Question

Which of the following findings should be of GREATEST concern to an IS auditor conducting a forensic analysis following incidents of suspicious activities on a server?

A. Most suspicious activities were created by system IDs.
B. Audit logs are not enabled on the server.
C. The server’s operating system is outdated.
D. The server is outside the domain.

Answer

B. Audit logs are not enabled on the server.

CISA Question 3226

Question

The PRIMARY reason to formally communicate audit results immediately after the audit has been completed is to ensure:

A. the report is relevant and useful.
B. deadlines and departmental goals are met.
C. the risk identified in the report is immediately mitigated.
D. the auditors adhere to standard audit practices.

Answer

A. the report is relevant and useful.

CISA Question 3227

Question

Which of the following is the BEST audit technique to identify fraudulent activity processing system?

A. Inspect flow and timing of authorizations recorded by the system.
B. Perform statistical analysis and classification of all transactions.
C. Inspect the source code of the application programs.
D. Review a sample of transactions for compliance with policies.

Answer

A. Inspect flow and timing of authorizations recorded by the system.

CISA Question 3228

Question

Following an internal audit of a database, management has committed to enhance password management controls. Which of the following
provides the BEST evidence that management has remediated the audit finding?

A. Screenshots from end users showing updated password settings
B. Interviews with management about remediation completion
C. Change tickets of recent password configuration updates
D. Observation of updated password settings with database administrators (DBAs)

Answer

C. Change tickets of recent password configuration updates

CISA Question 3229

Question

The PRIMARY benefit of a risk-based audit methodology is to:

A. reduce audit scope.
B. identify key controls.
C. understand business processes.
D. prioritize audit resources.

Answer

D. prioritize audit resources.

CISA Question 3230

Question

Which of the following should an IS auditor review when verifying the integrity of a relational database management system (RDBMS)?

A. Cyclic redundancy check value
B. Secret key algorithm used
C. Foreign key attributes
D. Database size value

Answer

A. Cyclic redundancy check value

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker