The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3241
- Question
- Answer
- CISA Question 3242
- Question
- Answer
- CISA Question 3243
- Question
- Answer
- CISA Question 3244
- Question
- Answer
- CISA Question 3245
- Question
- Answer
- CISA Question 3246
- Question
- Answer
- CISA Question 3247
- Question
- Answer
- CISA Question 3248
- Question
- Answer
- CISA Question 3249
- Question
- Answer
- CISA Question 3250
- Question
- Answer
CISA Question 3241
Question
In an IS auditor’s review of an organization’s configuration management practices for software, which of the following is MOST important?
A. Service level agreements (SLAs) between the IT function and users
B. Post-implementation review reports from development efforts
C. Organizational policies related to release management
D. Software rental contracts or lease agreements
Answer
C. Organizational policies related to release management
CISA Question 3242
Question
An internal audit has revealed a large number of incidents for which root cause analysis has not been performed. Which of the following is MOST important for the IS auditor to verify to determine whether there is an audit issue?
A. Cost of resolving the incidents
B. Severity level of the incidents
C. Time required to resolve the incidents
D. Frequency of the incidents
Answer
D. Frequency of the incidents
CISA Question 3243
Question
Which of the following is the BEST source of information for an IS auditor to use when determining whether an organization’s information security policy is adequate?
A. Industry benchmarks
B. Information security program plans
C. Penetration test results
D. Risk assessment results
Answer
D. Risk assessment results
CISA Question 3244
Question
Which of the following would the IS auditor MOST likely review to determine whether modifications to the operating system parameters were authorized?
A. Change control log
B. System initialization logs
C. Security system parameters
D. Documentation of exit routines
Answer
A. Change control log
CISA Question 3245
Question
Which of the following should be of GREATEST concern when conducting an audit of software inventory management?
A. Missing licensing paper contracts
B. Anti-virus software not regularly upgraded
C. Unlicensed software
D. Development libraries not included in inventory records
Answer
C. Unlicensed software
CISA Question 3246
Question
An organization has recently acquired and implemented intelligent-agent software for granting loans to customers. During the postimplementation review, which of the following would be the KEY procedure for the IS auditor to perform?
A. Review input and output control reports to verify the accuracy of the system decisions.
B. Review system documentation to ensure completeness.
C. Ensure that a detection system designed to verify transaction accuracy is included.
D. Review signed approvals to ensure responsibilities for decisions of the system are well-defined.
Answer
A. Review input and output control reports to verify the accuracy of the system decisions.
CISA Question 3247
Question
Which of the following should be of MOST concern to an IS auditor evaluating a forensics program?
A. Forensic images are stored on removable media with encryption.
B. Forensic images are only stored for involuntarily terminated employees.
C. Forensic images are only maintained for 12 months.
D. Forensic images are stored on shared disks.
Answer
D. Forensic images are stored on shared disks.
CISA Question 3248
Question
An IS auditor is assessing a recent migration of mission critical applications to a virtual platform. Which of the following observations poses the GREATEST risk to the organization?
A. A post-implementation review of the hypervisor has not yet been conducted.
B. Role descriptions do not accurately reflect new virtualization responsibilities.
C. The migration was not approved by the board of directors.
D. Training for staff with new virtualization responsibilities has not been conducted.
Answer
D. Training for staff with new virtualization responsibilities has not been conducted.
CISA Question 3249
Question
An IS auditor is assessing an organization’s implementation of a virtual network. Which of the following observations should be considered the MOST significant risk?
A. Communication performance over the virtual network is not monitored.
B. Virtual network devices are replicated and stored in offline mode.
C. Traffic over the virtual network is not visible to security protection devices.
D. Physical and virtual network configurations are not managed by the same team.
Answer
C. Traffic over the virtual network is not visible to security protection devices.
CISA Question 3250
Question
What should be an IS auditor’s NEXT course of action when a review of an IT organizational structure reveals IT staff members have duties in other departments?
A. Determine whether any segregation of duties conflicts exist.
B. Recommend that segregation of duties controls be implemented.
C. Report the issue to human resources (HR) management.
D. Immediately report a potential finding to the audit committee.
Answer
A. Determine whether any segregation of duties conflicts exist.