Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 31

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3241

Question

In an IS auditor’s review of an organization’s configuration management practices for software, which of the following is MOST important?

A. Service level agreements (SLAs) between the IT function and users
B. Post-implementation review reports from development efforts
C. Organizational policies related to release management
D. Software rental contracts or lease agreements

Answer

C. Organizational policies related to release management

CISA Question 3242

Question

An internal audit has revealed a large number of incidents for which root cause analysis has not been performed. Which of the following is MOST important for the IS auditor to verify to determine whether there is an audit issue?

A. Cost of resolving the incidents
B. Severity level of the incidents
C. Time required to resolve the incidents
D. Frequency of the incidents

Answer

D. Frequency of the incidents

CISA Question 3243

Question

Which of the following is the BEST source of information for an IS auditor to use when determining whether an organization’s information security policy is adequate?

A. Industry benchmarks
B. Information security program plans
C. Penetration test results
D. Risk assessment results

Answer

D. Risk assessment results

CISA Question 3244

Question

Which of the following would the IS auditor MOST likely review to determine whether modifications to the operating system parameters were authorized?

A. Change control log
B. System initialization logs
C. Security system parameters
D. Documentation of exit routines

Answer

A. Change control log

CISA Question 3245

Question

Which of the following should be of GREATEST concern when conducting an audit of software inventory management?

A. Missing licensing paper contracts
B. Anti-virus software not regularly upgraded
C. Unlicensed software
D. Development libraries not included in inventory records

Answer

C. Unlicensed software

CISA Question 3246

Question

An organization has recently acquired and implemented intelligent-agent software for granting loans to customers. During the postimplementation review, which of the following would be the KEY procedure for the IS auditor to perform?

A. Review input and output control reports to verify the accuracy of the system decisions.
B. Review system documentation to ensure completeness.
C. Ensure that a detection system designed to verify transaction accuracy is included.
D. Review signed approvals to ensure responsibilities for decisions of the system are well-defined.

Answer

A. Review input and output control reports to verify the accuracy of the system decisions.

CISA Question 3247

Question

Which of the following should be of MOST concern to an IS auditor evaluating a forensics program?

A. Forensic images are stored on removable media with encryption.
B. Forensic images are only stored for involuntarily terminated employees.
C. Forensic images are only maintained for 12 months.
D. Forensic images are stored on shared disks.

Answer

D. Forensic images are stored on shared disks.

CISA Question 3248

Question

An IS auditor is assessing a recent migration of mission critical applications to a virtual platform. Which of the following observations poses the GREATEST risk to the organization?

A. A post-implementation review of the hypervisor has not yet been conducted.
B. Role descriptions do not accurately reflect new virtualization responsibilities.
C. The migration was not approved by the board of directors.
D. Training for staff with new virtualization responsibilities has not been conducted.

Answer

D. Training for staff with new virtualization responsibilities has not been conducted.

CISA Question 3249

Question

An IS auditor is assessing an organization’s implementation of a virtual network. Which of the following observations should be considered the MOST significant risk?

A. Communication performance over the virtual network is not monitored.
B. Virtual network devices are replicated and stored in offline mode.
C. Traffic over the virtual network is not visible to security protection devices.
D. Physical and virtual network configurations are not managed by the same team.

Answer

C. Traffic over the virtual network is not visible to security protection devices.

CISA Question 3250

Question

What should be an IS auditor’s NEXT course of action when a review of an IT organizational structure reveals IT staff members have duties in other departments?

A. Determine whether any segregation of duties conflicts exist.
B. Recommend that segregation of duties controls be implemented.
C. Report the issue to human resources (HR) management.
D. Immediately report a potential finding to the audit committee.

Answer

A. Determine whether any segregation of duties conflicts exist.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker