The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3251
- Question
- Answer
- CISA Question 3252
- Question
- Answer
- CISA Question 3253
- Question
- Answer
- CISA Question 3254
- Question
- Answer
- CISA Question 3255
- Question
- Answer
- CISA Question 3256
- Question
- Answer
- CISA Question 3257
- Question
- Answer
- CISA Question 3258
- Question
- Answer
- CISA Question 3259
- Question
- Answer
- CISA Question 3260
- Question
- Answer
CISA Question 3251
Question
The PRIMARY purpose for an IS auditor to review previous audit reports during the planning phase of a current audit is to:
A. become informed about the auditee’s business processes.
B. adjust audit scope to reduce testing in areas related to previous findings.
C. identify applicable regulatory requirements for the current audit.
D. ensure that previously identified risks are addressed in the audit program.
Answer
D. ensure that previously identified risks are addressed in the audit program.
CISA Question 3252
Question
What should be the PRIMARY basis for scheduling a follow-up audit?
A. The significance of reported findings
B. The completion of all corrective actions
C. The availability of audit resources
D. The time elapsed after audit report submission
Answer
A. The significance of reported findings
CISA Question 3253
Question
An IS auditor notes that a number of application plug-ins currently in use are no longer supported. Which of the following is the auditor’s BEST recommendation to management?
A. Implement role-based access controls.
B. Conduct a vulnerability assessment to determine exposure.
C. Review content backup and archiving procedures.
D. Review on-boarding and off-boarding processes.
Answer
B. Conduct a vulnerability assessment to determine exposure.
CISA Question 3254
Question
Which of the following would provide the BEST evidence for an IS auditor to determine whether segregation of duties is in place?
A. A review of the organizational chart
B. A review of personnel files
C. An analysis of user access requests
D. A walk-through of job functions
Answer
C. An analysis of user access requests
CISA Question 3255
Question
An IS auditor has identified that some IT staff have administrative access to the enterprise resource planning (ERP) application, database, and server. IT management has responded that due to limited resources, the same IT staff members have to support all three layers of the ERP application. Which of the following would be the auditor’s BEST recommendation to management?
A. Request funding to hire additional IT staff to enable segregation of duties.
B. Leverage business unit personnel to serve as administrators of the application.
C. Monitor activities of the associated IT staff members by reviewing system-generated logs weekly.
D. Remove some of the administrative access of the associated IT staff members.
Answer
A. Request funding to hire additional IT staff to enable segregation of duties.
CISA Question 3256
Question
During the course of an audit, an IS auditor’s organizational independence is impaired. The IS auditor should FIRST:
A. inform audit management of the situation.
B. inform senior management in writing and proceed with the audit.
C. obtain the auditee’s approval before continuing the audit.
D. proceed with the audit as planned after documenting the incident.
Answer
A. inform audit management of the situation.
CISA Question 3257
Question
Which of the following should be an IS auditor’s PRIMARY focus when evaluating the response process for cyber crimes?
A. Notification to regulators
B. Communication with law enforcement
C. Evidence collection
D. Root cause analysis
Answer
C. Evidence collection
CISA Question 3258
Question
After the merger of two organizations, which of the following is the MOST important task for an IS auditor to perform?
A. Investigating access rights for expiration dates
B. Verifying that access privileges have been reviewed
C. Updating the security policy
D. Updating the continuity plan for critical resources
Answer
C. Updating the security policy
CISA Question 3259
Question
Which of the following is the BEST way for an external IS auditor to determine the scope of an audit for a large multinational organization?
A. Focus on areas related to the use of emerging technologies.
B. Sample audit each geographical location.
C. Focus on identified high-risk areas in the organization.
D. Use the work of the internal auditor at each location.
Answer
D. Use the work of the internal auditor at each location.
CISA Question 3260
Question
Which of the following findings should be of MOST concern to an IS auditor reviewing an organization’s business continuity plan (BCP)?
A. An application inventory is not included.
B. A resource optimization plan is not included.
C. A business feasibility study was not performed.
D. A business impact analysis (NA) was not performed.
Answer
D. A business impact analysis (NA) was not performed.