Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 31

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3251

Question

The PRIMARY purpose for an IS auditor to review previous audit reports during the planning phase of a current audit is to:

A. become informed about the auditee’s business processes.
B. adjust audit scope to reduce testing in areas related to previous findings.
C. identify applicable regulatory requirements for the current audit.
D. ensure that previously identified risks are addressed in the audit program.

Answer

D. ensure that previously identified risks are addressed in the audit program.

CISA Question 3252

Question

What should be the PRIMARY basis for scheduling a follow-up audit?

A. The significance of reported findings
B. The completion of all corrective actions
C. The availability of audit resources
D. The time elapsed after audit report submission

Answer

A. The significance of reported findings

CISA Question 3253

Question

An IS auditor notes that a number of application plug-ins currently in use are no longer supported. Which of the following is the auditor’s BEST recommendation to management?

A. Implement role-based access controls.
B. Conduct a vulnerability assessment to determine exposure.
C. Review content backup and archiving procedures.
D. Review on-boarding and off-boarding processes.

Answer

B. Conduct a vulnerability assessment to determine exposure.

CISA Question 3254

Question

Which of the following would provide the BEST evidence for an IS auditor to determine whether segregation of duties is in place?

A. A review of the organizational chart
B. A review of personnel files
C. An analysis of user access requests
D. A walk-through of job functions

Answer

C. An analysis of user access requests

CISA Question 3255

Question

An IS auditor has identified that some IT staff have administrative access to the enterprise resource planning (ERP) application, database, and server. IT management has responded that due to limited resources, the same IT staff members have to support all three layers of the ERP application. Which of the following would be the auditor’s BEST recommendation to management?

A. Request funding to hire additional IT staff to enable segregation of duties.
B. Leverage business unit personnel to serve as administrators of the application.
C. Monitor activities of the associated IT staff members by reviewing system-generated logs weekly.
D. Remove some of the administrative access of the associated IT staff members.

Answer

A. Request funding to hire additional IT staff to enable segregation of duties.

CISA Question 3256

Question

During the course of an audit, an IS auditor’s organizational independence is impaired. The IS auditor should FIRST:

A. inform audit management of the situation.
B. inform senior management in writing and proceed with the audit.
C. obtain the auditee’s approval before continuing the audit.
D. proceed with the audit as planned after documenting the incident.

Answer

A. inform audit management of the situation.

CISA Question 3257

Question

Which of the following should be an IS auditor’s PRIMARY focus when evaluating the response process for cyber crimes?

A. Notification to regulators
B. Communication with law enforcement
C. Evidence collection
D. Root cause analysis

Answer

C. Evidence collection

CISA Question 3258

Question

After the merger of two organizations, which of the following is the MOST important task for an IS auditor to perform?

A. Investigating access rights for expiration dates
B. Verifying that access privileges have been reviewed
C. Updating the security policy
D. Updating the continuity plan for critical resources

Answer

C. Updating the security policy

CISA Question 3259

Question

Which of the following is the BEST way for an external IS auditor to determine the scope of an audit for a large multinational organization?

A. Focus on areas related to the use of emerging technologies.
B. Sample audit each geographical location.
C. Focus on identified high-risk areas in the organization.
D. Use the work of the internal auditor at each location.

Answer

D. Use the work of the internal auditor at each location.

CISA Question 3260

Question

Which of the following findings should be of MOST concern to an IS auditor reviewing an organization’s business continuity plan (BCP)?

A. An application inventory is not included.
B. A resource optimization plan is not included.
C. A business feasibility study was not performed.
D. A business impact analysis (NA) was not performed.

Answer

D. A business impact analysis (NA) was not performed.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker