The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3261
- Question
- Answer
- CISA Question 3262
- Question
- Answer
- CISA Question 3263
- Question
- Answer
- CISA Question 3264
- Question
- Answer
- CISA Question 3265
- Question
- Answer
- CISA Question 3266
- Question
- Answer
- CISA Question 3267
- Question
- Answer
- CISA Question 3268
- Question
- Answer
- CISA Question 3269
- Question
- Answer
- CISA Question 3270
- Question
- Answer
CISA Question 3261
Question
Which of the following findings should be of GREATEST concern to an IS auditor performing a review of IT operations?
A. The job scheduler application has not been designed to display pop-up error messages.
B. Access to the job scheduler application has not been restricted to a maximum of two staff members.
C. Changes to the job scheduler application’s parameters are not approved and reviewed by an operations supervisor.
D. Operations shift turnover logs are not utilized to coordinate and control the processing environment.
Answer
C. Changes to the job scheduler application’s parameters are not approved and reviewed by an operations supervisor.
CISA Question 3262
Question
An IS auditor is planning a risk-based audit of the human resources department. The department uses separate systems for its payroll, training and employee performance review functions. What should the IS auditor do FIRST before identifying the key controls to be tested?
A. Determine the inherent risk related to each system.
B. Determine the number of samples to be tested for each system.
C. Assess the control risk associated with each system.
D. Identify the technical skills and resources needed to audit each system.
Answer
C. Assess the control risk associated with each system.
CISA Question 3263
Question
An IS auditor has been asked to review an event log aggregation system to ensure risk management practices have been applied. Which of the following should be of MOST concern to the auditor?
A. Completeness testing has not been performed on the log data.
B. Data encryption standards have not been considered.
C. Log feeds are uploaded via batch process.
D. The log data is not normalized.
Answer
A. Completeness testing has not been performed on the log data.
CISA Question 3264
Question
An IS auditor is planning an audit of an organization’s payroll processes. Which of the following is the BEST procedure to provide assurance against internal fraud?
A. Review management’s approval of payroll system changes.
B. Review management’s validation of payroll payment recipients.
C. Interview the payroll manager to obtain a detailed process workflow.
D. Compare employee work contracts against hours entered in the payroll system.
Answer
B. Review management’s validation of payroll payment recipients.
CISA Question 3265
Question
Which of the following provides an IS auditor with the BEST evidence that an organization’s information security program is aligned to business objectives?
A. Balanced scorecard
B. Risk assessment results
C. Business impact analysis (BIA)
D. Cost-benefit analysis
Answer
A. Balanced scorecard
CISA Question 3266
Question
An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor’s FIRST action should be to:
A. determine whether the log of changes to the tables is backed up.
B. determine whether the audit trail is secured and reviewed.
C. recommend that the option to directly modify the database be removed immediately.
D. recommend that the system require two persons to be involved in modifying the database.
Answer
B. determine whether the audit trail is secured and reviewed.
CISA Question 3267
Question
An organization is considering the implementation of a business application. The IS auditor should FIRST ensure that:
A. user requirements are used to select the vendor.
B. an approved business case is in place.
C. users are represented on the project management team.
D. security requirements are specified.
Answer
D. security requirements are specified.
CISA Question 3268
Question
When determining which IS audits to conduct during the upcoming year, internal audit has received a request from management for multiple audits of the contract division due to fraud findings during the prior year. Which of the following is the BEST basis for selecting the audits to be performed?
A. Select audits based on an organizational risk assessment.
B. Select audits based on collusion risk.
C. Select audits based on the skill sets of the IS auditors.
D. Select audits based on management’s suggestion.
Answer
B. Select audits based on collusion risk.
CISA Question 3269
Question
An IS auditor concludes that an organization has a quality security policy. Which of the following is MOST important to determine next? The policy must be:
A. updated frequently.
B. developed by process owners.
C. based on industry standards.
D. well understood by all employees.
Answer
D. well understood by all employees.
CISA Question 3270
Question
An IS auditor is reviewing a sample of production incidents and notes that root cause analysis is not being performed. Which of the following is the GREATEST risk associated with this finding?
A. Future incidents may not be resolved in a timely manner.
B. Future incidents may be prioritized inappropriately.
C. The same incident may occur in the future.
D. Service level agreements (SLAs) may not be met
Answer
C. The same incident may occur in the future.