The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3281
- Question
- Answer
- CISA Question 3282
- Question
- Answer
- CISA Question 3283
- Question
- Answer
- CISA Question 3284
- Question
- Answer
- CISA Question 3285
- Question
- Answer
- CISA Question 3286
- Question
- Answer
- CISA Question 3287
- Question
- Answer
- CISA Question 3288
- Question
- Answer
- CISA Question 3289
- Question
- Answer
- CISA Question 3290
- Question
- Answer
CISA Question 3281
Question
An IS auditor reviewing a recently implemented virtual environment notices discrepancies among similar machine setups. Which of the following should the auditor recommend to minimize configuration risks?
A. Implement network best practice recommendations
B. Perform architectural vulnerability analysis to compare current system attributes to a reference
C. Perform hypervisor software updates with available patches to minimize security weakness
D. Implement templates to manage rapid deployment of virtual machines
Answer
D. Implement templates to manage rapid deployment of virtual machines
CISA Question 3282
Question
When auditing the security architecture of an e-commerce environment, an IS auditor should FIRST review the:
A. configuration of the firewall
B. alternate firewall arrangements
C. location of the firewall within the network
D. criteria used for selecting the firewall
Answer
A. configuration of the firewall
CISA Question 3283
Question
Prior to the migration of acquired software into production, it is MOST important that the IS auditor review the:
A. user acceptance test report.
B. vendor testing report.
C. system documentation.
D. source code escrow agreement.
Answer
D. source code escrow agreement.
CISA Question 3284
Question
The BEST way for an IS auditor to determine which business processes are currently outsourced to a specific service provider is to review the:
A. enterprise architecture (EA) diagram.
B. service provider’s contract.
C. vendor management policy.
D. request for proposal (RFP) responses.
Answer
B. service provider’s contract.
CISA Question 3285
Question
A security review focused on data loss prevention (DLP) revealed the organization has no visibility to data stored in the cloud. What is the IS auditor’s BEST recommendation to address this issue?
A. Implement a file system scanner to discover data stored in the cloud.
B. Utilize a DLP tool on desktops to monitor user activities.
C. Employ a cloud access security broker (CASB).
D. Enhance the firewall at the network perimeter.
Answer
C. Employ a cloud access security broker (CASB).
CISA Question 3286
Question
An IS auditor notes that several users have not logged into an application for more than one year. Which of the following would be the BEST audit recommendation?
A. Periodically review the information security policy.
B. Update the termination procedures.
C. Periodically review user access.
D. Delete the affected users’ IDs.
Answer
C. Periodically review user access.
CISA Question 3287
Question
An IS auditor has performed an agreed-upon procedures engagement for the organization’s IT steering committee. Which of the following would be the MOST important element to include in the report?
A. Complementary user entity controls
B. Management’s representation on the effectiveness of controls
C. Statement that the engagement followed standards
D. An opinion on the effectiveness of controls
Answer
D. An opinion on the effectiveness of controls
CISA Question 3288
Question
To BEST determine if a project is successfully addressing business requirements while managing the associated risk, which of the following should an IS auditor expect to find at each significant milestone?
A. Comprehensive end user acceptance testing
B. Formal acceptance by appropriate stakeholders
C. A revised business impact and risk analysis
D. Post-implementation review with affected parties
Answer
B. Formal acceptance by appropriate stakeholders
CISA Question 3289
Question
The PRIMARY purpose of an internal audit department’s quality assurance improvement program is to evaluate which of the following?
A. The adequacy and qualifications of internal audit personnel
B. The effectiveness of the internal audit function
C. The efficiency of internal audit processes
D. The accuracy of prior-year internal audit results
Answer
B. The effectiveness of the internal audit function
CISA Question 3290
Question
In a small organization, an IS auditor finds that security administration and system analysis functions are performed by the same employee. Which of the following is the MOST significant finding?
A. The security policy has not been updated to reflect the situation.
B. The employee’s formal job description has not been updated.
C. The employee has not signed the security policy.
D. The employee’s activities are not independently reviewed.
Answer
D. The employee’s activities are not independently reviewed.