Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 31

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3281

Question

An IS auditor reviewing a recently implemented virtual environment notices discrepancies among similar machine setups. Which of the following should the auditor recommend to minimize configuration risks?

A. Implement network best practice recommendations
B. Perform architectural vulnerability analysis to compare current system attributes to a reference
C. Perform hypervisor software updates with available patches to minimize security weakness
D. Implement templates to manage rapid deployment of virtual machines

Answer

D. Implement templates to manage rapid deployment of virtual machines

CISA Question 3282

Question

When auditing the security architecture of an e-commerce environment, an IS auditor should FIRST review the:

A. configuration of the firewall
B. alternate firewall arrangements
C. location of the firewall within the network
D. criteria used for selecting the firewall

Answer

A. configuration of the firewall

CISA Question 3283

Question

Prior to the migration of acquired software into production, it is MOST important that the IS auditor review the:

A. user acceptance test report.
B. vendor testing report.
C. system documentation.
D. source code escrow agreement.

Answer

D. source code escrow agreement.

CISA Question 3284

Question

The BEST way for an IS auditor to determine which business processes are currently outsourced to a specific service provider is to review the:

A. enterprise architecture (EA) diagram.
B. service provider’s contract.
C. vendor management policy.
D. request for proposal (RFP) responses.

Answer

B. service provider’s contract.

CISA Question 3285

Question

A security review focused on data loss prevention (DLP) revealed the organization has no visibility to data stored in the cloud. What is the IS auditor’s BEST recommendation to address this issue?

A. Implement a file system scanner to discover data stored in the cloud.
B. Utilize a DLP tool on desktops to monitor user activities.
C. Employ a cloud access security broker (CASB).
D. Enhance the firewall at the network perimeter.

Answer

C. Employ a cloud access security broker (CASB).

CISA Question 3286

Question

An IS auditor notes that several users have not logged into an application for more than one year. Which of the following would be the BEST audit recommendation?

A. Periodically review the information security policy.
B. Update the termination procedures.
C. Periodically review user access.
D. Delete the affected users’ IDs.

Answer

C. Periodically review user access.

CISA Question 3287

Question

An IS auditor has performed an agreed-upon procedures engagement for the organization’s IT steering committee. Which of the following would be the MOST important element to include in the report?

A. Complementary user entity controls
B. Management’s representation on the effectiveness of controls
C. Statement that the engagement followed standards
D. An opinion on the effectiveness of controls

Answer

D. An opinion on the effectiveness of controls

CISA Question 3288

Question

To BEST determine if a project is successfully addressing business requirements while managing the associated risk, which of the following should an IS auditor expect to find at each significant milestone?

A. Comprehensive end user acceptance testing
B. Formal acceptance by appropriate stakeholders
C. A revised business impact and risk analysis
D. Post-implementation review with affected parties

Answer

B. Formal acceptance by appropriate stakeholders

CISA Question 3289

Question

The PRIMARY purpose of an internal audit department’s quality assurance improvement program is to evaluate which of the following?

A. The adequacy and qualifications of internal audit personnel
B. The effectiveness of the internal audit function
C. The efficiency of internal audit processes
D. The accuracy of prior-year internal audit results

Answer

B. The effectiveness of the internal audit function

CISA Question 3290

Question

In a small organization, an IS auditor finds that security administration and system analysis functions are performed by the same employee. Which of the following is the MOST significant finding?

A. The security policy has not been updated to reflect the situation.
B. The employee’s formal job description has not been updated.
C. The employee has not signed the security policy.
D. The employee’s activities are not independently reviewed.

Answer

D. The employee’s activities are not independently reviewed.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker