The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3301
- Question
- Answer
- CISA Question 3302
- Question
- Answer
- CISA Question 3303
- Question
- Answer
- CISA Question 3304
- Question
- Answer
- CISA Question 3305
- Question
- Answer
- CISA Question 3306
- Question
- Answer
- CISA Question 3307
- Question
- Answer
- CISA Question 3308
- Question
- Answer
- CISA Question 3309
- Question
- Answer
- CISA Question 3310
- Question
- Answer
CISA Question 3301
Question
An IS auditor finds ad hoc vulnerability scanning is in place with no clear alignment to the organization’s wider security threat and vulnerability management program. Which of the following would BEST enable the organization to work toward improvement in this area?
A. Outsourcing the threat and vulnerability management function to a third party
B. Implementing security logging to enhance threat and vulnerability management
C. Using a capability maturity model to identify a path to an optimized program
D. Maintaining a catalog of vulnerabilities that may impact mission-critical systems
Answer
D. Maintaining a catalog of vulnerabilities that may impact mission-critical systems
CISA Question 3302
Question
Which of the following is MOST important for an IS auditor to understand when planning an IS audit?
A. Inherent risk of auditable areas
B. Management focus on particular operations
C. Number of high-risk auditable processes
D. Availability of IS audit resources
Answer
A. Inherent risk of auditable areas
CISA Question 3303
Question
Which of the following should an IS auditor review FIRST when evaluating incident management procedures?
A. Command center monitoring
B. Root cause analysis steps
C. Prioritization criteria
D. Peer review requirements
Answer
C. Prioritization criteria
CISA Question 3304
Question
Total billing amounts on invoices are automatically transferred to an organization’s account ledger weekly. During an IS audit, the auditor discovers that one week’s billing is missing from the ledger. Which of the following areas should the auditor examine FIRST?
A. Annual reconciliations
B. Change management
C. Batch processing controls
D. Module access rights
Answer
C. Batch processing controls
CISA Question 3305
Question
An IS auditor wants to determine who has oversight of staff performing a specific task and is referencing the organization’s RACI chart. Which of the following roles within the chart would provide this information?
A. informed
B. Accountable
C. Consulted
D. Responsible
Answer
B. Accountable
CISA Question 3306
Question
What is an IS auditor’s BEST course of action if informed by a business unit’s representatives that they are too busy to cooperate with a scheduled audit?
A. Reschedule the audit for a time more convenient to the business unit.
B. Begin the audit regardless and insist on cooperation from the business unit.
C. Notify the audit committee immediately and request they direct the audit begin on schedule.
D. Notify the chief audit executive who can negotiate with the head of the business unit.
Answer
D. Notify the chief audit executive who can negotiate with the head of the business unit.
CISA Question 3307
Question
A vulnerability in which of the following virtual systems should be of GREATEST concern to an IS auditor?
A. The virtual machine management server
B. The virtual application server
C. The virtual antivirus server
D. The virtual file server
Answer
A. The virtual machine management server
CISA Question 3308
Question
An IS auditor attempts to sample for variables in a population of items with wide differences in values but determines that an unreasonably large number of sample items must be selected to produce the desired confidence level. In this situation, which of the following is the BEST audit decision?
A. Allow more time and test the required sample
B. Select a judgmental sample
C. Select a stratified sample
D. Lower the desired confidence leve
Answer
A. Allow more time and test the required sample
CISA Question 3309
Question
Which of the following is MOST important for an IS auditor to consider when auditing a vulnerability scanning software solution?
A. The scanning software was purchased from an approved vendor.
B. The scanning software was approved for release into production.
C. The scanning software covers critical systems.
D. The scanning software is cost-effective.
Answer
C. The scanning software covers critical systems.
CISA Question 3310
Question
Which of the following should be an IS auditor’s GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?
A. Business interruption due to remediation
B. IT budgeting constraints
C. Risk rating of original findings
D. Availability of responsible IT personnel
Answer
C. Risk rating of original findings