Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 32

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3301

Question

An IS auditor finds ad hoc vulnerability scanning is in place with no clear alignment to the organization’s wider security threat and vulnerability management program. Which of the following would BEST enable the organization to work toward improvement in this area?
A. Outsourcing the threat and vulnerability management function to a third party
B. Implementing security logging to enhance threat and vulnerability management
C. Using a capability maturity model to identify a path to an optimized program
D. Maintaining a catalog of vulnerabilities that may impact mission-critical systems

Answer

D. Maintaining a catalog of vulnerabilities that may impact mission-critical systems

CISA Question 3302

Question

Which of the following is MOST important for an IS auditor to understand when planning an IS audit?
A. Inherent risk of auditable areas
B. Management focus on particular operations
C. Number of high-risk auditable processes
D. Availability of IS audit resources

Answer

A. Inherent risk of auditable areas

CISA Question 3303

Question

Which of the following should an IS auditor review FIRST when evaluating incident management procedures?
A. Command center monitoring
B. Root cause analysis steps
C. Prioritization criteria
D. Peer review requirements

Answer

C. Prioritization criteria

CISA Question 3304

Question

Total billing amounts on invoices are automatically transferred to an organization’s account ledger weekly. During an IS audit, the auditor discovers that one week’s billing is missing from the ledger. Which of the following areas should the auditor examine FIRST?
A. Annual reconciliations
B. Change management
C. Batch processing controls
D. Module access rights

Answer

C. Batch processing controls

CISA Question 3305

Question

An IS auditor wants to determine who has oversight of staff performing a specific task and is referencing the organization’s RACI chart. Which of the following roles within the chart would provide this information?
A. informed
B. Accountable
C. Consulted
D. Responsible

Answer

B. Accountable

CISA Question 3306

Question

What is an IS auditor’s BEST course of action if informed by a business unit’s representatives that they are too busy to cooperate with a scheduled audit?
A. Reschedule the audit for a time more convenient to the business unit.
B. Begin the audit regardless and insist on cooperation from the business unit.
C. Notify the audit committee immediately and request they direct the audit begin on schedule.
D. Notify the chief audit executive who can negotiate with the head of the business unit.

Answer

D. Notify the chief audit executive who can negotiate with the head of the business unit.

CISA Question 3307

Question

A vulnerability in which of the following virtual systems should be of GREATEST concern to an IS auditor?
A. The virtual machine management server
B. The virtual application server
C. The virtual antivirus server
D. The virtual file server

Answer

A. The virtual machine management server

CISA Question 3308

Question

An IS auditor attempts to sample for variables in a population of items with wide differences in values but determines that an unreasonably large number of sample items must be selected to produce the desired confidence level. In this situation, which of the following is the BEST audit decision?
A. Allow more time and test the required sample
B. Select a judgmental sample
C. Select a stratified sample
D. Lower the desired confidence leve

Answer

A. Allow more time and test the required sample

CISA Question 3309

Question

Which of the following is MOST important for an IS auditor to consider when auditing a vulnerability scanning software solution?
A. The scanning software was purchased from an approved vendor.
B. The scanning software was approved for release into production.
C. The scanning software covers critical systems.
D. The scanning software is cost-effective.

Answer

C. The scanning software covers critical systems.

CISA Question 3310

Question

Which of the following should be an IS auditor’s GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?
A. Business interruption due to remediation
B. IT budgeting constraints
C. Risk rating of original findings
D. Availability of responsible IT personnel

Answer

C. Risk rating of original findings

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker