The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3391
- Question
- Answer
- CISA Question 3392
- Question
- Answer
- CISA Question 3393
- Question
- Answer
- CISA Question 3394
- Question
- Answer
- CISA Question 3395
- Question
- Answer
- CISA Question 3396
- Question
- Answer
- CISA Question 3397
- Question
- Answer
- CISA Question 3398
- Question
- Answer
- CISA Question 3399
- Question
- Answer
- CISA Question 3400
- Question
- Answer
- Explanation
CISA Question 3391
Question
An IS auditor would MOST likely recommend that IT management use a balanced scorecard to:
A. ensure that IT staff meet performance requirements.
B. train and educate IT staff.
C. indicate whether the organization meets quality standards.
D. assess IT functions and processes.
Answer
D. assess IT functions and processes.
CISA Question 3392
Question
During a review of an organization’s network threat response process, the IS auditor noticed that the majority of alerts were closed without resolution.
Management responded that those alerts were unworkable due to lack of actionable intelligence, and therefore the support team is allowed to close them. What is the BEST way for the auditor to address this situation?
A. Further review closed unactioned alerts to identify mishandling of threats.
B. Omit the finding from the report as this practice is in compliance with the current policy.
C. Recommend that management enhance the policy and improve threat awareness training.
D. Reopen unactioned alerts and report to the audit committee.
Answer
A. Further review closed unactioned alerts to identify mishandling of threats.
CISA Question 3393
Question
Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simulation test administered for staff members?
A. Staff members were not notified about the test beforehand.
B. Test results were not communicated to staff members.
C. Staff members who failed the test did not receive follow-up education.
D. Security awareness training was not provided prior to the test.
Answer
C. Staff members who failed the test did not receive follow-up education.
CISA Question 3394
Question
Which of the following should be of GREATEST concern to an IS auditor when evaluating a new system’s production readiness?
A. A system defect was found during user acceptance testing.
B. Functional design documentation is not complete.
C. Functional requirements have not been met.
D. Projected benefits have not been realized.
Answer
C. Functional requirements have not been met.
CISA Question 3395
Question
Which of the following is MOST important for an IS auditor to consider when evaluating a Software as a Service (SaaS) arrangement?
A. Total cost of ownership
B. Frequency of software updates
C. Physical security
D. Software availability
Answer
D. Software availability
CISA Question 3396
Question
Which of the following is MOST important for an IS auditor to determine when evaluating a database for privacy-related risks?
A. Whether copies of production data are masked
B. Whether the integrity of the data dictionary is maintained
C. Whether data import and export procedures are approved
D. Whether all database tables are normalized
Answer
B. Whether the integrity of the data dictionary is maintained
CISA Question 3397
Question
While reviewing the project plan for a new system prior to go-live, an IS auditor notes that the project team has not documented a fallback plan.
Which of the following would be the BEST go-live approach in this situation?
A. Parallel processing
B. Immediate cutover
C. Real-time replication
D. Load balancing
Answer
A. Parallel processing
CISA Question 3398
Question
An IS auditor observes an organization is performing data backup and restoration testing on an ad hoc basis without a defined process. What is the MOST likely result of a data disruption event?
A. Increased loss impact
B. Decreased data confidentiality
C. Increased likelihood of future risk events
D. Decreased data integrity
Answer
A. Increased loss impact
CISA Question 3399
Question
An IS auditor finds that a mortgage origination team receives customer mortgage applications via a shared repository. Which of the following test procedures is the BEST way to assess whether there are adequate privacy controls over this process?
A. Validate whether the encryption is compliant with the organization’s requirements.
B. Validate that data is entered accurately and timely.
C. Validate whether documents are deleted according to data retention procedures.
D. Validate whether complex passwords are required.
Answer
A. Validate whether the encryption is compliant with the organization’s requirements.
CISA Question 3400
Question
IT service engineers at a large organization are unable to effectively prioritize system-generated alerts from hundreds of applications running across multiple servers and databases. As a result, many alerts are often ignored, leading to major problems including downtime. Which of the following is the BEST IS audit recommendation to address this situation?
A. Prioritize alerts from legacy applications that may require remote support from external vendors.
B. Implement a threshold management system that prioritizes alerts over a certain age.
C. Develop a classification scheme that prioritizes alerts according to potential business impact.
D. Group alerts from related systems and immediately escalate to the application owner.
Answer
D. Group alerts from related systems and immediately escalate to the application owner.