Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 32

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3391

Question

An IS auditor would MOST likely recommend that IT management use a balanced scorecard to:
A. ensure that IT staff meet performance requirements.
B. train and educate IT staff.
C. indicate whether the organization meets quality standards.
D. assess IT functions and processes.

Answer

D. assess IT functions and processes.

CISA Question 3392

Question

During a review of an organization’s network threat response process, the IS auditor noticed that the majority of alerts were closed without resolution.
Management responded that those alerts were unworkable due to lack of actionable intelligence, and therefore the support team is allowed to close them. What is the BEST way for the auditor to address this situation?
A. Further review closed unactioned alerts to identify mishandling of threats.
B. Omit the finding from the report as this practice is in compliance with the current policy.
C. Recommend that management enhance the policy and improve threat awareness training.
D. Reopen unactioned alerts and report to the audit committee.

Answer

A. Further review closed unactioned alerts to identify mishandling of threats.

CISA Question 3393

Question

Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simulation test administered for staff members?
A. Staff members were not notified about the test beforehand.
B. Test results were not communicated to staff members.
C. Staff members who failed the test did not receive follow-up education.
D. Security awareness training was not provided prior to the test.

Answer

C. Staff members who failed the test did not receive follow-up education.

CISA Question 3394

Question

Which of the following should be of GREATEST concern to an IS auditor when evaluating a new system’s production readiness?
A. A system defect was found during user acceptance testing.
B. Functional design documentation is not complete.
C. Functional requirements have not been met.
D. Projected benefits have not been realized.

Answer

C. Functional requirements have not been met.

CISA Question 3395

Question

Which of the following is MOST important for an IS auditor to consider when evaluating a Software as a Service (SaaS) arrangement?
A. Total cost of ownership
B. Frequency of software updates
C. Physical security
D. Software availability

Answer

D. Software availability

CISA Question 3396

Question

Which of the following is MOST important for an IS auditor to determine when evaluating a database for privacy-related risks?
A. Whether copies of production data are masked
B. Whether the integrity of the data dictionary is maintained
C. Whether data import and export procedures are approved
D. Whether all database tables are normalized

Answer

B. Whether the integrity of the data dictionary is maintained

CISA Question 3397

Question

While reviewing the project plan for a new system prior to go-live, an IS auditor notes that the project team has not documented a fallback plan.
Which of the following would be the BEST go-live approach in this situation?
A. Parallel processing
B. Immediate cutover
C. Real-time replication
D. Load balancing

Answer

A. Parallel processing

CISA Question 3398

Question

An IS auditor observes an organization is performing data backup and restoration testing on an ad hoc basis without a defined process. What is the MOST likely result of a data disruption event?
A. Increased loss impact
B. Decreased data confidentiality
C. Increased likelihood of future risk events
D. Decreased data integrity

Answer

A. Increased loss impact

CISA Question 3399

Question

An IS auditor finds that a mortgage origination team receives customer mortgage applications via a shared repository. Which of the following test procedures is the BEST way to assess whether there are adequate privacy controls over this process?
A. Validate whether the encryption is compliant with the organization’s requirements.
B. Validate that data is entered accurately and timely.
C. Validate whether documents are deleted according to data retention procedures.
D. Validate whether complex passwords are required.

Answer

A. Validate whether the encryption is compliant with the organization’s requirements.

CISA Question 3400

Question

IT service engineers at a large organization are unable to effectively prioritize system-generated alerts from hundreds of applications running across multiple servers and databases. As a result, many alerts are often ignored, leading to major problems including downtime. Which of the following is the BEST IS audit recommendation to address this situation?
A. Prioritize alerts from legacy applications that may require remote support from external vendors.
B. Implement a threshold management system that prioritizes alerts over a certain age.
C. Develop a classification scheme that prioritizes alerts according to potential business impact.
D. Group alerts from related systems and immediately escalate to the application owner.

Answer

D. Group alerts from related systems and immediately escalate to the application owner.

Explanation

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker