The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3311
- Question
- Answer
- CISA Question 3312
- Question
- Answer
- CISA Question 3313
- Question
- Answer
- CISA Question 3314
- Question
- Answer
- CISA Question 3315
- Question
- Answer
- CISA Question 3316
- Question
- Answer
- CISA Question 3317
- Question
- Answer
- CISA Question 3318
- Question
- Answer
- CISA Question 3319
- Question
- Answer
- CISA Question 3320
- Question
- Answer
CISA Question 3311
Question
An organization wants to classify database tables according to its data classification scheme. From an IS auditor’s perspective, the tables should be classified based on the:
A. number of end users with access to the table
B. frequency of updates to the table
C. descriptions of column names in the table
D. specific functional contents of each single table
Answer
D. specific functional contents of each single table
CISA Question 3312
Question
Which of the following should be an IS auditor’s GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?
A. Business interruption due to remediation
B. IT budgeting constraints
C. Risk rating of original findings
D. Availability of responsible IT personnel
Answer
C. Risk rating of original findings
CISA Question 3313
Question
Which of the following is MOST important for an IS auditor to consider when auditing a vulnerability scanning software solution?
A. The scanning software was purchased from an approved vendor.
B. The scanning software was approved for release into production.
C. The scanning software covers critical systems.
D. The scanning software is cost-effective.
Answer
C. The scanning software covers critical systems.
CISA Question 3314
Question
Which of the following should be an IS auditor’s GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?
A. Business interruption due to remediation
B. IT budgeting constraints
C. Risk rating of original findings
D. Availability of responsible IT personnel
Answer
C. Risk rating of original findings
CISA Question 3315
Question
An organization wants to classify database tables according to its data classification scheme. From an IS auditor’s perspective, the tables should be classified based on the:
A. number of end users with access to the table
B. frequency of updates to the table
C. descriptions of column names in the table
D. specific functional contents of each single table
Answer
D. specific functional contents of each single table
CISA Question 3316
Question
After discussing findings with an auditee, an IS auditor is required to obtain approval of the report from the CEO before issuing it to the audit committee. This requirement PRIMARILY affects the IS auditor’s:
A. judgment
B. effectiveness
C. independence
D. integrity
Answer
C. independence
CISA Question 3317
Question
Which of the following audit procedures would BEST assist an IS auditor in determining the effectiveness of a business continuity plan (BCP)?
A. Performing an assessment of BCP test documentation
B. Participating in BCP meetings held with user department managers
C. Performing a maturity assessment of BCP methodology against industry standards
D. Observing tests of the BCP performed at the alternate processing site
Answer
D. Observing tests of the BCP performed at the alternate processing site
CISA Question 3318
Question
Which of the following would be of GREATEST concern to an IS auditor when auditing a small organization’s purchasing department?
A. The organization lacks a purchasing officer with experience in purchasing activities.
B. Purchases can be approved after expenses have already been incurred.
C. Some members of the department can request and approve payments for purchase requests.
D. Purchasing procedures and processes have not been updated during the past two years.
Answer
C. Some members of the department can request and approve payments for purchase requests.
CISA Question 3319
Question
While following up on a prior audit report, an IS auditor determines that a number of recommendations to address critical findings have not been implemented as agreed. What is the BEST course of action for the auditor?
A. Reclassify the risk ratings of the original findings.
B. Propose revised implementation timelines.
C. Escalate to the appropriate level of management.
D. Revise the scope of the follow-up audit
Answer
C. Escalate to the appropriate level of management.
CISA Question 3320
Question
What should an IS auditor review FIRST when assessing the results of a recent penetration test to identify potential vulnerabilities?
A. Skill level of the network support staff
B. Parameters of the test
C. Number of critical issues found
D. Incident response process
Answer
B. Parameters of the test