Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 32

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3311

Question

An organization wants to classify database tables according to its data classification scheme. From an IS auditor’s perspective, the tables should be classified based on the:
A. number of end users with access to the table
B. frequency of updates to the table
C. descriptions of column names in the table
D. specific functional contents of each single table

Answer

D. specific functional contents of each single table

CISA Question 3312

Question

Which of the following should be an IS auditor’s GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?
A. Business interruption due to remediation
B. IT budgeting constraints
C. Risk rating of original findings
D. Availability of responsible IT personnel

Answer

C. Risk rating of original findings

CISA Question 3313

Question

Which of the following is MOST important for an IS auditor to consider when auditing a vulnerability scanning software solution?
A. The scanning software was purchased from an approved vendor.
B. The scanning software was approved for release into production.
C. The scanning software covers critical systems.
D. The scanning software is cost-effective.

Answer

C. The scanning software covers critical systems.

CISA Question 3314

Question

Which of the following should be an IS auditor’s GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?
A. Business interruption due to remediation
B. IT budgeting constraints
C. Risk rating of original findings
D. Availability of responsible IT personnel

Answer

C. Risk rating of original findings

CISA Question 3315

Question

An organization wants to classify database tables according to its data classification scheme. From an IS auditor’s perspective, the tables should be classified based on the:
A. number of end users with access to the table
B. frequency of updates to the table
C. descriptions of column names in the table
D. specific functional contents of each single table

Answer

D. specific functional contents of each single table

CISA Question 3316

Question

After discussing findings with an auditee, an IS auditor is required to obtain approval of the report from the CEO before issuing it to the audit committee. This requirement PRIMARILY affects the IS auditor’s:
A. judgment
B. effectiveness
C. independence
D. integrity

Answer

C. independence

CISA Question 3317

Question

Which of the following audit procedures would BEST assist an IS auditor in determining the effectiveness of a business continuity plan (BCP)?
A. Performing an assessment of BCP test documentation
B. Participating in BCP meetings held with user department managers
C. Performing a maturity assessment of BCP methodology against industry standards
D. Observing tests of the BCP performed at the alternate processing site

Answer

D. Observing tests of the BCP performed at the alternate processing site

CISA Question 3318

Question

Which of the following would be of GREATEST concern to an IS auditor when auditing a small organization’s purchasing department?
A. The organization lacks a purchasing officer with experience in purchasing activities.
B. Purchases can be approved after expenses have already been incurred.
C. Some members of the department can request and approve payments for purchase requests.
D. Purchasing procedures and processes have not been updated during the past two years.

Answer

C. Some members of the department can request and approve payments for purchase requests.

CISA Question 3319

Question

While following up on a prior audit report, an IS auditor determines that a number of recommendations to address critical findings have not been implemented as agreed. What is the BEST course of action for the auditor?
A. Reclassify the risk ratings of the original findings.
B. Propose revised implementation timelines.
C. Escalate to the appropriate level of management.
D. Revise the scope of the follow-up audit

Answer

C. Escalate to the appropriate level of management.

CISA Question 3320

Question

What should an IS auditor review FIRST when assessing the results of a recent penetration test to identify potential vulnerabilities?
A. Skill level of the network support staff
B. Parameters of the test
C. Number of critical issues found
D. Incident response process

Answer

B. Parameters of the test

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker