The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3321
- Question
- Answer
- CISA Question 3322
- Question
- Answer
- CISA Question 3323
- Question
- Answer
- CISA Question 3324
- Question
- Answer
- CISA Question 3325
- Question
- Answer
- CISA Question 3326
- Question
- Answer
- CISA Question 3327
- Question
- Answer
- CISA Question 3328
- Question
- Answer
- CISA Question 3329
- Question
- Answer
- CISA Question 3330
- Question
- Answer
CISA Question 3321
Question
Which of the following is the MOST effective way for an IS auditor to evaluate the creation and deletion of administrative accounts in a virtual environment?
A. Review password management procedures.
B. Review accounts to determine access requirements.
C. Review resource management for capacity performance.
D. Review account provisioning and deprovisioning procedures.
Answer
C. Review resource management for capacity performance.
CISA Question 3322
Question
Which of the following is an IS auditor’s BEST recommendation for mitigating risk associated with rapid expansion of hosts within a virtual environment?
A. Limit access to the hypervisor operating system (OS) and administration console
B. Ensure quick access to updated images of a guest operating system for fast recovery
C. Consider using a third-party service provider to share the virtual machine (VM) risk
D. Implement policies and processes to control virtual machine (VM) lifecycle management
Answer
D. Implement policies and processes to control virtual machine (VM) lifecycle management
CISA Question 3323
Question
An IS auditor is performing a routine procedure to test for the possible existence of fraudulent transactions. Given there is no reason to suspect the existence of fraudulent transactions, which of the following data analytics techniques should be employed?
A. Association analysis
B. Classification analysis
C. Anomaly detection analysis
D. Regression analysis
Answer
C. Anomaly detection analysis
CISA Question 3324
Question
Following an IT audit, management has decided to accept the risk highlighted in the audit report. Which of the following would provide the MOST assurance to the IS auditor that management is adequately balancing the needs of the business with the need to manage risk?
A. Established criteria exist for accepting and approving risk.
B. Identified risk is reported into the organization’s risk committee.
C. Potential impact and likelihood is adequately documented.
D. A communication plan exists for informing parties impacted by the risk.
Answer
A. Established criteria exist for accepting and approving risk.
CISA Question 3325
Question
When reviewing a database supported by a third-party service provider, an IS auditor found minor control deficiencies. The auditor should FIRST discuss recommendations with the:
A. service provider support team manager
B. organization’s service level manager
C. organization’s chief information officer (CIO)
D. service provider contract liaison
Answer
A. service provider support team manager
CISA Question 3326
Question
An IS auditor is auditing the infrastructure of an organization that hosts critical applications withing a virtual environment. Which of the following is MOST important for the auditor to focus on?
A. The ability to copy and move virtual machines in real time
B. The controls in place to prevent compromise of the host
C. Issues arising from system management of a virtual infrastructure
D. Qualifications of employees managing the applications
Answer
B. The controls in place to prevent compromise of the host
CISA Question 3327
Question
Which of the following is the BEST way for an IS auditor to assess the effectiveness of backup procedures?
A. Review the backup schedule.
B. Evaluate the latest data restore.
C. Inspect backup logs.
D. Interview the data owner.
Answer
C. Inspect backup logs.
CISA Question 3328
Question
Which of the following is the PRIMARY reason for an IS auditor to map out the narrative of a business process?
A. To verify the business process is as described in the engagement letter
B. To identify the resources required to perform the audit
C. To ensure alignment with organizational objectives
D. To gain insight into potential risks
Answer
B. To identify the resources required to perform the audit
CISA Question 3329
Question
An IS auditor notes that several of a client’s servers are vulnerable to attack due to open unused ports and protocols. The auditor recommends management implement minimum security requirements. Which type of control has been recommended?
A. Preventive
B. Corrective
C. Directive
D. Compensating
Answer
A. Preventive
CISA Question 3330
Question
Which of the following BEST describes an audit risk?
A. The financial report may contain undetected material errors.
B. The company is being sued for false accusations.
C. Key employees have not taken vacation for 2 years.
D. Employees have been misappropriating funds.
Answer
A. The financial report may contain undetected material errors.