Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 32

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3321

Question

Which of the following is the MOST effective way for an IS auditor to evaluate the creation and deletion of administrative accounts in a virtual environment?
A. Review password management procedures.
B. Review accounts to determine access requirements.
C. Review resource management for capacity performance.
D. Review account provisioning and deprovisioning procedures.

Answer

C. Review resource management for capacity performance.

CISA Question 3322

Question

Which of the following is an IS auditor’s BEST recommendation for mitigating risk associated with rapid expansion of hosts within a virtual environment?
A. Limit access to the hypervisor operating system (OS) and administration console
B. Ensure quick access to updated images of a guest operating system for fast recovery
C. Consider using a third-party service provider to share the virtual machine (VM) risk
D. Implement policies and processes to control virtual machine (VM) lifecycle management

Answer

D. Implement policies and processes to control virtual machine (VM) lifecycle management

CISA Question 3323

Question

An IS auditor is performing a routine procedure to test for the possible existence of fraudulent transactions. Given there is no reason to suspect the existence of fraudulent transactions, which of the following data analytics techniques should be employed?
A. Association analysis
B. Classification analysis
C. Anomaly detection analysis
D. Regression analysis

Answer

C. Anomaly detection analysis

CISA Question 3324

Question

Following an IT audit, management has decided to accept the risk highlighted in the audit report. Which of the following would provide the MOST assurance to the IS auditor that management is adequately balancing the needs of the business with the need to manage risk?
A. Established criteria exist for accepting and approving risk.
B. Identified risk is reported into the organization’s risk committee.
C. Potential impact and likelihood is adequately documented.
D. A communication plan exists for informing parties impacted by the risk.

Answer

A. Established criteria exist for accepting and approving risk.

CISA Question 3325

Question

When reviewing a database supported by a third-party service provider, an IS auditor found minor control deficiencies. The auditor should FIRST discuss recommendations with the:
A. service provider support team manager
B. organization’s service level manager
C. organization’s chief information officer (CIO)
D. service provider contract liaison

Answer

A. service provider support team manager

CISA Question 3326

Question

An IS auditor is auditing the infrastructure of an organization that hosts critical applications withing a virtual environment. Which of the following is MOST important for the auditor to focus on?
A. The ability to copy and move virtual machines in real time
B. The controls in place to prevent compromise of the host
C. Issues arising from system management of a virtual infrastructure
D. Qualifications of employees managing the applications

Answer

B. The controls in place to prevent compromise of the host

CISA Question 3327

Question

Which of the following is the BEST way for an IS auditor to assess the effectiveness of backup procedures?
A. Review the backup schedule.
B. Evaluate the latest data restore.
C. Inspect backup logs.
D. Interview the data owner.

Answer

C. Inspect backup logs.

CISA Question 3328

Question

Which of the following is the PRIMARY reason for an IS auditor to map out the narrative of a business process?
A. To verify the business process is as described in the engagement letter
B. To identify the resources required to perform the audit
C. To ensure alignment with organizational objectives
D. To gain insight into potential risks

Answer

B. To identify the resources required to perform the audit

CISA Question 3329

Question

An IS auditor notes that several of a client’s servers are vulnerable to attack due to open unused ports and protocols. The auditor recommends management implement minimum security requirements. Which type of control has been recommended?
A. Preventive
B. Corrective
C. Directive
D. Compensating

Answer

A. Preventive

CISA Question 3330

Question

Which of the following BEST describes an audit risk?
A. The financial report may contain undetected material errors.
B. The company is being sued for false accusations.
C. Key employees have not taken vacation for 2 years.
D. Employees have been misappropriating funds.

Answer

A. The financial report may contain undetected material errors.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker