The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3331
- Question
- Answer
- CISA Question 3332
- Question
- Answer
- CISA Question 3333
- Question
- Answer
- CISA Question 3334
- Question
- Answer
- CISA Question 3335
- Question
- Answer
- CISA Question 3336
- Question
- Answer
- CISA Question 3337
- Question
- Answer
- CISA Question 3338
- Question
- Answer
- CISA Question 3339
- Question
- Answer
- CISA Question 3340
- Question
- Answer
CISA Question 3331
Question
An IS auditor is reviewing an organization’s primary router access control list. Which of the following should result in a finding?
A. The network security group can change network address translation (NAT).
B. There are conflicting permit and deny rules for the IT group.
C. There is only one rule per group with access privileges.
D. Individual permissions are overriding group permissions.
Answer
D. Individual permissions are overriding group permissions.
CISA Question 3332
Question
An IS auditor finds that one employee has unauthorized access to confidential data. The IS auditor’s BEST recommendation should be to:
A. reclassify the data to a lower level of confidentiality.
B. recommend corrective actions to be taken by the security administrator.
C. implement a strong password schema for users.
D. require the business owner to conduct regular access reviews.
Answer
B. recommend corrective actions to be taken by the security administrator.
CISA Question 3333
Question
Which of the following should be the PRIMARY concern of an IS auditor during a review of an external IT service level agreement (SLA) for computer operations?
A. No employee succession plan
B. Changes in services are not tracked
C. Lack of software escrow provisions
D. Vendor has exclusive control of IT resources
Answer
B. Changes in services are not tracked
CISA Question 3334
Question
An IS auditor has been asked to review a recently implemented quality management system (QMS). Which of the following should be the auditor’s PRIMARY focus?
A. Training materials prepared for coaching employees
B. Processes to measure the performance of business critical transactions
C. Documentation standard of the implemented QMS system
D. Stability of the implemented QMS system over a period of time
Answer
B. Processes to measure the performance of business critical transactions
CISA Question 3335
Question
During the implementation of a new system, an IS auditor must assess whether certain automated calculations comply with the regulatory requirements. Which of the following is the BEST way to obtain this assurance?
A. Inspect user acceptance test (UAT) results.
B. Re-perform the calculation with audit software.
C. Review sign-off documentation.
D. Review the source code related to the calculation.
Answer
B. Re-perform the calculation with audit software.
CISA Question 3336
Question
During a vendor management database audit, an IS auditor identifies multiple instances of duplicate vendor records. In order to prevent recurrence of the same issue, which of the following is the IS auditor’s BEST recommendation to management?
A. Perform system verification checks for unique data values on key fields.
B. Request senior management approval of all new vendor details.
C. Run system reports of full vendor listings periodically to identify duplication.
D. Build a segregation of duties control into the vendor creation process.
Answer
A. Perform system verification checks for unique data values on key fields.
CISA Question 3337
Question
As part of a follow-up of a previous year’s audit, an IS auditor has increased the expected error rate for a sample. What is the impact?
A. degree of assurance increases.
B. standard deviation decreases.
C. sampling risk decreases.
D. required sample size increases.
Answer
D. required sample size increases.
CISA Question 3338
Question
During a follow-up audit, an IS auditor finds that some critical recommendations have not been addressed as management has decided to accept the risk. Which of the following is the IS auditor’s BEST course of action?
A. Adjust the annual risk assessment accordingly.
B. Require the auditee to address the recommendations in full.
C. Evaluate senior management’s acceptance of the risk.
D. Update the audit program based on management’s acceptance of risk.
Answer
C. Evaluate senior management’s acceptance of the risk.
CISA Question 3339
Question
Which of the following should be an IS auditor’s PRIMARY concern when evaluating an organization’s information security policies, procedures, and controls for third-party vendors?
A. The third-party vendors have their own information security requirements.
B. The organization is still responsible for protecting the data.
C. Noncompliance is easily detected.
D. The same procedures and controls are used for all third-party vendors.
Answer
A. The third-party vendors have their own information security requirements.
CISA Question 3340
Question
Which of the following is the MOST significant risk an IS auditor should consider when reviewing a credit card company’s application system?
A. Data privacy
B. Processing times
C. System availability
D. Credit ratings
Answer
A. Data privacy