Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 32

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3331

Question

An IS auditor is reviewing an organization’s primary router access control list. Which of the following should result in a finding?
A. The network security group can change network address translation (NAT).
B. There are conflicting permit and deny rules for the IT group.
C. There is only one rule per group with access privileges.
D. Individual permissions are overriding group permissions.

Answer

D. Individual permissions are overriding group permissions.

CISA Question 3332

Question

An IS auditor finds that one employee has unauthorized access to confidential data. The IS auditor’s BEST recommendation should be to:
A. reclassify the data to a lower level of confidentiality.
B. recommend corrective actions to be taken by the security administrator.
C. implement a strong password schema for users.
D. require the business owner to conduct regular access reviews.

Answer

B. recommend corrective actions to be taken by the security administrator.

CISA Question 3333

Question

Which of the following should be the PRIMARY concern of an IS auditor during a review of an external IT service level agreement (SLA) for computer operations?
A. No employee succession plan
B. Changes in services are not tracked
C. Lack of software escrow provisions
D. Vendor has exclusive control of IT resources

Answer

B. Changes in services are not tracked

CISA Question 3334

Question

An IS auditor has been asked to review a recently implemented quality management system (QMS). Which of the following should be the auditor’s PRIMARY focus?
A. Training materials prepared for coaching employees
B. Processes to measure the performance of business critical transactions
C. Documentation standard of the implemented QMS system
D. Stability of the implemented QMS system over a period of time

Answer

B. Processes to measure the performance of business critical transactions

CISA Question 3335

Question

During the implementation of a new system, an IS auditor must assess whether certain automated calculations comply with the regulatory requirements. Which of the following is the BEST way to obtain this assurance?
A. Inspect user acceptance test (UAT) results.
B. Re-perform the calculation with audit software.
C. Review sign-off documentation.
D. Review the source code related to the calculation.

Answer

B. Re-perform the calculation with audit software.

CISA Question 3336

Question

During a vendor management database audit, an IS auditor identifies multiple instances of duplicate vendor records. In order to prevent recurrence of the same issue, which of the following is the IS auditor’s BEST recommendation to management?
A. Perform system verification checks for unique data values on key fields.
B. Request senior management approval of all new vendor details.
C. Run system reports of full vendor listings periodically to identify duplication.
D. Build a segregation of duties control into the vendor creation process.

Answer

A. Perform system verification checks for unique data values on key fields.

CISA Question 3337

Question

As part of a follow-up of a previous year’s audit, an IS auditor has increased the expected error rate for a sample. What is the impact?
A. degree of assurance increases.
B. standard deviation decreases.
C. sampling risk decreases.
D. required sample size increases.

Answer

D. required sample size increases.

CISA Question 3338

Question

During a follow-up audit, an IS auditor finds that some critical recommendations have not been addressed as management has decided to accept the risk. Which of the following is the IS auditor’s BEST course of action?
A. Adjust the annual risk assessment accordingly.
B. Require the auditee to address the recommendations in full.
C. Evaluate senior management’s acceptance of the risk.
D. Update the audit program based on management’s acceptance of risk.

Answer

C. Evaluate senior management’s acceptance of the risk.

CISA Question 3339

Question

Which of the following should be an IS auditor’s PRIMARY concern when evaluating an organization’s information security policies, procedures, and controls for third-party vendors?
A. The third-party vendors have their own information security requirements.
B. The organization is still responsible for protecting the data.
C. Noncompliance is easily detected.
D. The same procedures and controls are used for all third-party vendors.

Answer

A. The third-party vendors have their own information security requirements.

CISA Question 3340

Question

Which of the following is the MOST significant risk an IS auditor should consider when reviewing a credit card company’s application system?
A. Data privacy
B. Processing times
C. System availability
D. Credit ratings

Answer

A. Data privacy

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker