The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3341
- Question
- Answer
- CISA Question 3342
- Question
- Answer
- CISA Question 3343
- Question
- Answer
- CISA Question 3344
- Question
- Answer
- CISA Question 3345
- Question
- Answer
- CISA Question 3346
- Question
- Answer
- CISA Question 3347
- Question
- Answer
- CISA Question 3348
- Question
- Answer
- CISA Question 3349
- Question
- Answer
- CISA Question 3350
- Question
- Answer
CISA Question 3341
Question
An IS auditor is evaluating the access controls at a multinational company with a shared network infrastructure. Which of the following is MOST important?
A. Simplicity of end-to-end communication paths
B. Remote network administration
C. Common security policies
D. Logging of network information at user level
Answer
C. Common security policies
CISA Question 3342
Question
An IS auditor notes that a loan servicing group retains customer personally identifiable information (PII) on a shared drive. Which of the following is MOST important to ensure compliance with privacy principles?
A. Backups are performed in accordance with organizational policy.
B. Access to the shared drive must be approved by the manager of the group.
C. The data is maintained in accordance with the business’s retention policy.
D. All key customer data elements are captured on the shared drive.
Answer
C. The data is maintained in accordance with the business’s retention policy.
CISA Question 3343
Question
Which of the following is the BEST source of information for an IS auditor when planning an audit of a business application’s controls?
A. User documentation
B. Change control procedures
C. Access control lists
D. Process flow diagrams
Answer
A. User documentation
CISA Question 3344
Question
Which of the following should be the GREATEST concern to an IS auditor evaluating an organization’s policies?
A. Policies are not formally approved by the management.
B. Policies are nor formally acknowledged and signed by employees.
C. Policies do not provide adequate protection to the organization.
D. Policies are not reviewed and updated frequently.
Answer
C. Policies do not provide adequate protection to the organization.
CISA Question 3345
Question
When auditing an organization’s software acquisition process, the BEST way for an IS auditor to understand the software benefits to the organization would be to review the:
A. request for proposal (RFP).
B. feasibility study.
C. alignment with IT strategy.
D. business case.
Answer
D. business case.
CISA Question 3346
Question
Which of the following is MOST important for an IS auditor to evaluate when determining the effectiveness of an information security program?
A. Percentage of users aware of the objectives of the security program
B. Percentage of policy exceptions that were approved with justification
C. Percentage of desired control objectives achieved
D. Percentage of reported security incidents
Answer
C. Percentage of desired control objectives achieved
CISA Question 3347
Question
Which of the following is the MOST appropriate document for granting authority to an external IS auditor in an audit engagement with a client organization?
A. Approved statement of work
B. Formally approved audit charter
C. An internal memo to all concerned parties
D. Request for proposal for audit services
Answer
A. Approved statement of work
CISA Question 3348
Question
Which of the following responsibilities of an organization’s quality assurance function should raise concern for an IS auditor?
A. Ensuring the test work supports observations
B. Ensuring standards are adhered to within the development process
C. Implementing solutions to correct defects
D. Updating development methodology
Answer
C. Implementing solutions to correct defects
CISA Question 3349
Question
During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor’s MOST important course of action?
A. Document the finding and present it to management.
B. Determine if a root cause analysis was conducted.
C. Validate whether all incidents have been actioned.
D. Confirm the resolution time of the incidents.
Answer
C. Validate whether all incidents have been actioned.
CISA Question 3350
Question
Which of the following should be of GREATEST concern to an IS auditor reviewing an organization’s information security program?
A. The program was not formally signed off by the sponsor.
B. Key performance indicators (KPIs) are not established.
C. Not all IT staff are aware of the program.
D. The program was last updated five years ago.
Answer
B. Key performance indicators (KPIs) are not established.