Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 32

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3341

Question

An IS auditor is evaluating the access controls at a multinational company with a shared network infrastructure. Which of the following is MOST important?
A. Simplicity of end-to-end communication paths
B. Remote network administration
C. Common security policies
D. Logging of network information at user level

Answer

C. Common security policies

CISA Question 3342

Question

An IS auditor notes that a loan servicing group retains customer personally identifiable information (PII) on a shared drive. Which of the following is MOST important to ensure compliance with privacy principles?
A. Backups are performed in accordance with organizational policy.
B. Access to the shared drive must be approved by the manager of the group.
C. The data is maintained in accordance with the business’s retention policy.
D. All key customer data elements are captured on the shared drive.

Answer

C. The data is maintained in accordance with the business’s retention policy.

CISA Question 3343

Question

Which of the following is the BEST source of information for an IS auditor when planning an audit of a business application’s controls?
A. User documentation
B. Change control procedures
C. Access control lists
D. Process flow diagrams

Answer

A. User documentation

CISA Question 3344

Question

Which of the following should be the GREATEST concern to an IS auditor evaluating an organization’s policies?
A. Policies are not formally approved by the management.
B. Policies are nor formally acknowledged and signed by employees.
C. Policies do not provide adequate protection to the organization.
D. Policies are not reviewed and updated frequently.

Answer

C. Policies do not provide adequate protection to the organization.

CISA Question 3345

Question

When auditing an organization’s software acquisition process, the BEST way for an IS auditor to understand the software benefits to the organization would be to review the:
A. request for proposal (RFP).
B. feasibility study.
C. alignment with IT strategy.
D. business case.

Answer

D. business case.

CISA Question 3346

Question

Which of the following is MOST important for an IS auditor to evaluate when determining the effectiveness of an information security program?
A. Percentage of users aware of the objectives of the security program
B. Percentage of policy exceptions that were approved with justification
C. Percentage of desired control objectives achieved
D. Percentage of reported security incidents

Answer

C. Percentage of desired control objectives achieved

CISA Question 3347

Question

Which of the following is the MOST appropriate document for granting authority to an external IS auditor in an audit engagement with a client organization?
A. Approved statement of work
B. Formally approved audit charter
C. An internal memo to all concerned parties
D. Request for proposal for audit services

Answer

A. Approved statement of work

CISA Question 3348

Question

Which of the following responsibilities of an organization’s quality assurance function should raise concern for an IS auditor?
A. Ensuring the test work supports observations
B. Ensuring standards are adhered to within the development process
C. Implementing solutions to correct defects
D. Updating development methodology

Answer

C. Implementing solutions to correct defects

CISA Question 3349

Question

During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor’s MOST important course of action?
A. Document the finding and present it to management.
B. Determine if a root cause analysis was conducted.
C. Validate whether all incidents have been actioned.
D. Confirm the resolution time of the incidents.

Answer

C. Validate whether all incidents have been actioned.

CISA Question 3350

Question

Which of the following should be of GREATEST concern to an IS auditor reviewing an organization’s information security program?
A. The program was not formally signed off by the sponsor.
B. Key performance indicators (KPIs) are not established.
C. Not all IT staff are aware of the program.
D. The program was last updated five years ago.

Answer

B. Key performance indicators (KPIs) are not established.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker