The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3351
- Question
- Answer
- CISA Question 3352
- Question
- Answer
- CISA Question 3353
- Question
- Answer
- CISA Question 3354
- Question
- Answer
- CISA Question 3355
- Question
- Answer
- CISA Question 3356
- Question
- Answer
- CISA Question 3357
- Question
- Answer
- CISA Question 3358
- Question
- Answer
- CISA Question 3359
- Question
- Answer
- CISA Question 3360
- Question
- Answer
CISA Question 3351
Question
While auditing an IT department’s cloud service provider, the IS auditor found that privileged access monitoring is not being performed as required by the contract.
The provider disagrees with this issue and notes that compensating controls are in place. The IS auditor’s NEXT course of action should be to:
A. test compensating controls as part of the audit.
B. define a remediation plan.
C. review privileged access logs.
D. recommend revising the service level agreement (SLA).
Answer
A. test compensating controls as part of the audit.
CISA Question 3352
Question
When assessing a business case as part of a post-implementation review, the IS auditor must ensure that the:
A. feasibility of alternative project approaches has been assessed.
B. business case has not been amended since project approval.
C. quality assurance measures have been applied throughout the project.
D. amendments to the business case have been approved.
Answer
D. amendments to the business case have been approved.
CISA Question 3353
Question
An IS auditor is reviewing the process followed in identifying and prioritizing the critical business processes. This process is part of the:
A. balanced scorecard.
B. business impact analysis (BIA).
C. operations component of the business continuity plan (BCP).
D. enterprise risk management plan.
Answer
C. operations component of the business continuity plan (BCP).
CISA Question 3354
Question
When reviewing capacity monitoring, an IS auditor notices several incidents where storage capacity limits were reached, while the average utilization was below 30%. Which of the following would the IS auditor MOST likely identify as the root cause?
A. The IT response to the alerts was too slow.
B. The amount of data produced was unacceptable for operations.
C. The storage space should have been enlarged in time.
D. The dynamics of the utilization were not properly taken into account.
Answer
D. The dynamics of the utilization were not properly taken into account.
CISA Question 3355
Question
What is an IS auditor’s BEST course of action when provided with a status update indicating audit recommendations related to segregation of duties for financial staff have been implemented?
A. Verify sufficient segregation of duties controls are in place.
B. Request documentation of the segregation of duties policy and procedures.
C. Note the department’s response in the audit workpapers and records.
D. Confirm with the business that the recommendations are implemented.
Answer
A. Verify sufficient segregation of duties controls are in place.
CISA Question 3356
Question
During a review of an organization’s IT incident management practices, the IS auditor finds the quality of incident resolution documentation is poor. Which of the following is the BEST recommendation to help address this issue?
A. Have service desk staff create documentation be choosing from pre-selected answers in the service management tool.
B. Require service desk staff to open incident tickets only when they have sufficient information.
C. Revise incident resolution procedures and provide training for service desk staff on the applicable updates.
D. Require peer review of resolution documentation followed by service desk management sign off.
Answer
C. Revise incident resolution procedures and provide training for service desk staff on the applicable updates.
CISA Question 3357
Question
Which of the following would be of MOST concern for an IS auditor evaluating the design of an organization’s incident management processes?
A. Metrics are not reported to senior management.
B. Service management standards are not followed.
C. Expected time to resolve incidents is not specified.
D. Prioritization criteria are not defined.
Answer
D. Prioritization criteria are not defined.
CISA Question 3358
Question
An internal audit department recently established a quality assurance (QA) program as part of its overall audit program. Which of the following activities is MOST important to include as part of the QA program requirements?
A. Implementing corrective action plans.
B. Reviewing audit standards periodically
C. Analyzing user satisfaction reports from business lines
D. Creating a long-term plan for internal audit staffing
Answer
A. Implementing corrective action plans.
CISA Question 3359
Question
A vendor service level agreement (SLA) requires backups to be physically secured. An IS audit of the backup system revealed a number of the backup media were missing. Which of the following should be the auditor’s NEXT step?
A. Recommend a review of the vendor’s contract.
B. Recommend identification of the data stored on the missing media.
C. Notify executive management.
D. Include the missing backup media finding in the audit report.
Answer
B. Recommend identification of the data stored on the missing media.
CISA Question 3360
Question
The scheduling of audit follow-ups should be based PRIMARILY on:
A. costs and audit efforts involved.
B. auditee and auditor time commitments.
C. the risk and exposure involved.
D. control and detection processes.
Answer
C. the risk and exposure involved.