The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3361
- Question
- Answer
- CISA Question 3362
- Question
- Answer
- CISA Question 3363
- Question
- Answer
- CISA Question 3364
- Question
- Answer
- CISA Question 3365
- Question
- Answer
- CISA Question 3366
- Question
- Answer
- CISA Question 3367
- Question
- Answer
- CISA Question 3368
- Question
- Answer
- CISA Question 3369
- Question
- Answer
- CISA Question 3370
- Question
- Answer
CISA Question 3361
Question
When planning an application audit, it is MOST important to evaluate risk factors by interviewing:
A. process owners.
B. application owners.
C. IT management.
D. application users.
Answer
A. process owners.
CISA Question 3362
Question
An IS auditor finds that corporate mobile devices used by employees have varying levels of password settings. Which of the following would be the BEST recommendation?
A. Update the acceptable use policy for mobile devices.
B. Notify employees to set passwords to a specified length.
C. Encrypt data between corporate gateway and devices.
D. Apply a security policy to the mobile devices.
Answer
D. Apply a security policy to the mobile devices.
CISA Question 3363
Question
Which of the following should the IS auditor do FIRST to ensure data transfer integrity for Internet of Things (IoT) devices?
A. Verify access control lists to the database where collected data is stored.
B. Confirm that acceptable limits of data bandwidth are defined for each device.
C. Ensure that message queue telemetry transport (MQTT) is used.
D. Determine how devices are connected to the local network.
Answer
D. Determine how devices are connected to the local network.
CISA Question 3364
Question
Which of the following is an IS auditor’s BEST course of action upon learning that preventive controls have been replaced with detective and corrective controls?
A. Report the issue to management as the risk level has increased.
B. Recommend the implementation of preventive controls in addition to the other controls.
C. Verify the revised controls enhance the efficiency of related business processes.
D. Evaluate whether new controls manage the risk at an acceptable level.
Answer
D. Evaluate whether new controls manage the risk at an acceptable level.
CISA Question 3365
Question
The IS auditor’s PRIMARY role in control self-assessment (CSA) is to:
A. evaluate the controls.
B. facilitate the process.
C. identify weaknesses.
D. draw up an action plan.
Answer
C. identify weaknesses.
CISA Question 3366
Question
An organization has agreed to perform remediation related to high risk audit findings. The remediation process involves a complex reorganization of user roles as well as the implementation of several compensating controls that may not be completed within the next audit cycle. Which of the following is the BEST way for an IS auditor to follow up on the activities?
A. Review the progress of remediation on a regular basis.
B. Provide management with a remediation timeline and verify adherence.
C. Continue to audit the failed controls according to the audit schedule.
D. Schedule a review of the controls after the projected remediation date.
Answer
B. Provide management with a remediation timeline and verify adherence.
CISA Question 3367
Question
Which of the following would be an IS auditor’s GREATEST concern when evaluating a cybersecurity incident response plan?
A. The plan has not been recently tested.
B. Roles and responsibilities are not detailed for each process.
C. Stakeholder contact details are not up-to-date.
D. The plan does not include incident response metrics.
Answer
B. Roles and responsibilities are not detailed for each process.
CISA Question 3368
Question
A 5-year audit plan provides for general audits every year and application audits on alternating years. To achieve higher efficiency, the IS audit manager would MOST likely:
A. proceed with the plan and integrate all new applications.
B. alternate between control self-assessment (CSA) and general audits every year.
C. implement risk assessment criteria to determine audit priorities.
D. have control self-assessments (CSAs) and formal audits of applications on alternating years.
Answer
D. have control self-assessments (CSAs) and formal audits of applications on alternating years.
CISA Question 3369
Question
A legacy application is running on an operating system that is no longer supported by the vendor. If the organization continues to use the current application, which of the following should be the IS auditor’s GREATEST concern?
A. Potential exploitation of zero-day vulnerabilities in the system
B. Inability to update the legacy application database
C. Increased cost of maintaining the system
D. Inability to use the operating system due to potential license issues
Answer
A. Potential exploitation of zero-day vulnerabilities in the system
CISA Question 3370
Question
Which of the following should be of GREATEST concern to an IS auditor when auditing an organization’s information security awareness program?
A. Security awareness training is not included as part of the onboarding process for new hires.
B. The number of security incidents logged by employees to the help desk has increased in the past year.
C. Training quizzes are designed and run by a third-party company under a contract with the organization.
D. Security awareness training is run via the organization’s enterprise-wide e-learning portal.
Answer
A. Security awareness training is not included as part of the onboarding process for new hires.