The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3371
- Question
- Answer
- CISA Question 3372
- Question
- Answer
- CISA Question 3373
- Question
- Answer
- CISA Question 3374
- Question
- Answer
- CISA Question 3375
- Question
- Answer
- CISA Question 3376
- Question
- Answer
- CISA Question 3377
- Question
- Answer
- CISA Question 3378
- Question
- Answer
- CISA Question 3379
- Question
- Answer
- CISA Question 3380
- Question
- Answer
CISA Question 3371
Question
During audit planning, an IS auditor walked through the design of controls related to a new data loss prevention (DLP) tool. It was noted that the tool will be configured to alert IT management when large files are sent outside of the organization via email. What type of control will be tested?
A. Detective
B. Corrective
C. Directive
D. Preventive
Answer
A. Detective
CISA Question 3372
Question
To test the integrity of the data in the accounts receivable master file, an IS auditor is particularly interested in reviewing customers with balances over $400,000.
The selection technique the IS auditor would use to obtain such a sample is called:
A. random selection.
B. systematic selection.
C. discovery selection.
D. stratification.
Answer
D. stratification.
CISA Question 3373
Question
The MOST effective method for an IS auditor to determine which controls are functioning in an operating system is to:
A. compare the current configuration to the corporate standard.
B. consult with the systems programmer.
C. consult with the vendor of the system.
D. compare the current configuration to the default configuration.
Answer
A. compare the current configuration to the corporate standard.
CISA Question 3374
Question
Which of the following findings should be an IS auditor’s GREATEST concern when reviewing an organization’s purchase of new IT infrastructure hardware?
A. The new infrastructure arrived with default system settings.
B. The new infrastructure has residual risk within the organization’s risk tolerance.
C. The new infrastructure’s hardening requirements are stronger than required by policy.
D. The new infrastructure has compatibility issues with existing systems.
Answer
D. The new infrastructure has compatibility issues with existing systems.
CISA Question 3375
Question
Which of the following would be MOST critical for an IS auditor to look for when evaluating fire precautions in a manned data center located in the upper floor of a multi-story building?
A. Existence of handheld fire extinguishers in highly visible locations
B. Documentation of regular inspections by the local fire department
C. Adequacy of the HVAC system throughout the facility
D. Documentation of tested emergency evacuation plans
Answer
D. Documentation of tested emergency evacuation plans
CISA Question 3376
Question
Performance monitoring tools report that servers are consistently above the recommended utilization capacity. Which of the following is the BEST recommendation of the IS auditor?
A. Develop a capacity plan based on usage projections.
B. Deploy load balancers.
C. Monitor activity logs.
D. Add servers until utilization is at target capacity.
Answer
A. Develop a capacity plan based on usage projections.
CISA Question 3377
Question
Which of the following should be of GREATEST concern to an IS auditor conducting an audit of an organization’s backup processes?
A. A written backup policy is not available.
B. Backup failures are not resolved in a timely manner.
C. The restoration process is slow due to connectivity issues.
D. The service levels are not achieved.
Answer
D. The service levels are not achieved.
CISA Question 3378
Question
Following a security breach in which a hacker exploited a well-known vulnerability in the domain controller, an IS auditor has been asked to conduct a control assessment. The auditor’s BEST course of action would be to determine if:
A. the domain controller was classified for high availability.
B. the network traffic was being monitored.
C. the patches were updated.
D. the logs were monitored.
Answer
D. the logs were monitored.
CISA Question 3379
Question
An employee transfers from an organization’s risk management department to become the lead IS auditor. While in the risk management department, the employee helped develop the key performance indicators (KPIs) now used by the organization. Which of the following would pose the GREATEST threat to the independence of this auditor?
A. Evaluating the effectiveness of IT risk management processes
B. Recommending controls to address the IT risks identified by KPIs
C. Developing KPIs to measure the internal audit team
D. Training the IT audit team on IT risk management processes
Answer
B. Recommending controls to address the IT risks identified by KPIs
CISA Question 3380
Question
An IS auditor discovers a recurring software control process issue that severely impacts the efficiency of a critical business process. Which of the following is the BEST recommendation?
A. Replace the malfunctioning system.
B. Determine the compensating controls.
C. Identify other impacted processes.
D. Determine the root cause of the issue.
Answer
D. Determine the root cause of the issue.