The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3381
- Question
- Answer
- CISA Question 3382
- Question
- Answer
- CISA Question 3383
- Question
- Answer
- CISA Question 3384
- Question
- Answer
- CISA Question 3385
- Question
- Answer
- CISA Question 3386
- Question
- Answer
- CISA Question 3387
- Question
- Answer
- CISA Question 3388
- Question
- Answer
- CISA Question 3389
- Question
- Answer
- CISA Question 3390
- Question
- Answer
CISA Question 3381
Question
An IS auditor notes that application of super-user activity was not recorded in system logs. What is the auditor’s BEST course of action?
A. Recommend a least-privilege access model.
B. Investigate the reason for the lack of logging.
C. Report the issue to the audit manager.
D. Recommend activation of super-user activity logging.
Answer
B. Investigate the reason for the lack of logging.
CISA Question 3382
Question
An IS auditor conducts a review of a third-party vendor’s reporting of key performance indicators (KPIs). Which of the following findings should be of MOST concern to the auditor?
A. Some KPIs are not documented.
B. KPIs have never been updated.
C. KPIs data is not being analyzed.
D. KPIs are not clearly defined.
Answer
D. KPIs are not clearly defined.
CISA Question 3383
Question
Which of the following should an IS auditor be MOST concerned with when a system uses radio frequency identification (RFID)?
A. Scalability
B. Maintainability
C. Nonrepudiation
D. Privacy
Answer
D. Privacy
CISA Question 3384
Question
During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures.
The auditor’s NEXT step should be to:
A. determine why the procedures were not followed.
B. include the noncompliance in the audit report.
C. note the noncompliance in the audit working papers.
D. issue an audit memorandum identifying the noncompliance.
Answer
A. determine why the procedures were not followed.
CISA Question 3385
Question
What is an IS auditor’s BEST recommendation for management if a network vulnerability assessment confirms that critical patches have not been applied since the last assessment?
A. Implement a process to test and apply appropriate patches.
B. Apply available patches and continue periodic monitoring.
C. Configure servers to automatically apply available patches.
D. Remove unpatched devices from the network.
Answer
A. Implement a process to test and apply appropriate patches.
CISA Question 3386
Question
After the release of an application system, an IS auditor wants to verify that the system is providing value to the organization. The auditor’s BEST course of action would be to:
A. review the results of compliance testing.
B. quantify improvements in client satisfaction.
C. confirm that risk has declined since the application system release.
D. perform a gap analysis against the benefits defined in the business case.
Answer
D. perform a gap analysis against the benefits defined in the business case.
CISA Question 3387
Question
What would be an IS auditor’s GREATEST concern when using a test environment for an application audit?
A. Test and production environments lack data encryption.
B. Developers have access to the test environment.
C. Retention period of test data has been exceeded.
D. Test and production environments do not mirror each other.
Answer
D. Test and production environments do not mirror each other.
CISA Question 3388
Question
When reviewing a newly implemented quality management system (QMS), which of the following should be the IS auditor’s PRIMARY concern?
A. The QMS benefit measures were not included in the business case.
B. The QMS testing methodology is not clearly documented.
C. The QMS post-implementation review (PIR) has not been finalized.
D. The QMS is not mapped to some core business processes.
Answer
D. The QMS is not mapped to some core business processes.
CISA Question 3389
Question
An IS auditor notes that the anticipated benefits from an ongoing infrastructure project have changed due to recent organizational restructuring.
Which of the following is the IS auditor’s BEST recommendation?
A. Review and reapprove the business case.
B. Revise business goals and objectives.
C. Conduct a new feasibility study.
D. Review and update the business impact analysis (BIA).
Answer
B. Revise business goals and objectives.
CISA Question 3390
Question
Which of the following should an IS auditor recommend to reduce the likelihood of potential intruders using social engineering?
A. Perform simulated attacks.
B. Prohibit the use of social networking platforms.
C. Implement an intrusion detection system (IDS).
D. Deploy a security awareness program.
Answer
D. Deploy a security awareness program.