Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 32

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3381

Question

An IS auditor notes that application of super-user activity was not recorded in system logs. What is the auditor’s BEST course of action?
A. Recommend a least-privilege access model.
B. Investigate the reason for the lack of logging.
C. Report the issue to the audit manager.
D. Recommend activation of super-user activity logging.

Answer

B. Investigate the reason for the lack of logging.

CISA Question 3382

Question

An IS auditor conducts a review of a third-party vendor’s reporting of key performance indicators (KPIs). Which of the following findings should be of MOST concern to the auditor?
A. Some KPIs are not documented.
B. KPIs have never been updated.
C. KPIs data is not being analyzed.
D. KPIs are not clearly defined.

Answer

D. KPIs are not clearly defined.

CISA Question 3383

Question

Which of the following should an IS auditor be MOST concerned with when a system uses radio frequency identification (RFID)?
A. Scalability
B. Maintainability
C. Nonrepudiation
D. Privacy

Answer

D. Privacy

CISA Question 3384

Question

During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures.
The auditor’s NEXT step should be to:
A. determine why the procedures were not followed.
B. include the noncompliance in the audit report.
C. note the noncompliance in the audit working papers.
D. issue an audit memorandum identifying the noncompliance.

Answer

A. determine why the procedures were not followed.

CISA Question 3385

Question

What is an IS auditor’s BEST recommendation for management if a network vulnerability assessment confirms that critical patches have not been applied since the last assessment?
A. Implement a process to test and apply appropriate patches.
B. Apply available patches and continue periodic monitoring.
C. Configure servers to automatically apply available patches.
D. Remove unpatched devices from the network.

Answer

A. Implement a process to test and apply appropriate patches.

CISA Question 3386

Question

After the release of an application system, an IS auditor wants to verify that the system is providing value to the organization. The auditor’s BEST course of action would be to:
A. review the results of compliance testing.
B. quantify improvements in client satisfaction.
C. confirm that risk has declined since the application system release.
D. perform a gap analysis against the benefits defined in the business case.

Answer

D. perform a gap analysis against the benefits defined in the business case.

CISA Question 3387

Question

What would be an IS auditor’s GREATEST concern when using a test environment for an application audit?
A. Test and production environments lack data encryption.
B. Developers have access to the test environment.
C. Retention period of test data has been exceeded.
D. Test and production environments do not mirror each other.

Answer

D. Test and production environments do not mirror each other.

CISA Question 3388

Question

When reviewing a newly implemented quality management system (QMS), which of the following should be the IS auditor’s PRIMARY concern?
A. The QMS benefit measures were not included in the business case.
B. The QMS testing methodology is not clearly documented.
C. The QMS post-implementation review (PIR) has not been finalized.
D. The QMS is not mapped to some core business processes.

Answer

D. The QMS is not mapped to some core business processes.

CISA Question 3389

Question

An IS auditor notes that the anticipated benefits from an ongoing infrastructure project have changed due to recent organizational restructuring.
Which of the following is the IS auditor’s BEST recommendation?
A. Review and reapprove the business case.
B. Revise business goals and objectives.
C. Conduct a new feasibility study.
D. Review and update the business impact analysis (BIA).

Answer

B. Revise business goals and objectives.

CISA Question 3390

Question

Which of the following should an IS auditor recommend to reduce the likelihood of potential intruders using social engineering?
A. Perform simulated attacks.
B. Prohibit the use of social networking platforms.
C. Implement an intrusion detection system (IDS).
D. Deploy a security awareness program.

Answer

D. Deploy a security awareness program.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker