The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3401
- Question
- Answer
- CISA Question 3402
- Question
- Answer
- CISA Question 3403
- Question
- Answer
- CISA Question 3404
- Question
- Answer
- CISA Question 3405
- Question
- Answer
- CISA Question 3406
- Question
- Answer
- CISA Question 3407
- Question
- Answer
- CISA Question 3408
- Question
- Answer
- CISA Question 3409
- Question
- Answer
- CISA Question 3410
- Question
- Answer
CISA Question 3401
Question
Which of the following is MOST important for an IS auditor to consider when determining an appropriate sample size in situations where selecting the entire population is not feasible?
A. Tolerable error
B. Accessibility of the data
C. Data integrity
D. Responsiveness of the auditee
Answer
A. Tolerable error
CISA Question 3402
Question
An internal review reveals an out-of-support human resources system. Which of the following is MOST important to determine when evaluating the associated risk?
A. Frequency of outages associated with the out-of-support system
B. The number of people accessing the out-of-support system
C. Exposure of the out-of-support system outside of the network
D. Timeline to replace the out-of-support system
Answer
D. Timeline to replace the out-of-support system
CISA Question 3403
Question
During an audit of an organization’s financial statements, an IS auditor finds that the IT general controls are deficient. What should the IS auditor recommend?
A. Increase the compliance testing of the application controls.
B. Place greater reliance on the application controls.
C. Increase the substantive testing of the financial balances.
D. Place greater reliance on the framework of control.
Answer
C. Increase the substantive testing of the financial balances.
CISA Question 3404
Question
Which of the following procedures should an IS auditor complete FIRST when evaluating the adequacy of IT key performance indicators (KPIs)?
A. Independently calculate the accuracy of the KPIs.
B. Review KPIs that indicate poor IT performance.
C. Validate the KPI thresholds.
D. Determine whether the KPIs support IT objectives.
Answer
D. Determine whether the KPIs support IT objectives.
CISA Question 3405
Question
During a database audit, an IS auditor noted frequent problems due to the growing size of the order tables. Which of the following is the BEST recommendation in this situation?
A. Develop an archiving approach.
B. Periodically delete completed orders.
C. Build more table indices.
D. Migrate to a different database management system.
Answer
A. Develop an archiving approach.
CISA Question 3406
Question
Which of the following IS audit recommendations would BEST help to ensure appropriate mitigation will occur on control weaknesses identified during an audit?
A. Assign actions to responsible personnel and follow up.
B. Report on progress to the audit committee.
C. Perform a cost-benefit analysis on remediation strategy.
D. Implement software to input the action points from the IS audit.
Answer
A. Assign actions to responsible personnel and follow up.
CISA Question 3407
Question
An IS auditor finds that an organization’s data loss prevention (DLP) system is configured to use vendor default settings to identify violations. The auditor’s MAIN concern should be that:
A. violations may not be categorized according to the organization’s risk profile.
B. violation reports may not be retained according to the organization’s risk profile.
C. violation reports may not be reviewed in a timely manner.
D. a significant number of false positive violations may be reported.
Answer
A. violations may not be categorized according to the organization’s risk profile.
CISA Question 3408
Question
During an audit of a data center, an IS auditor’s BEST way to gain an understanding of physical security controls is to:
A. review the data center’s physical security procedures.
B. contact the alarm vendor and identify where alarms are installed in the data center.
C. take a tour of the facility and identify physical security controls.
D. obtain the engineering plans for the building and identify points of entry
Answer
C. take a tour of the facility and identify physical security controls.
CISA Question 3409
Question
Which of the following BEST demonstrates to an IS auditor that an organization has implemented effective risk management processes?
A. Critical business assets have additional controls.
B. The risk register is reviewed periodically.
C. A business impact analysis (BIA) has been completed.
D. The inventory of IT assets includes asset classification.
Answer
B. The risk register is reviewed periodically.
CISA Question 3410
Question
An IS auditor is asked to review a large organization’s change management process. Which of the following practices presents the GREATEST risk?
A. Emergency code changes are promoted without user acceptance testing.
B. A system administrator performs code migration on planned downtime.
C. Change management tickets do not contain specific documentation.
D. Transaction data changes can be made by a senior developer
Answer
C. Change management tickets do not contain specific documentation.