Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 33

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3401

Question

Which of the following is MOST important for an IS auditor to consider when determining an appropriate sample size in situations where selecting the entire population is not feasible?

A. Tolerable error
B. Accessibility of the data
C. Data integrity
D. Responsiveness of the auditee

Answer

A. Tolerable error

CISA Question 3402

Question

An internal review reveals an out-of-support human resources system. Which of the following is MOST important to determine when evaluating the associated risk?

A. Frequency of outages associated with the out-of-support system
B. The number of people accessing the out-of-support system
C. Exposure of the out-of-support system outside of the network
D. Timeline to replace the out-of-support system

Answer

D. Timeline to replace the out-of-support system

CISA Question 3403

Question

During an audit of an organization’s financial statements, an IS auditor finds that the IT general controls are deficient. What should the IS auditor recommend?

A. Increase the compliance testing of the application controls.
B. Place greater reliance on the application controls.
C. Increase the substantive testing of the financial balances.
D. Place greater reliance on the framework of control.

Answer

C. Increase the substantive testing of the financial balances.

CISA Question 3404

Question

Which of the following procedures should an IS auditor complete FIRST when evaluating the adequacy of IT key performance indicators (KPIs)?

A. Independently calculate the accuracy of the KPIs.
B. Review KPIs that indicate poor IT performance.
C. Validate the KPI thresholds.
D. Determine whether the KPIs support IT objectives.

Answer

D. Determine whether the KPIs support IT objectives.

CISA Question 3405

Question

During a database audit, an IS auditor noted frequent problems due to the growing size of the order tables. Which of the following is the BEST recommendation in this situation?

A. Develop an archiving approach.
B. Periodically delete completed orders.
C. Build more table indices.
D. Migrate to a different database management system.

Answer

A. Develop an archiving approach.

CISA Question 3406

Question

Which of the following IS audit recommendations would BEST help to ensure appropriate mitigation will occur on control weaknesses identified during an audit?

A. Assign actions to responsible personnel and follow up.
B. Report on progress to the audit committee.
C. Perform a cost-benefit analysis on remediation strategy.
D. Implement software to input the action points from the IS audit.

Answer

A. Assign actions to responsible personnel and follow up.

CISA Question 3407

Question

An IS auditor finds that an organization’s data loss prevention (DLP) system is configured to use vendor default settings to identify violations. The auditor’s MAIN concern should be that:

A. violations may not be categorized according to the organization’s risk profile.
B. violation reports may not be retained according to the organization’s risk profile.
C. violation reports may not be reviewed in a timely manner.
D. a significant number of false positive violations may be reported.

Answer

A. violations may not be categorized according to the organization’s risk profile.

CISA Question 3408

Question

During an audit of a data center, an IS auditor’s BEST way to gain an understanding of physical security controls is to:

A. review the data center’s physical security procedures.
B. contact the alarm vendor and identify where alarms are installed in the data center.
C. take a tour of the facility and identify physical security controls.
D. obtain the engineering plans for the building and identify points of entry

Answer

C. take a tour of the facility and identify physical security controls.

CISA Question 3409

Question

Which of the following BEST demonstrates to an IS auditor that an organization has implemented effective risk management processes?

A. Critical business assets have additional controls.
B. The risk register is reviewed periodically.
C. A business impact analysis (BIA) has been completed.
D. The inventory of IT assets includes asset classification.

Answer

B. The risk register is reviewed periodically.

CISA Question 3410

Question

An IS auditor is asked to review a large organization’s change management process. Which of the following practices presents the GREATEST risk?

A. Emergency code changes are promoted without user acceptance testing.
B. A system administrator performs code migration on planned downtime.
C. Change management tickets do not contain specific documentation.
D. Transaction data changes can be made by a senior developer

Answer

C. Change management tickets do not contain specific documentation.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.