The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3491
- Question
- Answer
- CISA Question 3492
- Question
- Answer
- CISA Question 3493
- Question
- Answer
- CISA Question 3494
- Question
- Answer
- CISA Question 3495
- Question
- Answer
- CISA Question 3496
- Question
- Answer
- CISA Question 3497
- Question
- Answer
- CISA Question 3498
- Question
- Answer
- CISA Question 3499
- Question
- Answer
- CISA Question 3500
- Question
- Answer
CISA Question 3491
Question
Which of the following is the PRIMARY reason for an IS auditor to use computer-assisted audit techniques (CAATs)?
A. To efficiently test an entire population
B. To perform direct testing of production data
C. To conduct automated sampling for testing
D. To enable quicker access to information
Answer
D. To enable quicker access to information
CISA Question 3492
Question
The independence of an IS auditor auditing an application is maintained if the auditor’s role is limited to:
A. creating system specifications.
B. defining user requirements.
C. recommending system enhancements.
D. designing access control rules.
Answer
B. defining user requirements.
CISA Question 3493
Question
Which of the following is the PRIMARY benefit of implementing configuration management for IT?
A. It helps audit in verifying IT conformance to business requirements.
B. It establishes the dependency of application systems with various IT assets.
C. It provides visibility to the overall function and technical attributes of IT assets.
D. It helps automate change and release management processes in IT.
Answer
D. It helps automate change and release management processes in IT.
CISA Question 3494
Question
An IS auditor reviewing an incident management process identifies client information was lost due to ransomware attacks. Which of the following would MOST effectively minimize the impact of future occurrences?
A. Change access to client data to read-only.
B. Improve the ransomware awareness program.
C. Back up client data more frequently.
D. Monitor all client data changes.
Answer
B. Improve the ransomware awareness program.
CISA Question 3495
Question
When engaging services from external auditors, which of the following should be established FIRST?
A. Termination conditions agreements
B. Nondisclosure agreements
C. Service level agreements
D. Operational level agreements
Answer
B. Nondisclosure agreements
CISA Question 3496
Question
During a review of system access, an IS auditor notes that an employee who has recently changed roles within the organization still has previous access rights.
The auditor’s NEXT step should be to:
A. determine the reason why access rights have not been revoked.
B. recommend a control to automatically update access rights.
C. direct management to revoke current access rights.
D. determine if access rights are in violation of software licenses.
Answer
A. determine the reason why access rights have not been revoked.
CISA Question 3497
Question
In reviewing the IT strategic plan, the IS auditor should consider whether it identifies the:
A. major IT initiatives.
B. links to operational tactical plans.
C. allocation of IT staff
D. project management methodologies used.
Answer
B. links to operational tactical plans.
CISA Question 3498
Question
Which of the following should an IS auditor recommend as MOST critical to an effective performance improvement process for IT services?
A. Progress on performance goals is regularly reported to the board.
B. The performance goals are aligned with a commonly accepted framework.
C. Root cause analysis of service issues is used to develop performance goals.
D. Management accepts accountability for achieving performance goals.
Answer
B. The performance goals are aligned with a commonly accepted framework.
CISA Question 3499
Question
An IS auditor is performing a post-implementation review of a system deployed two years ago. Which of the following findings should be of MOST concern to the auditor?
A. Maintenance costs were not included in the project lifecycle costs.
B. Benefits as stated in the business case have not been realized.
C. Workarounds due to remaining defects had to be used longer than anticipated.
D. The system has undergone several change requests to further extend functionality.
Answer
B. Benefits as stated in the business case have not been realized.
CISA Question 3500
Question
An IS audit report highlighting inadequate network internal controls is challenged because no serious incident has ever occurred. Which of the following actions performed during the audit would have BEST supported the findings?
A. Compliance testing
B. Threat risk assessment
C. Penetration testing
D. Vulnerability assessment
Answer
C. Penetration testing