The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3411
- Question
- Answer
- CISA Question 3412
- Question
- Answer
- CISA Question 3413
- Question
- Answer
- CISA Question 3414
- Question
- Answer
- CISA Question 3415
- Question
- Answer
- CISA Question 3416
- Question
- Answer
- CISA Question 3417
- Question
- Answer
- CISA Question 3418
- Question
- Answer
- CISA Question 3419
- Question
- Answer
- CISA Question 3420
- Question
- Answer
CISA Question 3411
Question
Which of the following is MOST important for an IS auditor to verify when reviewing an organization’s information security practices following the adoption of a bring your own device (BYOD) program?
A. Only applications approved by information security may be installed on devices.
B. The expected benefits of adopting the BYOD program have been realized.
C. Security policies have been updated to include BYOD.
D. Remote wipe is enabled for devices allowed by BYOD.
Answer
C. Security policies have been updated to include BYOD.
CISA Question 3412
Question
During an audit, the client learns that the IS auditor has recently completed a similar security review at a competitor. The client inquires about the competitor’s audit results. What is the BEST way for the auditor to address this inquiry?
A. Explain that it would be inappropriate to discuss the results of another audit client.
B. Escalate the question to the audit manager for further action.
C. Discuss the results of the audit omitting specifics related to names and products.
D. Obtain permission from the competitor to use the audit results as examples for future clients.
Answer
A. Explain that it would be inappropriate to discuss the results of another audit client.
CISA Question 3413
Question
As part of an IS audit, the auditor notes the practices listed below. Which of the following would be a segregation of duties concern?
A. Operators are degaussing magnetic tapes during night shifts.
B. System programmers have logged access to operating system parameters.
C. System programmers are performing the duties of operators.
D. Operators are acting as tape librarians on alternate shifts.
Answer
D. Operators are acting as tape librarians on alternate shifts.
CISA Question 3414
Question
An IS auditor concludes that a local area network’s (LAN’s) access security is satisfactory. In reviewing the work, the audit manager should:
A. re-perform some steps of the audit to verify the quality of the work.
B. verify that the elements of an agreed-upon audit plan have been addressed.
C. verify user management’s agreement with the findings.
D. assess whether the auditor had the appropriate skills to perform the work.
Answer
B. verify that the elements of an agreed-upon audit plan have been addressed.
CISA Question 3415
Question
An IS audit reveals that an organization is not proactively addressing known vulnerabilities. Which of the following should the IS auditor recommend the organization do FIRST?
A. Verify the disaster recovery plan (DRP) has been tested.
B. Ensure the intrusion prevention system (IPS) is effective.
C. Confirm the incident response team understands the issue.
D. Assess the security risks to the business.
Answer
D. Assess the security risks to the business.
CISA Question 3416
Question
Management has agreed to perform multiple remediation actions in response to an audit issue, including the implementation of a new control.
Which of the following is the BEST time for an IS auditor to perform an audit follow-up of this issue?
A. After management has completed the required actions
B. When audit resources are available
C. When management resources are available
D. After the new control has been in place for one year
Answer
A. After management has completed the required actions
CISA Question 3417
Question
Which of the following should be an IS auditor’s FIRST action when assessing the risk associated with unstructured data?
A. Implement strong encryption for unstructured data.
B. Implement user access controls to unstructured data.
C. Identify repositories of unstructured data.
D. Identify appropriate tools for data classification.
Answer
D. Identify appropriate tools for data classification.
CISA Question 3418
Question
Which of the following would be an auditor’s GREATEST concern when reviewing data inputs from spreadsheets into the core finance system?
A. Undocumented code formats data and transmits directly to the database.
B. There is not a complete inventory of spreadsheets, and file naming is inconsistent.
C. Spreadsheets are accessible by all members of the finance department.
D. The department data protection policy has not been reviewed or updated for two years.
Answer
A. Undocumented code formats data and transmits directly to the database.
CISA Question 3419
Question
Which of the following audit procedures would be MOST conclusive in evaluating the effectiveness of an e-commerce application system’s edit routine?
A. Interviews with knowledgeable users
B. Use of test transactions
C. Review of source code
D. Review of program documentation
Answer
B. Use of test transactions
CISA Question 3420
Question
What should an IS auditor do when informed that some recommendations cannot be implemented due to financial constraints?
A. Document management’s response in the working papers.
B. Insist the recommendations be implemented.
C. Agree to waive the recommendations.
D. Suggest management identify cost-effective alternatives.
Answer
A. Document management’s response in the working papers.