The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3421
- Question
- Answer
- CISA Question 3422
- Question
- Answer
- CISA Question 3423
- Question
- Answer
- CISA Question 3424
- Question
- Answer
- CISA Question 3425
- Question
- Answer
- CISA Question 3426
- Question
- Answer
- CISA Question 3427
- Question
- Answer
- CISA Question 3428
- Question
- Answer
- CISA Question 3429
- Question
- Answer
- CISA Question 3430
- Question
- Answer
CISA Question 3421
Question
Which of the following activities would allow an IS auditor to maintain independence while facilitating a control self-assessment (CSA)?
A. Developing the CSA questionnaire
B. Developing the remediation plan
C. Implementing the remediation plan
D. Partially completing the CSA
Answer
A. Developing the CSA questionnaire
CISA Question 3422
Question
An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed. Which of the following should be the IS auditor’s NEXT course of action?
A. Obtain a verbal confirmation from IT for this exemption.
B. Review the list of end-users and evaluate for authorization.
C. Verify management’s approval for this exemption.
D. Report this control process weakness to senior management.
Answer
C. Verify management’s approval for this exemption.
CISA Question 3423
Question
Which of the following is the BEST way to address ongoing concerns with the quality and accuracy of internal audits?
A. Engage an independent review of the audit function.
B. Require peer reviews of audit workpapers.
C. Implement performance management for IS auditors.
D. Require IS audit management to lead exit meetings.
Answer
A. Engage an independent review of the audit function.
CISA Question 3424
Question
During an audit of information security procedures of a large retailer’s online store, an IS auditor notes that operating system (OS) patches are automatically deployed upon release. Which of the following should be of GREATEST concern to the auditor?
A. Patches are in conflict with current licensing agreements.
B. Patches are pushed from the vendor increasing Internet traffic.
C. Patches are not reflected in the configuration management database.
D. Patches are not tested before installation on critical servers.
Answer
D. Patches are not tested before installation on critical servers.
CISA Question 3425
Question
Following an IS audit, which of the following types of risk would be MOST critical to communicate to key stakeholders?
A. Control
B. Residual
C. Audit
D. Inherent
Answer
C. Audit
CISA Question 3426
Question
What is the FIRST step an auditor should take when beginning a follow-up audit?
A. Review workpapers from the previous audit.
B. Gather evidence of remediation to conduct tests of controls.
C. Review previous findings and action plans.
D. Meet with the auditee to discuss remediation progress.
Answer
C. Review previous findings and action plans.
CISA Question 3427
Question
Which of the following is the GREATEST risk resulting from conducting periodic reviews of IT over several years based on the same audit program?
A. The amount of errors will increase because the routine work promotes inattentiveness.
B. Detection risk is increased because auditees already know the audit program.
C. Audit risk is increased because the programs might not be adapted to the organization’s current situation.
D. Staff turnover in the audit department will increase because fieldwork becomes less interesting.
Answer
C. Audit risk is increased because the programs might not be adapted to the organization’s current situation.
CISA Question 3428
Question
An IS auditor reviewing the use of encryption finds that the symmetric key is sent by an email message between the parties. Which of the following audit responses is correct in this situation?
A. An audit finding is recorded, as the key should be asymmetric and therefore changed.
B. No audit finding is recorded, as it is normal to distribute a key of this nature in this manner.
C. No audit finding is recorded, as the key can only be used once.
D. An audit finding is recorded, as the key should be distributed in a secure manner.
Answer
D. An audit finding is recorded, as the key should be distributed in a secure manner.
CISA Question 3429
Question
An internal IS auditor recommends that incoming accounts payable payment files be encrypted. Which type of control is the auditor recommending?
A. Corrective
B. Detective
C. Preventive
D. Directive
Answer
D. Directive
CISA Question 3430
Question
Which of the following projects would be MOST important to review in an audit of an organization’s financial statements?
A. Resource optimization of the enterprise resource planning (ERP) system
B. Security enhancements to the customer relationship database
C. Automation of operational risk management processes
D. Outsourcing of the payroll system to an external service provider
Answer
C. Automation of operational risk management processes