The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3431
- Question
- Answer
- CISA Question 3432
- Question
- Answer
- CISA Question 3433
- Question
- Answer
- CISA Question 3434
- Question
- Answer
- CISA Question 3435
- Question
- Answer
- CISA Question 3436
- Question
- Answer
- CISA Question 3437
- Question
- Answer
- CISA Question 3438
- Question
- Answer
- CISA Question 3439
- Question
- Answer
- CISA Question 3440
- Question
- Answer
CISA Question 3431
Question
When reviewing backup policies, an IS auditor MUST verify that backup intervals of critical systems do not exceed which of the following?
A. Recovery point objective (RPO)
B. Recovery time objective (RTO)
C. Service level objective (SLO)
D. Maximum acceptable outage (MAO)
Answer
A. Recovery point objective (RPO)
CISA Question 3432
Question
An IS auditor begins an assignment and identifies audit components for which the auditor is not qualified to assess. Which of the following is the BEST course of action?
A. Notify audit management for a decision on how to proceed.
B. Complete the audit and give full disclosure in the final audit report.
C. Complete the work assignment to the best of the auditor’s ability.
D. Exclude the related tests from the audit plan and continue the assignment.
Answer
A. Notify audit management for a decision on how to proceed.
CISA Question 3433
Question
During a help desk review, an IS auditor determines the call abandonment rate exceeds agreed-upon service levels. What conclusion can be drawn from this finding?
A. There are insufficient telephone lines available to the help desk.
B. There is insufficient staff to handle the help desk call volume.
C. Help desk staff are unable to resolve a sufficient number of problems on the first call.
D. Users are finding solutions from alternative sources.
Answer
B. There is insufficient staff to handle the help desk call volume.
CISA Question 3434
Question
An IS auditor reviews change control tickets and finds an emergency change request where an IT manager approved the change, modified the code on the production platform, and resolved the ticket. Which of the following should be the auditor’s GREATEST concern?
A. There was no follow-up approval from the business.
B. The change was made less than an hour after the request.
C. There was no testing prior to making the change in production.
D. The IT manager performed the change and resolved the ticket.
Answer
D. The IT manager performed the change and resolved the ticket.
CISA Question 3435
Question
An IS auditor is evaluating the log management system for an organization with devices and systems in multiple geographic locations. Which of the following is MOST important for the auditor to verify?
A. Log files are encrypted and digitally signed.
B. Log files of the servers are synchronized.
C. Log files are reviewed in multiple locations.
D. Log files are concurrently updated.
Answer
B. Log files of the servers are synchronized.
CISA Question 3436
Question
Which of the following should be of concern to an IS auditor performing a software audit on virtual machines?
A. Software licensing does not support virtual machines.
B. Software has been installed on virtual machines by privileged users.
C. Multiple users can access critical applications.
D. Applications have not been approved by the CFO.
Answer
A. Software licensing does not support virtual machines.
CISA Question 3437
Question
During a review of an insurance company’s claims system, the IS auditor learns that claims for specific medical procedures are acceptable only from females. This is an example of a:
A. key verification.
B. completeness check.
C. reasonableness check.
D. logical relationship check.
Answer
D. logical relationship check.
CISA Question 3438
Question
An IS auditor is reviewing an organization’s sales and purchasing system due to ongoing data quality issues. An analysis of which of the following would provide the MOST useful information to determine the revenue loss?
A. Correlation between the number of issues and average downtime
B. Cost of implementing data validation controls within the system
C. Comparison of the cost of data acquisition and loss in sales revenue
D. Correlation between data errors and loss in value of transactions
Answer
D. Correlation between data errors and loss in value of transactions
CISA Question 3439
Question
Which of the following communication modes should be of GREATEST concern to an IS auditor evaluating end-user networking?
A. System-to-system
B. Peer-to-peer
C. Host-to-host
D. Client-to-server
Answer
B. Peer-to-peer
CISA Question 3440
Question
While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function. In order to resolve the situation, the IS auditor’s BEST course of action would be to:
A. determine whether the alternative controls sufficiently mitigate the risk and record the results.
B. reject the alternative controls and re-prioritize the original issue as high risk.
C. postpone follow-up activities and escalate the alternative controls to senior audit management.
D. schedule another audit due to the implementation of alternative controls.
Answer
A. determine whether the alternative controls sufficiently mitigate the risk and record the results.