The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3451
- Question
- Answer
- CISA Question 3452
- Question
- Answer
- CISA Question 3453
- Question
- Answer
- CISA Question 3454
- Question
- Answer
- CISA Question 3455
- Question
- Answer
- CISA Question 3456
- Question
- Answer
- CISA Question 3457
- Question
- Answer
- CISA Question 3458
- Question
- Answer
- CISA Question 3459
- Question
- Answer
- CISA Question 3460
- Question
- Answer
CISA Question 3451
Question
During a vulnerability assessment, an IS auditor finds a high-risk vulnerability in a public-facing web server used to process online customer orders via credit card.
The IS auditor should FIRST:
A. notify management.
B. redesign the customer order process.
C. document the finding in the report.
D. suspend credit card processing.
Answer
C. document the finding in the report.
CISA Question 3452
Question
A recent audit has identified that security controls required by the organization’s policies have not been implemented for a particular application.
What should the information security manager do NEXT to address this issue?
A. Deny access to the application until the issue is resolved.
B. Discuss the issue with data custodians to determine the reason for the exception.
C. Report the issue to senior management and request funding to fix the issue.
D. Discuss the issue with data owners to determine the reason for the exception.
Answer
D. Discuss the issue with data owners to determine the reason for the exception.
CISA Question 3453
Question
An internal audit has found that critical patches were not implemented within the timeline established by policy without a valid reason. Which of the following is the BEST course of action to address the audit findings?
A. Monitor and notify IT staff of critical patches.
B. Evaluate patch management training.
C. Perform regular audits on the implementation of critical patches.
D. Assess the patch management process.
Answer
B. Evaluate patch management training.
CISA Question 3454
Question
An audit team has a completed schedule approved by the audit committee. After starting some of the scheduled audits, executive management asked the team to immediately audit an additional process. There are not enough resources available to add the additional audit to the schedule.
Which of the following is the BEST course of action?
A. Revise the scope of scheduled audits.
B. Propose a revised audit schedule.
C. Approve overtime work to ensure the audit is completed.
D. Consider scheduling the audit for the next period.
Answer
B. Propose a revised audit schedule.
CISA Question 3455
Question
A large insurance company is about to replace a major financial application. Which of the following is the IS auditor’s PRIMARY focus when conducting the pre- implementation review?
A. Procedure updates
B. Migration of data
C. System manuals
D. Unit testing
Answer
D. Unit testing
CISA Question 3456
Question
During an audit of an organization’s incident management process, an IS auditor learns that the security operations team includes detailed reports of recent attacks in its communications to employees. Which of the following is the GREATEST concern with this situation?
A. Employees may fail to understand the severity of the threats.
B. The reports may be too complex for a nontechnical audience.
C. Employees may misuse the information in the reports.
D. There is not a documented procedure to communicate the reports.
Answer
C. Employees may misuse the information in the reports.
CISA Question 3457
Question
During business process reengineering (BPR) of a bank’s teller activities, an IS auditor should evaluate:
A. the impact of changed business processes.
B. the cost of new controls.
C. BPR project plans.
D. continuous improvement and monitoring plans.
Answer
A. the impact of changed business processes.
CISA Question 3458
Question
A bank is selecting a server for its retail accounts application. To ensure that the server can handle a high volume of transactions with the required response times, which test should the IS auditor recommend?
A. Regression
B. Acceptance
C. Benchmark
D. Integration
Answer
C. Benchmark
CISA Question 3459
Question
During a review of an application system, an IS auditor identifies automated controls designed to prevent the entry of duplicate transactions. What is the BEST way to verify that the controls work as designed?
A. Implement periodic reconciliations.
B. Review quality assurance (QA) test results.
C. Use generalized audit software for seeking data corresponding to duplicate transactions.
D. Enter duplicate transactions in a copy of the live system.
Answer
A. Implement periodic reconciliations.
CISA Question 3460
Question
An organization allows employees to use personally owned mobile devices to access customers’ personal information. An IS auditor’s GREATEST concern should be whether:
A. mobile devices are compatible with company infrastructure.
B. devices have the capability to segregate business and personal data.
C. mobile device security policies have been implemented.
D. devices have adequate storage and backup capabilities.
Answer
C. mobile device security policies have been implemented.