The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3461
- Question
- Answer
- CISA Question 3462
- Question
- Answer
- CISA Question 3463
- Question
- Answer
- CISA Question 3464
- Question
- Answer
- CISA Question 3465
- Question
- Answer
- CISA Question 3466
- Question
- Answer
- CISA Question 3467
- Question
- Answer
- CISA Question 3468
- Question
- Answer
- CISA Question 3469
- Question
- Answer
- CISA Question 3470
- Question
- Answer
CISA Question 3461
Question
IS audit is asked to explain how local area network (LAN) servers can contribute to a rapid dissemination of viruses. The IS auditor’s BEST response is that:
A. the server’s software is the prime target and is the first to be infected.
B. the server’s operating system exchanges data with each station starting at every log-on.
C. the server’s file sharing function facilitates the distribution of files and applications.
D. users of a given server have similar usage of applications and files.
Answer
C. the server’s file sharing function facilitates the distribution of files and applications.
CISA Question 3462
Question
During an audit, which of the following would be MOST helpful in establishing a baseline for measuring data quality?
A. Built-in data error prevention application controls
B. Industry standard business definitions
C. Input from customers
D. Validation of rules by the business
Answer
D. Validation of rules by the business
CISA Question 3463
Question
Which of the following is the MOST effective way to identify anomalous transactions when performing a payroll fraud audit?
A. Substantive testing of payroll files
B. Data analytics on payroll data
C. Observation of payment processing
D. Sample-based review of pay stubs
Answer
B. Data analytics on payroll data
CISA Question 3464
Question
Which of the following is MOST important when planning a network audit?
A. Determination of IP range in use
B. Isolation of rogue access points
C. Identification of existing nodes
D. Analysis of traffic content
Answer
C. Identification of existing nodes
CISA Question 3465
Question
After an external IS audit, which of the following should be IT management’s MAIN consideration when determining the prioritization of follow-up activities?
A. The amount of time since the initial audit was completed.
B. The materiality of the reported findings
C. The availability of the external auditors
D. The scheduling of major changes in the control environment
Answer
B. The materiality of the reported findings
CISA Question 3466
Question
An IS auditor determines that a business continuity plan has not been reviewed and approved by management. Which of the following is the MOST significant risk associated with this situation?
A. Continuity planning may be subject to resource constraints.
B. The plan may not be aligned with industry best practice.
C. Critical business processes may not be addressed adequately.
D. The plan has not been reviewed by risk management.
Answer
D. The plan has not been reviewed by risk management.
CISA Question 3467
Question
Which of the following should be done FIRST to effectively define the IT audit universe for an entity with multiple business lines?
A. Identify aggregate residual IT risk for each business line.
B. Obtain a complete listing of the entity’s IT processes.
C. Obtain a complete listing of assets fundamental to the entity’s businesses.
D. Identify key control objectives for each business line’s core processes.
Answer
D. Identify key control objectives for each business line’s core processes.
CISA Question 3468
Question
Which procedure provides the GREATEST assurance that corrective action to an audit report has been taken?
A. Performing subsequent audit tests to verify resolution of the deficiencies
B. Inquiring about the current status of the recommendation
C. Reporting to the audit committee or the board of directors concerning specific action taken or lack thereof
D. Requesting a written management reply to the audit report, identifying corrective action for each deficiency
Answer
A. Performing subsequent audit tests to verify resolution of the deficiencies
CISA Question 3469
Question
Which of the following is MOST important for an IS auditor to verify when reviewing a critical business application that requires high availability?
A. Algorithms are reviewed to resolve process inefficiencies.
B. Users participate in offsite business continuity testing.
C. There is no single point of failure.
D. Service level agreement (SLAs) are monitored.
Answer
C. There is no single point of failure.
CISA Question 3470
Question
Internal audit reports should be PRIMARILY written for and communicated to:
A. audit management, as they are responsible for the quality of the audit.
B. external auditors, as they provide an opinion on the financial statements.
C. auditees, as they will eventually have to implement the recommendations.
D. senior management, as they should be informed about the identified risks.
Answer
A. audit management, as they are responsible for the quality of the audit.