The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3471
- Question
- Answer
- CISA Question 3472
- Question
- Answer
- CISA Question 3473
- Question
- Answer
- CISA Question 3474
- Question
- Answer
- CISA Question 3475
- Question
- Answer
- CISA Question 3476
- Question
- Answer
- CISA Question 3477
- Question
- Answer
- CISA Question 3478
- Question
- Answer
- CISA Question 3479
- Question
- Answer
- CISA Question 3480
- Question
- Answer
CISA Question 3471
Question
A web organization is developed in-house by an organization. Which of the following would provide the BEST evidence to an IS auditor that the application is secure from external attack?
A. Code review by a third party
B. Web application firewall implementation
C. Penetration test results
D. Database application monitoring logs
Answer
C. Penetration test results
CISA Question 3472
Question
Which of the following would an IS auditor consider to be the MOST significant risk associated with a project to reengineer a business process?
A. The negative impact of change may not be documented.
B. The project manager is inexperienced in information systems.
C. Existing controls may be weakened or removed.
D. Existing baseline processes may not be reported to management.
Answer
C. Existing controls may be weakened or removed.
CISA Question 3473
Question
An organization is developing data classification standards and has asked internal audit for advice on aligning the standards with best practices.
Internal audit would MOST likely recommend the standards should be:
A. based on the results of an organization-wide risk assessment.
B. based on the business requirements for confidentiality of the information.
C. aligned with the organization’s segregation of duties requirements.
D. based on the business requirements for authentication of the information.
Answer
C. aligned with the organization’s segregation of duties requirements.
CISA Question 3474
Question
An IS auditor finds that confidential company data has been inadvertently leaked through social engineering. The MOST effective way to help prevent a recurrence of this issue is to implement:
A. penalties to staff for security policy breaches.
B. a third-party intrusion prevention solution.
C. a security awareness program.
D. data loss prevention (DLP) software.
Answer
C. a security awareness program.
CISA Question 3475
Question
Which of the following should be of GREATEST concern to an IS auditor conducting an audit of incident response procedures?
A. End users have not completed security awareness training.
B. Senior management is not involved in the incident response process.
C. There is no procedure in place to learn from previous security incidents.
D. Critical incident response events are not recorded in a centralized repository.
Answer
B. Senior management is not involved in the incident response process.
CISA Question 3476
Question
Which of the following is the MOST important for an IS auditor to do during an exit meeting with an auditee?
A. Ensure that the facts presented in the report are correct.
B. Specify implementation dates for the recommendations.
C. Request input in determining corrective action.
D. Communicate the recommendations to senior management.
Answer
A. Ensure that the facts presented in the report are correct.
CISA Question 3477
Question
An organization’s data retention policy states that all data will be backed up, retained for 10 years, and then destroyed. When conducting an audit of the long-term offsite backup program, an IS auditor should:
A. verify that business owners review data before it is destroyed.
B. verify that there is a process to ensure readability and restore capability.
C. confirm that business interruption insurance coverage is in place.
D. review data classification schemes for appropriate security levels.
Answer
B. verify that there is a process to ensure readability and restore capability.
CISA Question 3478
Question
Which of the following are BEST suited for continuous auditing?
A. Manual transactions
B. Irregular transactions
C. Low-value transactions
D. Real-time transactions
Answer
D. Real-time transactions
CISA Question 3479
Question
The GREATEST benefit of risk-based auditing is that it:
A. demonstrates compliance with regulatory requirements.
B. enables alignment of resources to significant risk areas.
C. allows an organization to identify and eliminate low-risk areas.
D. identifies problem areas within an organization.
Answer
D. identifies problem areas within an organization.
CISA Question 3480
Question
An IS auditor discovers instances where software with the same license key is deployed to multiple workstations, in breach of the licensing agreement. Which of the following is the auditor’s BEST recommendation?
A. Evaluate the business case for funding of additional licenses.
B. Require business owner approval before granting software access.
C. Remove embedded keys from offending packages.
D. Implement software licensing monitoring to manage duplications.
Answer
D. Implement software licensing monitoring to manage duplications.