The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3481
- Question
- Answer
- CISA Question 3482
- Question
- Answer
- CISA Question 3483
- Question
- Answer
- CISA Question 3484
- Question
- Answer
- CISA Question 3485
- Question
- Answer
- CISA Question 3486
- Question
- Answer
- CISA Question 3487
- Question
- Answer
- CISA Question 3488
- Question
- Answer
- CISA Question 3489
- Question
- Answer
- CISA Question 3490
- Question
- Answer
CISA Question 3481
Question
An organization has purchased a replacement mainframe computer to cope with the demands of increased business. Which of the following should be the PRIMARY concern of an IS auditor?
A. The disaster recovery plan has been reviewed and updated.
B. Application access controls are adequate.
C. Appropriate tender evaluation processes have been followed.
D. The procurement is within the planned budget for the year.
Answer
C. Appropriate tender evaluation processes have been followed.
CISA Question 3482
Question
When reviewing the effectiveness of data center operations, the IS auditor would FIRST establish that system performance:
A. is monitored and reported against agreed service levels.
B. reflects the expected usage levels established at implementation.
C. meets the expected targets specified by the manufacturer.
D. is within generally accepted reliability levels for that system.
Answer
A. is monitored and reported against agreed service levels.
CISA Question 3483
Question
An IS auditor has observed gaps in the data available to the organization for detecting incidents. Which of the following would be the BEST recommendation to improve the organization’s security incident response capability?
A. Document procedures for incident escalation.
B. Document procedures for incident classification.
C. Correlate security logs collected from multiple sources.
D. Centralize alerts and security log information.
Answer
D. Centralize alerts and security log information.
CISA Question 3484
Question
A previously agreed-upon recommendation was not implemented because the auditee no longer agrees with the original finding. What should be the IS auditor’s FIRST course of action?
A. exclude the finding in the follow-up audit report.
B. escalate the disagreement to the audit committee.
C. assess the reason for the disagreement.
D. require implementation of the original recommendation.
Answer
C. assess the reason for the disagreement.
CISA Question 3485
Question
An internal audit department recently established a quality assurance (QA) program as part of its overall audit program. Which of the following activities should be included as part of the QA program requirements?
A. Reporting program results to the board
B. Reviewing audit standards periodically
C. Analyzing user satisfaction reports from business lines
D. Conducting long-term planning for internal audit staffing
Answer
B. Reviewing audit standards periodically
CISA Question 3486
Question
During an audit of a mission-critical system hosted in an outsourced data center, an IS auditor discovers that contracted routine maintenance for the alternate power generator was not performed. Which of the following should be the auditor’s MAIN concern?
A. Fraudulent behavior by the outsourcer charging for work not performed
B. Failure of the alternate power generator during a power outage
C. High repair costs if faulty generator parts are not detected in a timely manner
D. Loss of warranty due to lack of system maintenance
Answer
B. Failure of the alternate power generator during a power outage
CISA Question 3487
Question
To BEST evaluate the effectiveness of a disaster recovery plan (DRP), the IS auditor should review the:
A. test plan and results of past tests.
B. plans and procedures in the business continuity plan (BCP).
C. capacity of backup facilities.
D. hardware and software inventory.
Answer
A. test plan and results of past tests.
CISA Question 3488
Question
When evaluating whether the expected benefits of a project have been achieved, it is MOST important for an IS auditor to review:
A. post-implementation issues.
B. quality assurance results.
C. the project schedule.
D. the business case.
Answer
D. the business case.
CISA Question 3489
Question
Which of the following would be the GREATEST concern to an IS auditor reviewing an IT outsourcing arrangement?
A. Several IT personnel perform the same functions as the vendor.
B. The contract does not include a renewal option.
C. Development of KPIs that will be used was assigned to the vendor.
D. Some penalties were waived during contract negotiations.
Answer
A. Several IT personnel perform the same functions as the vendor.
CISA Question 3490
Question
An IS auditor is planning to audit an organization’s infrastructure for access, patching, and change management. Which of the following is the BEST way to prioritize the systems?
A. Complexity of the environment
B. Criticality of the system
C. System hierarchy within the infrastructure
D. System retirement plan
Answer
B. Criticality of the system