The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
CISA Question 3501
Question
An IS auditor is assigned to review the development of a specific application. Which of the following would be the MOST significant step following the feasibility study?
A. Attend project progress meetings to monitor timely implementation of the application.
B. Assist users in the design of proper acceptance-testing procedures.
C. Follow up with project sponsor for project’s budgets and actual costs.
D. Review functional design to determine that appropriate controls are planned.
Answer
D. Review functional design to determine that appropriate controls are planned.
CISA Question 3502
Question
An IS auditor evaluating a three-tier client/server architecture observes an issue with graphical user interface (GUI) tasks. Which layer should the auditor recommend the client address?
A. Presentation layer
B. Application layer
C. Storage layer
D. Transport layer
Answer
A. Presentation layer
CISA Question 3503
Question
Which of the following should be of GREATEST concern to an IS auditor reviewing actions taken during a forensic investigation?
A. The investigation report does not indicate a conclusion.
B. An image copy of the attacked system was not taken.
C. The proper authorities were not notified.
D. The handling procedures of the attacked system are not documented.
Answer
C. The proper authorities were not notified.
CISA Question 3504
Question
During an audit of the organization’s data privacy policy, the IS auditor identified that only some IT application databases have encryption in place.
What should be the auditor’s FIRST action?
A. Assess the resources required to implement encryption to unencrypted databases.
B. Review the most recent database penetration testing results.
C. Determine whether compensating controls are in place.
D. Review a comprehensive list of databases with the information they contain.
Answer
C. Determine whether compensating controls are in place.
CISA Question 3505
Question
An IS auditor is observing transaction processing and notes that a high-priority update job ran out of sequence. What is the MOST significant risk from this observation?
A. Previous jobs may have failed.
B. The job may not have run to completion.
C. Daily schedules may not be accurate.
D. The job competes with invalid data.
Answer
D. The job competes with invalid data.
CISA Question 3506
Question
Which of the following should the IS auditor use to BEST determine whether a project has met its business objectives?
A. Earned-value analysis
B. Completed project plan
C. Issues log with resolutions
D. Benefits realization document
Answer
D. Benefits realization document
CISA Question 3507
Question
An IS auditor will be testing accounts payable controls by performing data analytics on the entire population of transactions. Which of the following is MOST important for the auditor to confirm when sourcing the population data?
A. There is no privacy information in the data.
B. The data analysis tools have been recently updated.
C. The data can be obtained in a timely manner.
D. The data is taken directly from the system.
Answer
A. There is no privacy information in the data.
CISA Question 3508
Question
Which of the following would be the MOST efficient audit approach, given that a compliance-based approach was adopted in the previous year?
A. Validate all applications using test data.
B. Interview systems personnel to evaluate all automated controls.
C. Evaluate the controls surrounding changes to programs.
D. Perform a review of significant transactions posted within the system.
Answer
D. Perform a review of significant transactions posted within the system.
CISA Question 3509
Question
Which of the following is the BEST way to facilitate proper follow-up for audit findings?
A. Schedule a follow-up audit for two weeks after the initial audit was completed.
B. Conduct a surprise audit to determine whether remediation is in progress.
C. Conduct a follow-up audit when findings escalate to incidents.
D. Schedule a follow-up audit based on remediation due dates.
Answer
D. Schedule a follow-up audit based on remediation due dates.
CISA Question 3510
Question
An IS auditor reviewed the business case for a proposed investment to virtualize an organization’s server infrastructure. Which of the following is MOST likely to be included among the benefits in the project proposal?
A. Fewer operating system licenses
B. Better efficiency of logical resources
C. Reduced hardware footprint
D. Less memory and storage space
Answer
C. Reduced hardware footprint
