The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3591
- Question
- Answer
- CISA Question 3592
- Question
- Answer
- CISA Question 3593
- Question
- Answer
- CISA Question 3594
- Question
- Answer
- CISA Question 3595
- Question
- Answer
- CISA Question 3596
- Question
- Answer
- CISA Question 3597
- Question
- Answer
- CISA Question 3598
- Question
- Answer
- CISA Question 3599
- Question
- Answer
- CISA Question 3600
- Question
- Answer
CISA Question 3591
Question
An IS auditor has completed an audit of an organization’s accounts payable system. Which of the following should be rated as the HIGHEST risk in the audit report and requires immediate remediation?
A. Lack of segregation of duty controls for reconciliation of payment transactions
B. Lack of segregation of duty controls for removal of vendor records
C. Lack of segregation of duty controls for updating the vendor master file
D. Lack of segregation of duty controls for reversing payment transactions
Answer
A. Lack of segregation of duty controls for reconciliation of payment transactions
CISA Question 3592
Question
What is an IS auditor’s BEST course of action if informed by a business unit’s representatives that they are too busy to cooperate with a scheduled audit?
A. Reschedule the audit for a time more convenient to the business unit.
B. Notify the chief audit executive who can negotiate with the head of the business unit.
C. Begin the audit regardless and insist on cooperation from the business unit.
D. Notify the audit committee immediately and request they direct the audit begin on schedule.
Answer
B. Notify the chief audit executive who can negotiate with the head of the business unit.
CISA Question 3593
Question
Which of the following should be established FIRST when initiating a control self-assessment program in a small organization?
A. Control baselines
B. Client questionnaires
C. External consultants
D. Facilitated workshops
Answer
B. Client questionnaires
CISA Question 3594
Question
Which of the following should be of MOST concern to an IS auditor reviewing the public key infrastructure (PKI) for enterprise e-mail?
A. The private key certificate has not been updated.
B. The certificate revocation list has not been updated.
C. The certificate practice statement has not been published.
D. The PKI policy has not been updated within the last year.
Answer
B. The certificate revocation list has not been updated.
CISA Question 3595
Question
Which of the following should an IS auditor review FIRST when planning a customer data privacy audit?
A. Legal and compliance requirements
B. Customer agreements
C. Organizational policies and procedures
D. Data classification
Answer
B. Customer agreements
CISA Question 3596
Question
The IS auditor has identified a potential fraud perpetrated by the network administrator. The IS auditor should:
A. issue a report to ensure a timely resolution
B. review the audit finding with the audit committee prior to any other discussions
C. perform more detailed tests prior to disclosing the audit results
D. share the potential audit finding with the security administrator
Answer
B. review the audit finding with the audit committee prior to any other discussions
CISA Question 3597
Question
Before concluding that internal controls can be relied upon, the IS auditor should:
A. discuss the internal control weaknesses with the auditee
B. document application controls
C. conduct tests of compliance
D. document the system of internal control
Answer
C. conduct tests of compliance
CISA Question 3598
Question
In a data center audit, an IS auditor finds that the humidity level is very low. The IS auditor would be MOST concerned because of an expected increase in:
A. employee discomfort
B. risk of fire
C. static electricity problems
D. backup tape failures
Answer
C. static electricity problems
CISA Question 3599
Question
An IS auditor considering the risks associated with spooling sensitive reports for off-line printing will be the MOST concerned that:
A. data can easily be read by operators
B. data can more easily be amended by unauthorized persons
C. unauthorized copies of reports can be printed
D. output will be lost if the system should fail
Answer
C. unauthorized copies of reports can be printed
CISA Question 3600
Question
Multiple invoices are usually received for individual purchase orders, since purchase orders require staggered delivery dates. Which of the following is the BEST audit technique to test for duplicate payments?
A. Run the data on the software programs used to process supplier payments.
B. Use generalized audit software on the invoice transaction file.
C. Run the data on the software programs used to process purchase orders.
D. Use generalized audit software on the purchase order transaction file.
Answer
A. Run the data on the software programs used to process supplier payments.