Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 34

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3591

Question

An IS auditor has completed an audit of an organization’s accounts payable system. Which of the following should be rated as the HIGHEST risk in the audit report and requires immediate remediation?

A. Lack of segregation of duty controls for reconciliation of payment transactions
B. Lack of segregation of duty controls for removal of vendor records
C. Lack of segregation of duty controls for updating the vendor master file
D. Lack of segregation of duty controls for reversing payment transactions

Answer

A. Lack of segregation of duty controls for reconciliation of payment transactions

CISA Question 3592

Question

What is an IS auditor’s BEST course of action if informed by a business unit’s representatives that they are too busy to cooperate with a scheduled audit?

A. Reschedule the audit for a time more convenient to the business unit.
B. Notify the chief audit executive who can negotiate with the head of the business unit.
C. Begin the audit regardless and insist on cooperation from the business unit.
D. Notify the audit committee immediately and request they direct the audit begin on schedule.

Answer

B. Notify the chief audit executive who can negotiate with the head of the business unit.

CISA Question 3593

Question

Which of the following should be established FIRST when initiating a control self-assessment program in a small organization?

A. Control baselines
B. Client questionnaires
C. External consultants
D. Facilitated workshops

Answer

B. Client questionnaires

CISA Question 3594

Question

Which of the following should be of MOST concern to an IS auditor reviewing the public key infrastructure (PKI) for enterprise e-mail?

A. The private key certificate has not been updated.
B. The certificate revocation list has not been updated.
C. The certificate practice statement has not been published.
D. The PKI policy has not been updated within the last year.

Answer

B. The certificate revocation list has not been updated.

CISA Question 3595

Question

Which of the following should an IS auditor review FIRST when planning a customer data privacy audit?

A. Legal and compliance requirements
B. Customer agreements
C. Organizational policies and procedures
D. Data classification

Answer

B. Customer agreements

CISA Question 3596

Question

The IS auditor has identified a potential fraud perpetrated by the network administrator. The IS auditor should:

A. issue a report to ensure a timely resolution
B. review the audit finding with the audit committee prior to any other discussions
C. perform more detailed tests prior to disclosing the audit results
D. share the potential audit finding with the security administrator

Answer

B. review the audit finding with the audit committee prior to any other discussions

CISA Question 3597

Question

Before concluding that internal controls can be relied upon, the IS auditor should:

A. discuss the internal control weaknesses with the auditee
B. document application controls
C. conduct tests of compliance
D. document the system of internal control

Answer

C. conduct tests of compliance

CISA Question 3598

Question

In a data center audit, an IS auditor finds that the humidity level is very low. The IS auditor would be MOST concerned because of an expected increase in:

A. employee discomfort
B. risk of fire
C. static electricity problems
D. backup tape failures

Answer

C. static electricity problems

CISA Question 3599

Question

An IS auditor considering the risks associated with spooling sensitive reports for off-line printing will be the MOST concerned that:

A. data can easily be read by operators
B. data can more easily be amended by unauthorized persons
C. unauthorized copies of reports can be printed
D. output will be lost if the system should fail

Answer

C. unauthorized copies of reports can be printed

CISA Question 3600

Question

Multiple invoices are usually received for individual purchase orders, since purchase orders require staggered delivery dates. Which of the following is the BEST audit technique to test for duplicate payments?

A. Run the data on the software programs used to process supplier payments.
B. Use generalized audit software on the invoice transaction file.
C. Run the data on the software programs used to process purchase orders.
D. Use generalized audit software on the purchase order transaction file.

Answer

A. Run the data on the software programs used to process supplier payments.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker