The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3521
- Question
- Answer
- CISA Question 3522
- Question
- Answer
- CISA Question 3523
- Question
- Answer
- CISA Question 3524
- Question
- Answer
- CISA Question 3525
- Question
- Answer
- CISA Question 3526
- Question
- Answer
- CISA Question 3527
- Question
- Answer
- CISA Question 3528
- Question
- Answer
- CISA Question 3529
- Question
- Answer
- CISA Question 3530
- Question
- Answer
CISA Question 3521
Question
An IS audit manager has been asked to perform a quality review on an audit that the same manager also supervised. Which of the following is the manager’s BEST response to this situation?
A. Notify the audit committee of the situation.
B. Escalate the situation to senior audit leadership.
C. Determine whether audit evidence supports audit conclusions.
D. Discuss with the audit team to understand how conclusions were reached.
Answer
A. Notify the audit committee of the situation.
CISA Question 3522
Question
The PRIMARY reason for an IS auditor to use data analytics techniques is to reduce which type of audit risk?
A. Technology risk
B. Inherent risk
C. Detection risk
D. Control risk
Answer
C. Detection risk
CISA Question 3523
Question
When auditing a quality assurance plan, an IS auditor should be MOST concerned if the:
A. quality assurance function is separate from the programming function.
B. SDLC is coupled with the quality assurance plan.
C. quality assurance function is periodically reviewed by internal audit.
D. scope of quality assurance activities is undefined.
Answer
D. scope of quality assurance activities is undefined.
CISA Question 3524
Question
Which of the following is the BEST control to detect errors in an accounts payable system?
A. Alignment of the process to business objectives
B. Quality control review of new payments
C. Management approval of payments
D. Input validation
Answer
D. Input validation
CISA Question 3525
Question
An internal audit department recently established a quality assurance (QA) program. Which of the following activities is MOST important to include as part of the QA program requirements?
A. Ongoing monitoring of the audit activities
B. Analysis of user satisfaction reports from business lines.
C. Feedback from internal audit staff
D. Long-term internal audit resource planning
Answer
A. Ongoing monitoring of the audit activities
CISA Question 3526
Question
Which of the following observations would an IS auditor consider the GREATEST risk when conducting an audit of a virtual server farm for potential software vulnerabilities?
A. The hypervisor is updated quarterly.
B. Guest operating systems are updated monthly.
C. Antivirus software has been implemented on the guest operating system only.
D. A variety of guest operating systems operate on one virtual server.
Answer
C. Antivirus software has been implemented on the guest operating system only.
CISA Question 3527
Question
Which of the following is MOST important for an IS auditor to review when evaluating the effectiveness of an organization’s incident response process?
A. Past incident response actions
B. Incident response staff experience and qualifications
C. Results from management testing of incident response procedures
D. Incident response roles and responsibilities
Answer
C. Results from management testing of incident response procedures
CISA Question 3528
Question
Which of the following is the BEST IS audit strategy?
A. Perform audits based on impact and probability of error and failure.
B. Cycle general control and application audits over a two-year period.
C. Conduct general control audits annually and application audits in alternating years.
D. Limit audits to new application system developments.
Answer
A. Perform audits based on impact and probability of error and failure.
CISA Question 3529
Question
While planning a security audit, an IS auditor is made aware of a security review carried out by external consultants. It is MOST important for the auditor to:
A. re-perform the security review.
B. accept the findings and conclusions of the consultants.
C. review similar reports issued by the consultants.
D. assess the objectivity and competence of the consultants.
Answer
D. assess the objectivity and competence of the consultants.
CISA Question 3530
Question
Which of the following is MOST important for an IS auditor to ensure is included in a global organization’s online data privacy notification to customers?
A. Consequences to the organization for mishandling the data
B. Consent terms including the purpose of data collection
C. Contact information for reporting violations of consent
D. Industry standards for data breach notification
Answer
B. Consent terms including the purpose of data collection