Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 34

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3521

Question

An IS audit manager has been asked to perform a quality review on an audit that the same manager also supervised. Which of the following is the manager’s BEST response to this situation?

A. Notify the audit committee of the situation.
B. Escalate the situation to senior audit leadership.
C. Determine whether audit evidence supports audit conclusions.
D. Discuss with the audit team to understand how conclusions were reached.

Answer

A. Notify the audit committee of the situation.

CISA Question 3522

Question

The PRIMARY reason for an IS auditor to use data analytics techniques is to reduce which type of audit risk?

A. Technology risk
B. Inherent risk
C. Detection risk
D. Control risk

Answer

C. Detection risk

CISA Question 3523

Question

When auditing a quality assurance plan, an IS auditor should be MOST concerned if the:

A. quality assurance function is separate from the programming function.
B. SDLC is coupled with the quality assurance plan.
C. quality assurance function is periodically reviewed by internal audit.
D. scope of quality assurance activities is undefined.

Answer

D. scope of quality assurance activities is undefined.

CISA Question 3524

Question

Which of the following is the BEST control to detect errors in an accounts payable system?

A. Alignment of the process to business objectives
B. Quality control review of new payments
C. Management approval of payments
D. Input validation

Answer

D. Input validation

CISA Question 3525

Question

An internal audit department recently established a quality assurance (QA) program. Which of the following activities is MOST important to include as part of the QA program requirements?

A. Ongoing monitoring of the audit activities
B. Analysis of user satisfaction reports from business lines.
C. Feedback from internal audit staff
D. Long-term internal audit resource planning

Answer

A. Ongoing monitoring of the audit activities

CISA Question 3526

Question

Which of the following observations would an IS auditor consider the GREATEST risk when conducting an audit of a virtual server farm for potential software vulnerabilities?

A. The hypervisor is updated quarterly.
B. Guest operating systems are updated monthly.
C. Antivirus software has been implemented on the guest operating system only.
D. A variety of guest operating systems operate on one virtual server.

Answer

C. Antivirus software has been implemented on the guest operating system only.

CISA Question 3527

Question

Which of the following is MOST important for an IS auditor to review when evaluating the effectiveness of an organization’s incident response process?

A. Past incident response actions
B. Incident response staff experience and qualifications
C. Results from management testing of incident response procedures
D. Incident response roles and responsibilities

Answer

C. Results from management testing of incident response procedures

CISA Question 3528

Question

Which of the following is the BEST IS audit strategy?

A. Perform audits based on impact and probability of error and failure.
B. Cycle general control and application audits over a two-year period.
C. Conduct general control audits annually and application audits in alternating years.
D. Limit audits to new application system developments.

Answer

A. Perform audits based on impact and probability of error and failure.

CISA Question 3529

Question

While planning a security audit, an IS auditor is made aware of a security review carried out by external consultants. It is MOST important for the auditor to:

A. re-perform the security review.
B. accept the findings and conclusions of the consultants.
C. review similar reports issued by the consultants.
D. assess the objectivity and competence of the consultants.

Answer

D. assess the objectivity and competence of the consultants.

CISA Question 3530

Question

Which of the following is MOST important for an IS auditor to ensure is included in a global organization’s online data privacy notification to customers?

A. Consequences to the organization for mishandling the data
B. Consent terms including the purpose of data collection
C. Contact information for reporting violations of consent
D. Industry standards for data breach notification

Answer

B. Consent terms including the purpose of data collection

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker