The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3531
- Question
- Answer
- CISA Question 3532
- Question
- Answer
- CISA Question 3533
- Question
- Answer
- CISA Question 3534
- Question
- Answer
- CISA Question 3535
- Question
- Answer
- CISA Question 3536
- Question
- Answer
- CISA Question 3537
- Question
- Answer
- CISA Question 3538
- Question
- Answer
- CISA Question 3539
- Question
- Answer
- CISA Question 3540
- Question
- Answer
CISA Question 3531
Question
What would be of GREATEST concern to an IS auditor observing shared key cards being utilized to access an organization’s data center?
A. The lack of a multi-factor authentication system
B. The inability to identify who has entered the data center
C. The inability to track the number of misplaced cards
D. The lack of enforcement of organizational policy and procedures
Answer
B. The inability to identify who has entered the data center
CISA Question 3532
Question
Which of the following findings would be of GREATEST concern to an IS auditor reviewing an organization’s newly implemented online security awareness program?
A. Only new employees are required to attend the program
B. The timing for program updates has not been determined
C. Metrics have not been established to assess training results
D. Employees do not receive immediate notification of results
Answer
C. Metrics have not been established to assess training results
CISA Question 3533
Question
An organization allows employee use of personal mobile devices for corporate email. Which of the following should be the GREATEST IS audit concern?
A. Email forwarding to private devices requires excessive network bandwidth
B. There is no corporate policy for the acceptable use of private devices
C. There is no adequate tracking of the working time spent out-of-hours
D. The help desk is not able to fully support different kinds of private devices
Answer
B. There is no corporate policy for the acceptable use of private devices
CISA Question 3534
Question
During a follow-up audit, an IS auditor concludes that a previously identified issue has not been adequately remediated. The auditee insists the risk has been addressed. The auditor should:
A. recommend an independent assessment by a third party
B. report the disagreement according to established procedures
C. follow-up on the finding next year
D. accept the auditee’s position and close the finding
Answer
A. recommend an independent assessment by a third party
CISA Question 3535
Question
When continuous monitoring systems are being implemented, an IS auditor should FIRST identify:
A. the location and format of output files
B. applications that provide the highest financial risk
C. high-risk areas within the organization
D. the controls on which to focus
Answer
D. the controls on which to focus
CISA Question 3536
Question
An IS auditor is evaluating the security of an organization’s data backup process, which includes the transmission of daily incremental backups to a dedicated offsite server. Which of the following findings poses the GREATEST risk to the organization?
A. Backup transmissions are not encrypted
B. Backup transmissions occasionally fail
C. Data recovery testing is conducted once per year
D. The archived data log is incomplete
Answer
A. Backup transmissions are not encrypted
CISA Question 3537
Question
Which of the following should an IS auditor expect to see in a network vulnerability assessment?
A. Misconfiguration and missing updates
B. Malicious software and spyware
C. Security design flaws
D. Zero-day vulnerabilities
Answer
C. Security design flaws
CISA Question 3538
Question
An IS auditor is involved with a project and finds an IT project stakeholder wants to make a change that could affect both the project scope and schedule. Which of the following would be the MOST appropriate action for the project manager with respect to the change request?
A. Recommend to the project sponsor whether to approve the change
B. Modify the project plan as a result of the change
C. Evaluate the impact of the change
D. Ignore out-of-scope requests
Answer
C. Evaluate the impact of the change
CISA Question 3539
Question
Which of the following is MOST important for an IS auditor to verify after finding repeated unauthorized access attempts were recorded on a security report?
A. Password reset requests have been confirmed as legitimate
B. There is evidence that the incident was investigated
C. System configuration changes are properly tracked
D. A comprehensive access policy has been established
Answer
B. There is evidence that the incident was investigated
CISA Question 3540
Question
An auditor notes the administrator user ID is shared among three financial managers to perform month-end updates. Which of the following is the BEST recommendation to ensure the administrator ID in the financial system is controlled effectively?
A. Implement use of individual software tokens
B. Conduct employee awareness training
C. Institute user ID logging and monitoring
D. Ensure data in the financial systems has been classified
Answer
A. Implement use of individual software tokens