Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 34

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3531

Question

What would be of GREATEST concern to an IS auditor observing shared key cards being utilized to access an organization’s data center?

A. The lack of a multi-factor authentication system
B. The inability to identify who has entered the data center
C. The inability to track the number of misplaced cards
D. The lack of enforcement of organizational policy and procedures

Answer

B. The inability to identify who has entered the data center

CISA Question 3532

Question

Which of the following findings would be of GREATEST concern to an IS auditor reviewing an organization’s newly implemented online security awareness program?

A. Only new employees are required to attend the program
B. The timing for program updates has not been determined
C. Metrics have not been established to assess training results
D. Employees do not receive immediate notification of results

Answer

C. Metrics have not been established to assess training results

CISA Question 3533

Question

An organization allows employee use of personal mobile devices for corporate email. Which of the following should be the GREATEST IS audit concern?

A. Email forwarding to private devices requires excessive network bandwidth
B. There is no corporate policy for the acceptable use of private devices
C. There is no adequate tracking of the working time spent out-of-hours
D. The help desk is not able to fully support different kinds of private devices

Answer

B. There is no corporate policy for the acceptable use of private devices

CISA Question 3534

Question

During a follow-up audit, an IS auditor concludes that a previously identified issue has not been adequately remediated. The auditee insists the risk has been addressed. The auditor should:

A. recommend an independent assessment by a third party
B. report the disagreement according to established procedures
C. follow-up on the finding next year
D. accept the auditee’s position and close the finding

Answer

A. recommend an independent assessment by a third party

CISA Question 3535

Question

When continuous monitoring systems are being implemented, an IS auditor should FIRST identify:

A. the location and format of output files
B. applications that provide the highest financial risk
C. high-risk areas within the organization
D. the controls on which to focus

Answer

D. the controls on which to focus

CISA Question 3536

Question

An IS auditor is evaluating the security of an organization’s data backup process, which includes the transmission of daily incremental backups to a dedicated offsite server. Which of the following findings poses the GREATEST risk to the organization?

A. Backup transmissions are not encrypted
B. Backup transmissions occasionally fail
C. Data recovery testing is conducted once per year
D. The archived data log is incomplete

Answer

A. Backup transmissions are not encrypted

CISA Question 3537

Question

Which of the following should an IS auditor expect to see in a network vulnerability assessment?

A. Misconfiguration and missing updates
B. Malicious software and spyware
C. Security design flaws
D. Zero-day vulnerabilities

Answer

C. Security design flaws

CISA Question 3538

Question

An IS auditor is involved with a project and finds an IT project stakeholder wants to make a change that could affect both the project scope and schedule. Which of the following would be the MOST appropriate action for the project manager with respect to the change request?

A. Recommend to the project sponsor whether to approve the change
B. Modify the project plan as a result of the change
C. Evaluate the impact of the change
D. Ignore out-of-scope requests

Answer

C. Evaluate the impact of the change

CISA Question 3539

Question

Which of the following is MOST important for an IS auditor to verify after finding repeated unauthorized access attempts were recorded on a security report?

A. Password reset requests have been confirmed as legitimate
B. There is evidence that the incident was investigated
C. System configuration changes are properly tracked
D. A comprehensive access policy has been established

Answer

B. There is evidence that the incident was investigated

CISA Question 3540

Question

An auditor notes the administrator user ID is shared among three financial managers to perform month-end updates. Which of the following is the BEST recommendation to ensure the administrator ID in the financial system is controlled effectively?

A. Implement use of individual software tokens
B. Conduct employee awareness training
C. Institute user ID logging and monitoring
D. Ensure data in the financial systems has been classified

Answer

A. Implement use of individual software tokens

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker