The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3541
- Question
- Answer
- CISA Question 3542
- Question
- Answer
- CISA Question 3543
- Question
- Answer
- CISA Question 3544
- Question
- Answer
- CISA Question 3545
- Question
- Answer
- CISA Question 3546
- Question
- Answer
- CISA Question 3547
- Question
- Answer
- CISA Question 3548
- Question
- Answer
- CISA Question 3549
- Question
- Answer
- CISA Question 3550
- Question
- Answer
CISA Question 3541
Question
An organization’s disposal policy emphasizes obtaining maximum value for surplus IT media. The IS auditor should obtain assurance that:
A. the media is returned to the vendor for credit
B. any existing data is removed before disposal
C. identification labels are removed
D. the media is recycled to other groups within the organization
Answer
D. the media is recycled to other groups within the organization
CISA Question 3542
Question
An IS auditor is evaluating a virtual server environment and learns that the production server, development server, and management console are housed in the same physical host. What should be the auditor’s PRIMARY concern?
A. The physical host is a single point of failure
B. The management console is a single point of failure
C. The development server and management console share the same host
D. The development and production servers share the same host
Answer
A. The physical host is a single point of failure
CISA Question 3543
Question
Which of the following should be reviewed FIRST when planning an IS audit?
A. Recent financial information
B. Annual business unit budget
C. IS audit standards
D. The business environment
Answer
D. The business environment
CISA Question 3544
Question
Which of the following should an IS auditor verify when auditing the effectiveness of virus protection?
A. Frequency of IDS log reviews
B. Currency of software patch application
C. Schedule for migration to production
D. Frequency of external Internet access
Answer
B. Currency of software patch application
CISA Question 3545
Question
When following up on a data breach, an IS auditor finds a system administrator may have compromised the chain of custody. Which of the following should the system administrator have done FIRST to preserve the evidence?
A. Perform forensic discovery
B. Notify key stakeholders
C. Quarantine the system
D. Notify the incident response team
Answer
D. Notify the incident response team
CISA Question 3546
Question
An IS auditor reviewing the threat assessment for a data center would be MOST concerned if:
A. all identified threats relate to external entities
B. some of the identified threats are unlikely to occur
C. neighboring organizations’ operations have been included
D. the exercise was completed by local management
Answer
D. the exercise was completed by local management
CISA Question 3547
Question
An IS auditor is conducting a pre-implementation review to determine a new system’s production readiness. The auditor’s PRIMARY concern should be whether:
A. the project adhered to the budget and target date
B. users were involved in the quality assurance (QA) testing
C. there are unresolved high-risk items
D. benefits realization has been evidenced
Answer
C. there are unresolved high-risk items
CISA Question 3548
Question
A senior auditor is reviewing work papers prepared by a junior auditor indicating that a finding was removed after the auditee said they corrected the problem.
Which of the following is the senior auditor’s MOST appropriate course of action?
A. Approve the work papers as written
B. Refer the issue to the audit director
C. Have the finding reinstated
D. Ask the auditee to retest
Answer
C. Have the finding reinstated
CISA Question 3549
Question
During an IS audit, it is discovered that security configurations differ across the organization’s virtual server farm. Which of the following is the IS auditor’s BEST recommendation for improving the control environment?
A. Conduct an independent review of each server’s security configuration
B. Implement a security configuration baseline for virtual servers
C. Implement security monitoring controls for high-risk virtual servers
D. Conduct a standard patch management review across the virtual server farm
Answer
B. Implement a security configuration baseline for virtual servers
CISA Question 3550
Question
An IS auditor is reviewing an organization’s incident management processes and procedures. Which of the following observations should be the auditor’s GREATEST concern?
A. Ineffective incident classification
B. Ineffective incident prioritization
C. Ineffective incident detection
D. Ineffective post-incident review
Answer
C. Ineffective incident detection