Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 34

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3541

Question

An organization’s disposal policy emphasizes obtaining maximum value for surplus IT media. The IS auditor should obtain assurance that:

A. the media is returned to the vendor for credit
B. any existing data is removed before disposal
C. identification labels are removed
D. the media is recycled to other groups within the organization

Answer

D. the media is recycled to other groups within the organization

CISA Question 3542

Question

An IS auditor is evaluating a virtual server environment and learns that the production server, development server, and management console are housed in the same physical host. What should be the auditor’s PRIMARY concern?

A. The physical host is a single point of failure
B. The management console is a single point of failure
C. The development server and management console share the same host
D. The development and production servers share the same host

Answer

A. The physical host is a single point of failure

CISA Question 3543

Question

Which of the following should be reviewed FIRST when planning an IS audit?

A. Recent financial information
B. Annual business unit budget
C. IS audit standards
D. The business environment

Answer

D. The business environment

CISA Question 3544

Question

Which of the following should an IS auditor verify when auditing the effectiveness of virus protection?

A. Frequency of IDS log reviews
B. Currency of software patch application
C. Schedule for migration to production
D. Frequency of external Internet access

Answer

B. Currency of software patch application

CISA Question 3545

Question

When following up on a data breach, an IS auditor finds a system administrator may have compromised the chain of custody. Which of the following should the system administrator have done FIRST to preserve the evidence?

A. Perform forensic discovery
B. Notify key stakeholders
C. Quarantine the system
D. Notify the incident response team

Answer

D. Notify the incident response team

CISA Question 3546

Question

An IS auditor reviewing the threat assessment for a data center would be MOST concerned if:

A. all identified threats relate to external entities
B. some of the identified threats are unlikely to occur
C. neighboring organizations’ operations have been included
D. the exercise was completed by local management

Answer

D. the exercise was completed by local management

CISA Question 3547

Question

An IS auditor is conducting a pre-implementation review to determine a new system’s production readiness. The auditor’s PRIMARY concern should be whether:

A. the project adhered to the budget and target date
B. users were involved in the quality assurance (QA) testing
C. there are unresolved high-risk items
D. benefits realization has been evidenced

Answer

C. there are unresolved high-risk items

CISA Question 3548

Question

A senior auditor is reviewing work papers prepared by a junior auditor indicating that a finding was removed after the auditee said they corrected the problem.
Which of the following is the senior auditor’s MOST appropriate course of action?

A. Approve the work papers as written
B. Refer the issue to the audit director
C. Have the finding reinstated
D. Ask the auditee to retest

Answer

C. Have the finding reinstated

CISA Question 3549

Question

During an IS audit, it is discovered that security configurations differ across the organization’s virtual server farm. Which of the following is the IS auditor’s BEST recommendation for improving the control environment?

A. Conduct an independent review of each server’s security configuration
B. Implement a security configuration baseline for virtual servers
C. Implement security monitoring controls for high-risk virtual servers
D. Conduct a standard patch management review across the virtual server farm

Answer

B. Implement a security configuration baseline for virtual servers

CISA Question 3550

Question

An IS auditor is reviewing an organization’s incident management processes and procedures. Which of the following observations should be the auditor’s GREATEST concern?

A. Ineffective incident classification
B. Ineffective incident prioritization
C. Ineffective incident detection
D. Ineffective post-incident review

Answer

C. Ineffective incident detection

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker