The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3551
- Question
- Answer
- CISA Question 3552
- Question
- Answer
- CISA Question 3553
- Question
- Answer
- CISA Question 3554
- Question
- Answer
- CISA Question 3555
- Question
- Answer
- CISA Question 3556
- Question
- Answer
- CISA Question 3557
- Question
- Answer
- CISA Question 3558
- Question
- Answer
- CISA Question 3559
- Question
- Answer
- CISA Question 3560
- Question
- Answer
CISA Question 3551
Question
An IS auditor is assessing risk associated with peer-to-peer file sharing within an organization. Which of the following should be of GREATEST concern?
A. File-sharing policies have not been reviewed since last year
B. Only some employees are required to attend security awareness training
C. Not all devices are running antivirus programs
D. The organization does not have an efficient patch management process
Answer
C. Not all devices are running antivirus programs
CISA Question 3552
Question
Assessments of critical information systems are based on a cyclical audit plan that has not been updated for several years. Which of the following should the IS auditor recommend to BEST address this situation?
A. Use a revolving set of audit plans to cover all systems
B. Update the audit plan quarterly to account for delays and deferrals of periodic reviews
C. Regularly validate the audit plan against business risks
D. Do not include periodic reviews in detail as part of the audit plan
Answer
C. Regularly validate the audit plan against business risks
CISA Question 3553
Question
An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found. Which sampling method would be appropriate?
A. Discovery sampling
B. Variable sampling
C. Stratified sampling
D. Judgmental sampling
Answer
A. Discovery sampling
CISA Question 3554
Question
When evaluating the ability of a disaster recovery plan (DRP) to enable the recovery of IT processing capabilities, it is MOST important for the IS auditor to verify the plan is:
A. stored at an offsite location
B. communicated to department heads
C. regularly reviewed
D. periodically tested
Answer
C. regularly reviewed
CISA Question 3555
Question
The MAIN benefit of using an integrated test facility (ITF) as an online auditing technique is that it enables:
A. a cost-effective approach to application controls audit
B. auditors to investigate fraudulent transactions
C. auditors to test without impacting production data
D. the integration of financial and audit tests
Answer
C. auditors to test without impacting production data
CISA Question 3556
Question
An organization is concerned about duplicate vendor payments on a complex system with a high volume of transactions. Which of the following would be MOST helpful to an IS auditor to determine whether duplicate vendor payments exist?
A. Computer-assisted technique
B. Stop-and-go testing
C. Statistical sampling
D. Judgmental sampling
Answer
A. Computer-assisted technique
CISA Question 3557
Question
During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?
A. Inherent risk
B. Sampling risk
C. Control risk
D. Detection risk
Answer
D. Detection risk
CISA Question 3558
Question
An IS auditor conducting audit follow-up activities learns that some previously agreed-upon corrective actions have not been taken and that the associated risk has been accepted by senior management. If the auditor disagrees with management’s decision, what is the BEST way to address the situation?
A. Repeat the audit with audit scope only covering areas with accepted risks
B. Report the issue to the chief audit executive for resolution
C. Recommend new corrective actions to mitigate the accepted risk
D. Take no action since management’s decision has been made
Answer
B. Report the issue to the chief audit executive for resolution
CISA Question 3559
Question
When auditing the effectiveness of a biometric system, which of the following indicators would be MOST important to review?
A. False negatives
B. False acceptance rate
C. Failure to enroll rate
D. System response time
Answer
B. False acceptance rate
CISA Question 3560
Question
An IS auditor discovered abnormalities in a monthly report generated from a system upgraded six months ago. Which of the following should be the auditor’s FIRST course of action?
A. Inspect source code for proof of abnormalities
B. Perform a change management review of the system
C. Schedule an access review of the system
D. Determine the impact of abnormalities in the report
Answer
D. Determine the impact of abnormalities in the report