Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 34

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3551

Question

An IS auditor is assessing risk associated with peer-to-peer file sharing within an organization. Which of the following should be of GREATEST concern?

A. File-sharing policies have not been reviewed since last year
B. Only some employees are required to attend security awareness training
C. Not all devices are running antivirus programs
D. The organization does not have an efficient patch management process

Answer

C. Not all devices are running antivirus programs

CISA Question 3552

Question

Assessments of critical information systems are based on a cyclical audit plan that has not been updated for several years. Which of the following should the IS auditor recommend to BEST address this situation?

A. Use a revolving set of audit plans to cover all systems
B. Update the audit plan quarterly to account for delays and deferrals of periodic reviews
C. Regularly validate the audit plan against business risks
D. Do not include periodic reviews in detail as part of the audit plan

Answer

C. Regularly validate the audit plan against business risks

CISA Question 3553

Question

An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found. Which sampling method would be appropriate?

A. Discovery sampling
B. Variable sampling
C. Stratified sampling
D. Judgmental sampling

Answer

A. Discovery sampling

CISA Question 3554

Question

When evaluating the ability of a disaster recovery plan (DRP) to enable the recovery of IT processing capabilities, it is MOST important for the IS auditor to verify the plan is:

A. stored at an offsite location
B. communicated to department heads
C. regularly reviewed
D. periodically tested

Answer

C. regularly reviewed

CISA Question 3555

Question

The MAIN benefit of using an integrated test facility (ITF) as an online auditing technique is that it enables:

A. a cost-effective approach to application controls audit
B. auditors to investigate fraudulent transactions
C. auditors to test without impacting production data
D. the integration of financial and audit tests

Answer

C. auditors to test without impacting production data

CISA Question 3556

Question

An organization is concerned about duplicate vendor payments on a complex system with a high volume of transactions. Which of the following would be MOST helpful to an IS auditor to determine whether duplicate vendor payments exist?

A. Computer-assisted technique
B. Stop-and-go testing
C. Statistical sampling
D. Judgmental sampling

Answer

A. Computer-assisted technique

CISA Question 3557

Question

During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?

A. Inherent risk
B. Sampling risk
C. Control risk
D. Detection risk

Answer

D. Detection risk

CISA Question 3558

Question

An IS auditor conducting audit follow-up activities learns that some previously agreed-upon corrective actions have not been taken and that the associated risk has been accepted by senior management. If the auditor disagrees with management’s decision, what is the BEST way to address the situation?

A. Repeat the audit with audit scope only covering areas with accepted risks
B. Report the issue to the chief audit executive for resolution
C. Recommend new corrective actions to mitigate the accepted risk
D. Take no action since management’s decision has been made

Answer

B. Report the issue to the chief audit executive for resolution

CISA Question 3559

Question

When auditing the effectiveness of a biometric system, which of the following indicators would be MOST important to review?

A. False negatives
B. False acceptance rate
C. Failure to enroll rate
D. System response time

Answer

B. False acceptance rate

CISA Question 3560

Question

An IS auditor discovered abnormalities in a monthly report generated from a system upgraded six months ago. Which of the following should be the auditor’s FIRST course of action?

A. Inspect source code for proof of abnormalities
B. Perform a change management review of the system
C. Schedule an access review of the system
D. Determine the impact of abnormalities in the report

Answer

D. Determine the impact of abnormalities in the report

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker