The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3561
- Question
- Answer
- CISA Question 3562
- Question
- Answer
- CISA Question 3563
- Question
- Answer
- CISA Question 3564
- Question
- Answer
- CISA Question 3565
- Question
- Answer
- CISA Question 3566
- Question
- Answer
- CISA Question 3567
- Question
- Answer
- CISA Question 3568
- Question
- Answer
- CISA Question 3569
- Question
- Answer
- CISA Question 3570
- Question
- Answer
CISA Question 3561
Question
An organization plans to deploy Wi-Fi location analytics to count the number of shoppers per day across its various retail outlets. What should the IS auditor recommend as the FIRST course of action by IT management?
A. Conduct a privacy impact assessment
B. Mask media access control (MAC) addresses
C. Survey shoppers for feedback
D. Develop a privacy notice to be displayed to shoppers
Answer
A. Conduct a privacy impact assessment
CISA Question 3562
Question
Which of the following findings would be of MOST concern to an IS auditor performing a review of an end-user developed application that generates financial statements?
A. The application is not sufficiently supported by the IT department
B. There is not adequate training in the use of the application
C. There is no adequate user license for the application
D. There is no control to ensure accuracy of the processed data
Answer
D. There is no control to ensure accuracy of the processed data
CISA Question 3563
Question
Which audit technique provides the GREATEST assurance that incident management procedures are effective?
A. Determining whether incidents are categorized and addressed
B. Performing comprehensive vulnerability scanning and penetration testing
C. Comparing incident management procedures to best practices
D. Evaluating end-user satisfaction survey results
Answer
B. Performing comprehensive vulnerability scanning and penetration testing
CISA Question 3564
Question
A business has requested an IS audit to determine whether information stored in an application system is adequately protected. Which of the following is the MOST important action before the audit work begins?
A. Establish control objectives
B. Conduct a vulnerability analysis
C. Perform penetration testing
D. Review remediation reports
Answer
A. Establish control objectives
CISA Question 3565
Question
Which of the following audit techniques is MOST appropriate for verifying application program controls?
A. Statistical sampling
B. Code review
C. Confirmation of accounts
D. Use of test data
Answer
D. Use of test data
CISA Question 3566
Question
Management disagrees with a finding in a draft audit report and provides supporting documentation. Which of the following should be the IS auditor’s NEXT course of action?
A. Document management’s disagreement in the final report
B. Evaluate the supporting documentation
C. Escalate the issue with supporting documentation to senior management
D. Finalize the draft audit report without changes
Answer
B. Evaluate the supporting documentation
CISA Question 3567
Question
During a privileged access review, an IS auditor observes many help desk employees have privileges within systems not required for their job functions.
Implementing which of the following would have prevented this situation?
A. Separation of duties
B. Multi-factor authentication
C. Least privilege access
D. Privileged access reviews
Answer
C. Least privilege access
CISA Question 3568
Question
During a follow-up audit, an IS auditor learns the organization implemented an automated process instead of the originally agreed upon enhancement of the manual process. The auditor should:
A. report the finding that recommendations were not acted upon
B. perform a cost-benefit analysis on the new process
C. verify that the new process satisfies control objectives
D. report the recommendation as implemented
Answer
C. verify that the new process satisfies control objectives
CISA Question 3569
Question
Which of the following is MOST important for an IS auditor to determine when reviewing how the organization’s incident response team handles devices that may be involved in criminal activity?
A. Whether devices are checked for malicious applications
B. Whether the access logs are checked before seizing the devices
C. Whether users have knowledge of their devices being examined
D. Whether there is a chain of custody for the devices
Answer
D. Whether there is a chain of custody for the devices
CISA Question 3570
Question
Which of the following is the MOST appropriate responsibility of an IS auditor involved in a data center renovation project?
A. Performing independent reviews of responsible parties engaged in the project
B. Ensuring the project progresses as scheduled and milestones are achieved
C. Performing day-to-day activities to ensure the successful completion of the project
D. Providing sign off on the design of controls for the data center
Answer
A. Performing independent reviews of responsible parties engaged in the project