Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 34

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3561

Question

An organization plans to deploy Wi-Fi location analytics to count the number of shoppers per day across its various retail outlets. What should the IS auditor recommend as the FIRST course of action by IT management?

A. Conduct a privacy impact assessment
B. Mask media access control (MAC) addresses
C. Survey shoppers for feedback
D. Develop a privacy notice to be displayed to shoppers

Answer

A. Conduct a privacy impact assessment

CISA Question 3562

Question

Which of the following findings would be of MOST concern to an IS auditor performing a review of an end-user developed application that generates financial statements?

A. The application is not sufficiently supported by the IT department
B. There is not adequate training in the use of the application
C. There is no adequate user license for the application
D. There is no control to ensure accuracy of the processed data

Answer

D. There is no control to ensure accuracy of the processed data

CISA Question 3563

Question

Which audit technique provides the GREATEST assurance that incident management procedures are effective?

A. Determining whether incidents are categorized and addressed
B. Performing comprehensive vulnerability scanning and penetration testing
C. Comparing incident management procedures to best practices
D. Evaluating end-user satisfaction survey results

Answer

B. Performing comprehensive vulnerability scanning and penetration testing

CISA Question 3564

Question

A business has requested an IS audit to determine whether information stored in an application system is adequately protected. Which of the following is the MOST important action before the audit work begins?

A. Establish control objectives
B. Conduct a vulnerability analysis
C. Perform penetration testing
D. Review remediation reports

Answer

A. Establish control objectives

CISA Question 3565

Question

Which of the following audit techniques is MOST appropriate for verifying application program controls?

A. Statistical sampling
B. Code review
C. Confirmation of accounts
D. Use of test data

Answer

D. Use of test data

CISA Question 3566

Question

Management disagrees with a finding in a draft audit report and provides supporting documentation. Which of the following should be the IS auditor’s NEXT course of action?

A. Document management’s disagreement in the final report
B. Evaluate the supporting documentation
C. Escalate the issue with supporting documentation to senior management
D. Finalize the draft audit report without changes

Answer

B. Evaluate the supporting documentation

CISA Question 3567

Question

During a privileged access review, an IS auditor observes many help desk employees have privileges within systems not required for their job functions.
Implementing which of the following would have prevented this situation?

A. Separation of duties
B. Multi-factor authentication
C. Least privilege access
D. Privileged access reviews

Answer

C. Least privilege access

CISA Question 3568

Question

During a follow-up audit, an IS auditor learns the organization implemented an automated process instead of the originally agreed upon enhancement of the manual process. The auditor should:

A. report the finding that recommendations were not acted upon
B. perform a cost-benefit analysis on the new process
C. verify that the new process satisfies control objectives
D. report the recommendation as implemented

Answer

C. verify that the new process satisfies control objectives

CISA Question 3569

Question

Which of the following is MOST important for an IS auditor to determine when reviewing how the organization’s incident response team handles devices that may be involved in criminal activity?

A. Whether devices are checked for malicious applications
B. Whether the access logs are checked before seizing the devices
C. Whether users have knowledge of their devices being examined
D. Whether there is a chain of custody for the devices

Answer

D. Whether there is a chain of custody for the devices

CISA Question 3570

Question

Which of the following is the MOST appropriate responsibility of an IS auditor involved in a data center renovation project?

A. Performing independent reviews of responsible parties engaged in the project
B. Ensuring the project progresses as scheduled and milestones are achieved
C. Performing day-to-day activities to ensure the successful completion of the project
D. Providing sign off on the design of controls for the data center

Answer

A. Performing independent reviews of responsible parties engaged in the project

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker