The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3571
- Question
- Answer
- CISA Question 3572
- Question
- Answer
- CISA Question 3573
- Question
- Answer
- CISA Question 3574
- Question
- Answer
- CISA Question 3575
- Question
- Answer
- CISA Question 3576
- Question
- Answer
- CISA Question 3577
- Question
- Answer
- CISA Question 3578
- Question
- Answer
- CISA Question 3579
- Question
- Answer
- CISA Question 3580
- Question
- Answer
CISA Question 3571
Question
An IS auditor is reviewing a bank’s service level agreement (SLA) with a third-party provider that hosts the bank’s secondary data center. Which of the following findings should be of GREATEST concern to the auditor?
A. The recovery point objective (RPO) has a shorter duration than documented in the disaster recovery plan
B. The recovery time objective (RTO) has a longer duration than documented in the disaster recovery plan
C. Backup data is hosted online only
D. The SLA has not been reviewed in more than a year
Answer
B. The recovery time objective (RTO) has a longer duration than documented in the disaster recovery plan
CISA Question 3572
Question
Which of the following should an IS auditor be MOST concerned with during a post-implementation review?
A. The system does not have a maintenance plan
B. The system contains several minor defects
C. The system was over budget by 15%
D. The system deployment was delayed by three weeks
Answer
A. The system does not have a maintenance plan
CISA Question 3573
Question
When conducting a review of security incident management, an IS auditor found there are no defined escalation processes. All incidents are managed by the service desk. Which of the following should be the auditor’s PRIMARY concern?
A. Inefficient use of service desk resources
B. Management’s lack of awareness of high impact incidents
C. Delays in resolving low priority trouble tickets
D. Management’s inability to follow up on incident resolution
Answer
B. Management’s lack of awareness of high impact incidents
CISA Question 3574
Question
If concurrent update transactions to an account are not processed properly, which of the following will be affected?
A. Integrity
B. Confidentiality
C. Availability
D. Accountability
Answer
A. Integrity
CISA Question 3575
Question
Audit management has just completed the annual audit plan for the upcoming year, which consists entirely of high-risk processes. However, it is determined that there are insufficient resources to execute the plan. What should be done NEXT?
A. Remove audits from the annual plan to better match the number of resources available
B. Reduce the scope of the audits to better match the number of resources available
C. Present the annual plan to the audit committee and ask for more resources
D. Review the audit plan and defer some audits to the subsequent year
Answer
C. Present the annual plan to the audit committee and ask for more resources
CISA Question 3576
Question
An IS auditor is conducting a review of a healthcare organization’s IT policies for handling medical records. Which of the following is MOST important to verify?
A. A documented policy approval process is in place
B. Policy writing standards are consistent
C. The policies comply with regulatory requirements
D. IT personnel receive ongoing policy training
Answer
C. The policies comply with regulatory requirements
CISA Question 3577
Question
Which of the following provides the BEST evidence of successfully completed batch uploads?
A. Sign-off on the batch journal
B. Using sequence controls
C. Enforcing batch cut-off times
D. Reviewing process logs
Answer
D. Reviewing process logs
CISA Question 3578
Question
An IS auditor has completed an audit on the organization’s IT strategic planning process. Which of the following findings should be given the HIGHEST priority?
A. The IT strategic plan was completed prior to the formulation of the business strategic plan
B. Assumptions in the IT strategic plan have not been communicated to business stakeholders
C. The IT strategic plan was formulated based on the current IT capabilities
D. The IT strategic plan does not include resource requirements for implementation
Answer
A. The IT strategic plan was completed prior to the formulation of the business strategic plan
CISA Question 3579
Question
An audit of the quality management system (QMS) begins with an evaluation of the:
A. organization’s QMS policy
B. sequence and interaction of QMS processes
C. QMS processes and their application
D. QMS document control procedures
Answer
A. organization’s QMS policy
CISA Question 3580
Question
An internal control audit has revealed a control deficiency related to a legacy system where the compensating controls no longer appear to be effective. Which of the following would BEST help the information security manager determine the security requirements to resolve the control deficiency?
A. Cost-benefit analysis
B. Gap analysis
C. Risk assessment
D. Business case
Answer
B. Gap analysis