The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3601
- Question
- Answer
- CISA Question 3602
- Question
- Answer
- CISA Question 3603
- Question
- Answer
- CISA Question 3604
- Question
- Answer
- CISA Question 3605
- Question
- Answer
- CISA Question 3606
- Question
- Answer
- CISA Question 3607
- Question
- Answer
- CISA Question 3608
- Question
- Answer
- CISA Question 3609
- Question
- Answer
- CISA Question 3610
- Question
- Answer
CISA Question 3601
Question
Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?
A. Number of false negatives
B. Number of false positives
C. Legitimate traffic blocked by the system
D. Reliability of IDS logs
Answer
A. Number of false negatives
CISA Question 3602
Question
An IS auditor has discovered that a cloud-based application was not included in an application inventory that was used to confirm the scope of an audit. The business process owner explained that the application will be audited by a third party in the next year. The auditor’s NEXT step should be to:
A. evaluate the impact of the cloud application on the audit scope
B. revise the audit scope to include the cloud-based application
C. review the audit report when performed by the third party
D. report the control deficiency to senior management
Answer
D. report the control deficiency to senior management
CISA Question 3603
Question
An IS auditor observes a system performance monitoring tool which states that a server critical to the organization averages high CPU utilization across a cluster of four virtual servers throughout the audit period. To determine if further investigation is required, an IS auditor should review:
A. the system process activity log
B. system baselines
C. the number of CPUs allocated to each virtual machine
D. organizational objectives
Answer
B. system baselines
CISA Question 3604
Question
An IS auditor has been invited to join an IT project team responsible for building and deploying a new digital customer marketing platform. Which of the following is the BEST way for the auditor to support this project while maintaining independence?
A. Develop selection criteria for potential digital technology vendors.
B. Conduct an industry peer benchmarking exercise and advise on alternative solutions.
C. Conduct a risk assessment of the proposed initiative.
D. Design controls based on current regulatory requirements for digital technologies.
Answer
A. Develop selection criteria for potential digital technology vendors.
CISA Question 3605
Question
In which of the following SDLC phases would the IS auditor expect to find that controls have been incorporated into system specifications?
A. Development
B. Implementation
C. Design
D. Feasibility
Answer
B. Implementation
CISA Question 3606
Question
Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack encrypted data at rest?
A. Use of symmetric encryption
B. Use of asymmetric encryption
C. Random key generation
D. Short key length
Answer
D. Short key length
CISA Question 3607
Question
Which of the following is the PRIMARY reason for an IS auditor to issue an interim audit report?
A. To avoid issuing a final audit report
B. To enable the auditor to complete the engagement in a timely manner
C. To provide feedback to the auditee for timely remediation
D. To provide follow-up opportunity during the audit
Answer
C. To provide feedback to the auditee for timely remediation
CISA Question 3608
Question
An IS auditor reviewing a new application for compliance with information privacy principles should be the MOST concerned with:
A. nonrepudiation
B. collection limitation
C. availability
D. awareness
Answer
B. collection limitation
CISA Question 3609
Question
An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?
A. Improve the change management process
B. Perform a configuration review
C. Establish security metrics
D. Perform a penetration test
Answer
B. Perform a configuration review
CISA Question 3610
Question
The risk that the IS auditor will not find an error that has occurred is identified by which of the following terms?
A. Control
B. Prevention
C. Inherent
D. Detection
Answer
A. Control