Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 35

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3601

Question

Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?

A. Number of false negatives
B. Number of false positives
C. Legitimate traffic blocked by the system
D. Reliability of IDS logs

Answer

A. Number of false negatives

CISA Question 3602

Question

An IS auditor has discovered that a cloud-based application was not included in an application inventory that was used to confirm the scope of an audit. The business process owner explained that the application will be audited by a third party in the next year. The auditor’s NEXT step should be to:

A. evaluate the impact of the cloud application on the audit scope
B. revise the audit scope to include the cloud-based application
C. review the audit report when performed by the third party
D. report the control deficiency to senior management

Answer

D. report the control deficiency to senior management

CISA Question 3603

Question

An IS auditor observes a system performance monitoring tool which states that a server critical to the organization averages high CPU utilization across a cluster of four virtual servers throughout the audit period. To determine if further investigation is required, an IS auditor should review:

A. the system process activity log
B. system baselines
C. the number of CPUs allocated to each virtual machine
D. organizational objectives

Answer

B. system baselines

CISA Question 3604

Question

An IS auditor has been invited to join an IT project team responsible for building and deploying a new digital customer marketing platform. Which of the following is the BEST way for the auditor to support this project while maintaining independence?

A. Develop selection criteria for potential digital technology vendors.
B. Conduct an industry peer benchmarking exercise and advise on alternative solutions.
C. Conduct a risk assessment of the proposed initiative.
D. Design controls based on current regulatory requirements for digital technologies.

Answer

A. Develop selection criteria for potential digital technology vendors.

CISA Question 3605

Question

In which of the following SDLC phases would the IS auditor expect to find that controls have been incorporated into system specifications?

A. Development
B. Implementation
C. Design
D. Feasibility

Answer

B. Implementation

CISA Question 3606

Question

Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack encrypted data at rest?

A. Use of symmetric encryption
B. Use of asymmetric encryption
C. Random key generation
D. Short key length

Answer

D. Short key length

CISA Question 3607

Question

Which of the following is the PRIMARY reason for an IS auditor to issue an interim audit report?

A. To avoid issuing a final audit report
B. To enable the auditor to complete the engagement in a timely manner
C. To provide feedback to the auditee for timely remediation
D. To provide follow-up opportunity during the audit

Answer

C. To provide feedback to the auditee for timely remediation

CISA Question 3608

Question

An IS auditor reviewing a new application for compliance with information privacy principles should be the MOST concerned with:

A. nonrepudiation
B. collection limitation
C. availability
D. awareness

Answer

B. collection limitation

CISA Question 3609

Question

An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?

A. Improve the change management process
B. Perform a configuration review
C. Establish security metrics
D. Perform a penetration test

Answer

B. Perform a configuration review

CISA Question 3610

Question

The risk that the IS auditor will not find an error that has occurred is identified by which of the following terms?

A. Control
B. Prevention
C. Inherent
D. Detection

Answer

A. Control

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker