The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3611
- Question
- Answer
- CISA Question 3612
- Question
- Answer
- CISA Question 3613
- Question
- Answer
- CISA Question 3614
- Question
- Answer
- CISA Question 3615
- Question
- Answer
- CISA Question 3616
- Question
- Answer
- CISA Question 3617
- Question
- Answer
- CISA Question 3618
- Question
- Answer
- CISA Question 3619
- Question
- Answer
- CISA Question 3620
- Question
- Answer
CISA Question 3611
Question
An IS auditor is evaluating the completeness of privacy procedures involving personally identifiable information (PII). Which of the following is MOST important for the auditor to verify is included in the procedures?
A. Regulatory requirements for protecting PII
B. The organization’s definition of PII
C. Encryption requirements for transmitting PII externally
D. A description of how PII is masked within key systems
Answer
A. Regulatory requirements for protecting PII
CISA Question 3612
Question
An IS auditor submitted audit reports and scheduled a follow-up audit engagement with a client. The client has requested to engage the services of the same auditor to develop enhanced controls. What is the GREATEST concern with this request?
A. It would require the approval of the audit manager.
B. It would be beyond the original audit scope.
C. It would a possible conflict of interest.
D. It would require a change to the audit plan.
Answer
C. It would a possible conflict of interest.
CISA Question 3613
Question
A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following IS audit procedures will BEST determine whether unauthorized changes have been made to production programs?
A. Review a sample of PCRs for proper approval throughout the program change process.
B. Trace a sample of program changes from the log to completed PCR forms.
C. Use source code comparison software to determine whether any changes have been made to a sample of programs since the last audit date.
D. Trace a sample of complete PCR forms to the log of all program changes.
Answer
C. Use source code comparison software to determine whether any changes have been made to a sample of programs since the last audit date.
CISA Question 3614
Question
Which of the following should an IS auditor determine FIRST when evaluating additional hardware required to support the acquisition of a new accounting system?
A. A training program has been developed to support the new accounting system.
B. The supplier has experience supporting accounting systems.
C. The hardware specified will be compliant with the current IT strategy.
D. The hardware will be installed in a secure and environmentally controlled area.
Answer
C. The hardware specified will be compliant with the current IT strategy.
CISA Question 3615
Question
An IS audit team is evaluating the documentation related to the most recent application user-access review performed by IT and business management. It is determined the user list was not system-generated. Which of the following should be the GREATEST concern?
A. Source of the user list reviewed
B. Availability of the user list reviewed
C. Confidentiality of the user list reviewed
D. Completeness of the user list reviewed
Answer
A. Source of the user list reviewed
CISA Question 3616
Question
An organization is considering outsourcing the processing of customer insurance claims. An IS auditor notes that customer data will be sent offshore for processing. Which of the following would be the BEST way to address the risk of exposing customer data?
A. Require background checks on all service provider personnel involved in the processing of data.
B. Recommend the use of a service provider within the same country as the organization.
C. Consider whether the service provider has the ability to meet service level agreements (SLAs).
D. Assess whether the service provider meets the organization’s data protection policies.
Answer
D. Assess whether the service provider meets the organization’s data protection policies.
CISA Question 3617
Question
In a follow-up audit, an IS auditor notes that management has addressed the original findings in a different way than originally agreed upon. The auditor should FIRST:
A. mark the recommendation as satisfied and close the finding
B. verify if management’s action mitigates the identified risk
C. re-perform the audit to assess the changed control environment
D. escalate the deviation to the audit committee
Answer
D. escalate the deviation to the audit committee
CISA Question 3618
Question
An IS auditor discovers that validation controls in a web application have been moved from the server side into the browser to boost performance.
This would MOST likely increase the risk of a successful attack by:
A. phishing
B. structured query language (SQL) injection
C. denial of service (DoS)
D. buffer overflow
Answer
B. structured query language (SQL) injection
CISA Question 3619
Question
An IS auditor reviewing an organization’s data privacy controls observes that privacy notices do not clearly state how the organization uses customer data for its processing operations. Which of the following data protection principles MUST be implemented to address this gap?
A. Maintenance of data integrity
B. Access to collected data
C. Retention of consent documentation
D. Purpose for data collection
Answer
B. Access to collected data
CISA Question 3620
Question
An organization performs nightly backups but does not have a formal policy. An IS auditor should FIRST:
A. evaluate current backup procedures
B. escalate to senior management
C. document a policy for the organization
D. recommend automated backup
Answer
A. evaluate current backup procedures