Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 35

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3611

Question

An IS auditor is evaluating the completeness of privacy procedures involving personally identifiable information (PII). Which of the following is MOST important for the auditor to verify is included in the procedures?

A. Regulatory requirements for protecting PII
B. The organization’s definition of PII
C. Encryption requirements for transmitting PII externally
D. A description of how PII is masked within key systems

Answer

A. Regulatory requirements for protecting PII

CISA Question 3612

Question

An IS auditor submitted audit reports and scheduled a follow-up audit engagement with a client. The client has requested to engage the services of the same auditor to develop enhanced controls. What is the GREATEST concern with this request?

A. It would require the approval of the audit manager.
B. It would be beyond the original audit scope.
C. It would a possible conflict of interest.
D. It would require a change to the audit plan.

Answer

C. It would a possible conflict of interest.

CISA Question 3613

Question

A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following IS audit procedures will BEST determine whether unauthorized changes have been made to production programs?

A. Review a sample of PCRs for proper approval throughout the program change process.
B. Trace a sample of program changes from the log to completed PCR forms.
C. Use source code comparison software to determine whether any changes have been made to a sample of programs since the last audit date.
D. Trace a sample of complete PCR forms to the log of all program changes.

Answer

C. Use source code comparison software to determine whether any changes have been made to a sample of programs since the last audit date.

CISA Question 3614

Question

Which of the following should an IS auditor determine FIRST when evaluating additional hardware required to support the acquisition of a new accounting system?

A. A training program has been developed to support the new accounting system.
B. The supplier has experience supporting accounting systems.
C. The hardware specified will be compliant with the current IT strategy.
D. The hardware will be installed in a secure and environmentally controlled area.

Answer

C. The hardware specified will be compliant with the current IT strategy.

CISA Question 3615

Question

An IS audit team is evaluating the documentation related to the most recent application user-access review performed by IT and business management. It is determined the user list was not system-generated. Which of the following should be the GREATEST concern?

A. Source of the user list reviewed
B. Availability of the user list reviewed
C. Confidentiality of the user list reviewed
D. Completeness of the user list reviewed

Answer

A. Source of the user list reviewed

CISA Question 3616

Question

An organization is considering outsourcing the processing of customer insurance claims. An IS auditor notes that customer data will be sent offshore for processing. Which of the following would be the BEST way to address the risk of exposing customer data?

A. Require background checks on all service provider personnel involved in the processing of data.
B. Recommend the use of a service provider within the same country as the organization.
C. Consider whether the service provider has the ability to meet service level agreements (SLAs).
D. Assess whether the service provider meets the organization’s data protection policies.

Answer

D. Assess whether the service provider meets the organization’s data protection policies.

CISA Question 3617

Question

In a follow-up audit, an IS auditor notes that management has addressed the original findings in a different way than originally agreed upon. The auditor should FIRST:

A. mark the recommendation as satisfied and close the finding
B. verify if management’s action mitigates the identified risk
C. re-perform the audit to assess the changed control environment
D. escalate the deviation to the audit committee

Answer

D. escalate the deviation to the audit committee

CISA Question 3618

Question

An IS auditor discovers that validation controls in a web application have been moved from the server side into the browser to boost performance.
This would MOST likely increase the risk of a successful attack by:

A. phishing
B. structured query language (SQL) injection
C. denial of service (DoS)
D. buffer overflow

Answer

B. structured query language (SQL) injection

CISA Question 3619

Question

An IS auditor reviewing an organization’s data privacy controls observes that privacy notices do not clearly state how the organization uses customer data for its processing operations. Which of the following data protection principles MUST be implemented to address this gap?

A. Maintenance of data integrity
B. Access to collected data
C. Retention of consent documentation
D. Purpose for data collection

Answer

B. Access to collected data

CISA Question 3620

Question

An organization performs nightly backups but does not have a formal policy. An IS auditor should FIRST:

A. evaluate current backup procedures
B. escalate to senior management
C. document a policy for the organization
D. recommend automated backup

Answer

A. evaluate current backup procedures

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.