Certbus > Isaca > CISA Certification > CISA > CISA Online Practice Questions and Answers

CISA Online Practice Questions and Answers

Questions 4

Which of the following should an IS auditor recommend as a PRIMARY area of focus when an organization decides to outsource technical support for its external customers?

A. Align service level agreements (SLAs) with current needs.

B. Monitor customer satisfaction with the change.

C. Minimize costs related to the third-party agreement.

D. Ensure right to audit is included within the contract.

Browse 1923 Q&As
Questions 5

Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system. What is the BEST control to ensure that data is accurately entered into the system?

A. Reconciliation of total amounts by project

B. Validity checks, preventing entry of character data

C. Reasonableness checks for each cost type

D. Display back of project detail after entry

Browse 1923 Q&As
Questions 6

Which of the following provides IS audit professionals with the BEST source of direction for performing audit functions?

A. Audit charter

B. IT steering committee

C. Information security policy

D. Audit best practices

Browse 1923 Q&As
Questions 7

An accounting department uses a spreadsheet to calculate sensitive financial transactions. Which of the following is the MOST important control for maintaining the security of data in the spreadsheet?

A. There Is a reconciliation process between the spreadsheet and the finance system

B. A separate copy of the spreadsheet is routinely backed up

C. The spreadsheet is locked down to avoid inadvertent changes

D. Access to the spreadsheet is given only to those who require access

Browse 1923 Q&As
Questions 8

Which of the following is a PRIMARY responsibility of an IT steering committee?

A. Prioritizing IT projects in accordance with business requirements

B. Reviewing periodic IT risk assessments

C. Validating and monitoring the skill sets of IT department staff

D. Establishing IT budgets for the business

Browse 1923 Q&As
Questions 9

Which of the following is the MOST efficient way to identify segregation of duties violations in a new system?

A. Review a report of security rights in the system.

B. Observe the performance of business processes.

C. Develop a process to identify authorization conflicts.

D. Examine recent system access rights violations.

Browse 1923 Q&As
Questions 10

An IS auditor has completed an audit on the organization's IT strategic planning process. Which of the following findings should be given the HIGHEST priority?

A. The IT strategic plan was completed prior to the formulation of the business strategic plan

B. Assumptions in the IT strategic plan have not been communicated to business stakeholders

C. The IT strategic plan was formulated based on the current IT capabilities

D. The IT strategic plan does not include resource requirements for implementation

Browse 1923 Q&As
Questions 11

A recent audit has identified that security controls required by the organization's policies have not been implemented for a particular application. What should the information security manager do NEXT to address this issue?

A. Deny access to the application until the issue is resolved.

B. Discuss the issue with data custodians to determine the reason for the exception.

C. Report the issue to senior management and request funding to fix the issue.

D. Discuss the issue with data owners to determine the reason for the exception.

Browse 1923 Q&As
Questions 12

Which of the following is MOST important to include in a contract with a critical service provider to help ensure alignment with the organization's information security program?

A. Escalation paths

B. Right-to-audit clause

C. Termination language

D. Key performance indicators (KPIs)

Browse 1923 Q&As
Questions 13

An organization wants to test business continuity using a scenario in which there are many remote workers trying to access production data at the same time. Which of the following is the BEST testing method in this situation?

A. Application failover testing.

B. Network stress testing.

C. Alternate site testing.

D. Network penetration testing.

Browse 1923 Q&As
Questions 14

An IS auditor can BEST help management fulfill risk management responsibilities by:

A. highlighting specific risks not being addressed.

B. ensuring the roles for managing IT risk are defined.

C. developing an IT risk management framework.

D. adopting a mechanism for reporting issues.

Browse 1923 Q&As
Questions 15

A message is being sent with a hash. The risk of an attacker changing the message and generating an authentic hash value can be mitigated by:

A. requiring the recipient to use a different hash algorithm.

B. generating hash output that is the same size as the original message.

C. using a secret key in conjunction with the hash algorithm.

D. using the sender's public key to encrypt the message.

Browse 1923 Q&As
Questions 16

To address issues related to privileged users identified in an IS audit, management implemented a security information and event management (SIEM) system. Which type of control .........

A. Directive

B. Corrective

C. Preventive

D. Detective

Browse 1923 Q&As
Questions 17

When deploying an application that was created using the programming language and tools supported by the cloud provider, the MOST appropriate cloud computing model for an organization to adopt is: A. Platform as a Service (PaaS).

B. Software as a Service (SaaS).

C. Infrastructure as a Service (laaS).

D. Identity as a Service (IDaaS).

Browse 1923 Q&As
Questions 18

An organization outsourced its IS functions To meet its responsibility for disaster recovery, the organization should:

A. discontinue maintenance of the disaster recovery plan (DRP>

B. coordinate disaster recovery administration with the outsourcing vendor

C. delegate evaluation of disaster recovery to a third party

D. delegate evaluation of disaster recovery to internal audit

Browse 1923 Q&As
Exam Code: CISA
Exam Name: Certified Information Systems Auditor
Last Update: Mar 19, 2024
Questions: 1923 Q&As

PDF

$45.99

VCE

$49.99

PDF + VCE

$59.99