Free Isaca CISA Exam Dumps and CISA Exam Questions

Question No: 11

MultipleChoice

During an internal audit of automated controls, an IS auditor identifies that the integrity of data transfer between systems has not been tested since successful implementation two years ago Which of the following should the auditor do NEXT?

Options

ADocument the finding in the audit report.

BReview relevant system changes.

CReview previous system interface testing records.

DReview IT testing policies and procedures

Question No: 12

MultipleChoice

Which of the following is the BEST indication of effective IT investment management9

Options

AIT investments are implemented and monitored following a system development life cycle (SDLC)

BIT investments are mapped to specific business objectives

CKey performance indicators (KPIs) are defined for each business requiring IT Investment

DThe IT Investment budget is significantly below industry benchmarks

Question No: 13

MultipleChoice

An IS audit reveals that an organization is not proactively addressing known vulnerabilities Which of the following should the IS auditor recommend the organization do FIRST?

Options

AConfirm the incident response team understands the issue.

BEnsure the intrusion prevention system (IPS) is effective.

CVerify the disaster recovery plan (DRP) has been tested

DAssess the security risks to the business

Question No: 14

MultipleChoice

Which of the following is the GREATEST risk associated with utilizing spreadsheets for financial reporting in end-user computing (EUC)?

Options

ALack of processing integrity

BLack of password protection

CIncrease in operational incidents

DIncrease in regulatory violations

Question No: 15

MultipleChoice

Which of the following is the MOST efficient way to assess the controls in a service provider's environment?

Options

AReview testing performed by the service provider's internal audit department.

BReview the service provider's master service agreement (MSA).

CRequire the service provider to conduct control self-assessments (CSAs).

DObtain an independent auditor's report from the service provider.

Question No: 16

MultipleChoice

An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities Which of the following is the BEST recommendation by the IS auditor?

Options

AImprove the change management process

BEstablish security metrics.

CPerform a penetration test

DPerform a configuration review

Question No: 17

MultipleChoice

When assessing whether an organization's IT performance measures are comparable to other organizations in the same industry, which of the following would be MOST helpful to review13

Options

AIT governance frameworks

BBenchmarking surveys

CUtilization reports

CBalanced scorecard

Question No: 18

MultipleChoice

Which of the following is MOST important for an IS auditor to consider when performing the risk assessment prior to an audit engagement?

Options

AIndustry standards and best practices

BThe results of the previous audit

CThe design of controls

DThe amount of time since the previous audit

Question No: 19

MultipleChoice

Due to limited storage capacity, an organization has decided to reduce the actual retention period (or media containing completed low-value transactions. Which ol the following is MOST important lor the organization to ensure?

Options

AThe policy includes a strong risk-based approach.

BThe retention period allows for review during the year-end audit.

CThe retention period complies with data owner responsibilities.

DThe total transaction amount has no impact on financial reporting

Question No: 20

MultipleChoice

During the implementation of an upgraded enterprise resource planning (ERP) system, which of Ihe following is the MOST important consideration for a go-live decision?

Options

ABusiness case

BRollback strategy

CTest cases

DPost-implementation review objectives