Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CISA Exam Dumps - Isaca Certification Questions and Answers

Question # 354

Which of the following is the BEST way to sanitize a hard disk for reuse to ensure the organization's information cannot be accessed?

Options:

A.

Re-partitioning

B.

Degaussing

C.

Formatting

D.

Data wiping

Buy Now
Question # 355

When reviewing the functionality of an intrusion detection system (IDS), the IS auditor should be MOST concerned if:

Options:

A.

legitimate packets blocked by the system have increased

B.

actual attacks have not been identified

C.

detected events have increased

D.

false positives have been reported

Buy Now
Question # 356

When testing the accuracy of transaction data, which of the following situations BEST justifies the use of a smaller sample size?

Options:

A.

The IS audit staff has a high level of experience.

B.

It is expected that the population is error-free.

C.

Proper segregation of duties is in place.

D.

The data can be directly changed by users.

Buy Now
Question # 357

An IS auditor is analyzing a sample of accounts payable transactions for a specific vendor and identifies one transaction with a value five times as high as the average transaction. Which of the following should the auditor do NEXT?

Options:

A.

Report the variance immediately to the audit committee

B.

Request an explanation of the variance from the auditee

C.

Increase the sample size to 100% of the population

D.

Exclude the transaction from the sample population

Buy Now
Question # 358

Which of the following provides the BEST audit evidence that a firewall is configured in compliance with the organization's security policy?

Options:

A.

Analyzing how the configuration changes are performed

B.

Analyzing log files

C.

Reviewing the rule base

D.

Performing penetration testing

Buy Now
Question # 359

Which of the following should be of GREATEST concern to an |$ auditor reviewing data conversion and migration during the implementation of a newapplication system?

Options:

A.

The change management process was not formally documented

B.

Backups of the old system and data are not available online

C.

Unauthorized data modifications occurred during conversion,

D.

Data conversion was performed using manual processes

Buy Now
Question # 360

Which of the following concerns is MOST effectively addressed by implementing an IT framework for alignment between IT and business objectives?

Options:

A.

Inaccurate business impact analysis (BIA)

B.

Inadequate IT change management practices

C.

Lack of a benchmark analysis

D.

Inadequate IT portfolio management

Buy Now
Question # 361

Which of the following management decisions presents the GREATEST risk associated with data leakage?

Options:

A.

There is no requirement for desktops to be encrypted

B.

Staff are allowed to work remotely

C.

Security awareness training is not provided to staff

D.

Security policies have not been updated in the past year

Buy Now
Question # 362

Which of the following is the PRIMARY advantage of using virtualization technology for corporate applications?

Options:

A.

Stronger data security

B.

Better utilization of resources

C.

Increased application performance

D.

Improved disaster recovery

Buy Now
Question # 363

An IT balanced scorecard is PRIMARILY used for:

Options:

A.

evaluating the IT project portfolio

B.

measuring IT strategic performance

C.

allocating IT budget and resources

D.

monitoring risk in lT-related processes

Buy Now
Question # 364

A CFO has requested an audit of IT capacity management due to a series of finance system slowdowns during month-end reporting. What would be MOST important to consider before including this audit in the program?

Options:

A.

Whether system delays result in more frequent use of manual processing

B.

Whether the system's performance poses a significant risk to the organization

C.

Whether stakeholders are committed to assisting with the audit

D.

Whether internal auditors have the required skills to perform the audit

Buy Now
Question # 365

Which of the following analytical methods would be MOST useful when trying to identify groups with similar behavior or characteristics in a large population?

Options:

A.

Deviation detection

B.

Cluster sampling

C.

Random sampling

D.

Classification

Buy Now
Question # 366

Which of the following is an advantage of using agile software development methodology over the waterfall methodology?

Options:

A.

Less funding required overall

B.

Quicker deliverables

C.

Quicker end user acceptance

D.

Clearly defined business expectations

Buy Now
Question # 367

Which of the following should an IS auditor recommend be done FIRST when an organization is made aware of a new regulation that is likely to impact IT security requirements?

Options:

A.

Update security policies based on the new regulation.

B.

Determine which systems and IT-related processes may be impacted.

C.

Evaluate how security awareness and training content may be impacted.

D.

Review the design and effectiveness of existing IT controls.

Buy Now
Question # 368

An IS department is evaluated monthly on its cost-revenue ratio user satisfaction rate, and computer downtime This is BEST zed as an application of.

Options:

A.

risk framework

B.

balanced scorecard

C.

value chain analysis

D.

control self-assessment (CSA)

Buy Now
Question # 369

Which of the following is the PRIMARY reason for an IS audit manager to review the work performed by a senior IS auditor prior to presentation of a report?

Options:

A.

To ensure the conclusions are adequately supported

B.

To ensure adequate sampling methods were used during fieldwork

C.

To ensure the work is properly documented and filed

D.

To ensure the work is conducted according to industry standards

Buy Now
Question # 370

When is it MOST important for an IS auditor to apply the concept of materiality in an audit?

Options:

A.

When planning an audit engagement

B.

When gathering information for the fieldwork

C.

When a violation of a regulatory requirement has been identified

D.

When evaluating representations from the auditee

Buy Now
Question # 371

Which of the following findings should be of GREATEST concern to an IS auditor reviewing an organization s newly implemented online security awareness program'?

Options:

A.

Only new employees are required to attend the program

B.

Metrics have not been established to assess training results

C.

Employees do not receive immediate notification of results

D.

The timing for program updates has not been determined

Buy Now
Question # 372

An IT governance body wants to determine whether IT service delivery is based on consistently effective processes. Which of the following is the BEST approach?

Options:

A.

implement a control self-assessment (CSA)

B.

Conduct a gap analysis

C.

Develop a maturity model

D.

Evaluate key performance indicators (KPIs)

Buy Now
Question # 373

The use of control totals satisfies which of the following control objectives?

Options:

A.

Transaction integrity

B.

Processing integrity

C.

Distribution control

D.

System recoverability

Buy Now
Question # 374

Which of the following BEST enables alignment of IT with business objectives?

Options:

A.

Benchmarking against peer organizations

B.

Developing key performance indicators (KPIs)

C.

Completing an IT risk assessment

D.

Leveraging an IT governance framework

Buy Now
Question # 375

A checksum is classified as which type of control?

Options:

A.

Detective control

B.

Preventive control

C.

Corrective control

D.

Administrative control

Buy Now
Question # 376

Which of the following is the MOST effective control to mitigate against the risk of inappropriate activity by employees?

Options:

A.

User activity monitoring

B.

Two-factor authentication

C.

Network segmentation

D.

Access recertification

Buy Now
Question # 377

Which of the following would be the BEST criteria for monitoring an IT vendor's service levels?

Options:

A.

Service auditor's report

B.

Performance metrics

C.

Surprise visit to vendor

D.

Interview with vendor

Buy Now
Question # 378

What Is the BEST method to determine if IT resource spending is aligned with planned project spending?

Options:

A.

Earned value analysis (EVA)

B.

Return on investment (ROI) analysis

C.

Gantt chart

D.

Critical path analysis

Buy Now
Question # 379

Which of the following types of environmental equipment will MOST likely be deployed below the floor tiles of a data center?

Options:

A.

Temperature sensors

B.

Humidity sensors

C.

Water sensors

D.

Air pressure sensors

Buy Now
Question # 380

Which of the following is a corrective control?

Options:

A.

Separating equipment development testing and production

B.

Verifying duplicate calculations in data processing

C.

Reviewing user access rights for segregation

D.

Executing emergency response plans

Buy Now
Question # 381

An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider MOST critical?

Options:

A.

The quality of the data is not monitored.

B.

Imported data is not disposed frequently.

C.

The transfer protocol is not encrypted.

D.

The transfer protocol does not require authentication.

Buy Now
Question # 382

Which of the following should an IS auditor expect to see in a network vulnerability assessment?

Options:

A.

Misconfiguration and missing updates

B.

Malicious software and spyware

C.

Zero-day vulnerabilities

D.

Security design flaws

Buy Now
Question # 383

What is the PRIMARY purpose of documenting audit objectives when preparing for an engagement?

Options:

A.

To address the overall risk associated with the activity under review

B.

To identify areas with relatively high probability of material problems

C.

To help ensure maximum use of audit resources during the engagement

D.

To help prioritize and schedule auditee meetings

Buy Now
Question # 384

Which of the following should an IS auditor ensure is classified at the HIGHEST level of sensitivity?

Options:

A.

Server room access history

B.

Emergency change records

C.

IT security incidents

D.

Penetration test results

Buy Now
Question # 385

The PRIMARY role of a control self-assessment (CSA) facilitator is to:

Options:

A.

conduct interviews to gain background information.

B.

focus the team on internal controls.

C.

report on the internal control weaknesses.

D.

provide solutions for control weaknesses.

Buy Now
Question # 386

An externally facing system containing sensitive data is configured such that users have either read-only or administrator rights. Most users of the system have administrator access. Which of the following is the GREATEST risk associated with this situation?

Options:

A.

Users can export application logs.

B.

Users can view sensitive data.

C.

Users can make unauthorized changes.

D.

Users can install open-licensed software.

Buy Now
Question # 387

An IS auditor finds that the process for removing access for terminated employees is not documented What is the MOST significant risk from this observation?

Options:

A.

Procedures may not align with best practices

B.

Human resources (HR) records may not match system access.

C.

Unauthorized access cannot he identified.

D.

Access rights may not be removed in a timely manner.

Buy Now
Question # 388

Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?

Options:

A.

Apply single sign-on for access control

B.

Implement segregation of duties.

C.

Enforce an internal data access policy.

D.

Enforce the use of digital signatures.

Buy Now
Question # 389

During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?

Options:

A.

Sampling risk

B.

Detection risk

C.

Control risk

D.

Inherent risk

Buy Now
Question # 390

An IS auditor plans to review all access attempts to a video-monitored and proximity card-controlled communications room. Which of the following would be MOST useful to the auditor?

Options:

A.

Alarm system with CCTV

B.

Access control log

C.

Security incident log

D.

Access card allocation records

Buy Now
Question # 391

The PRIMARY benefit of information asset classification is that it:

Options:

A.

prevents loss of assets.

B.

helps to align organizational objectives.

C.

facilitates budgeting accuracy.

D.

enables risk management decisions.

Buy Now
Question # 392

An IS auditor finds that capacity management for a key system is being performed by IT with no input from the business The auditor's PRIMARY concern would be:

Options:

A.

failure to maximize the use of equipment

B.

unanticipated increase in business s capacity needs.

C.

cost of excessive data center storage capacity

D.

impact to future business project funding.

Buy Now
Question # 393

A warehouse employee of a retail company has been able to conceal the theft of inventory items by entering adjustments of either damaged or lost stock items lo the inventory system. Which control would have BEST prevented this type of fraud in a retail environment?

Options:

A.

Separate authorization for input of transactions

B.

Statistical sampling of adjustment transactions

C.

Unscheduled audits of lost stock lines

D.

An edit check for the validity of the inventory transaction

Buy Now
Question # 394

Which of the following security measures will reduce the risk of propagation when a cyberattack occurs?

Options:

A.

Perimeter firewall

B.

Data loss prevention (DLP) system

C.

Web application firewall

D.

Network segmentation

Buy Now
Question # 395

Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?

Options:

A.

Utilize a network-based firewall.

B.

Conduct regular user security awareness training.

C.

Perform domain name system (DNS) server security hardening.

D.

Enforce a strong password policy meeting complexity requirement.

Buy Now
Question # 396

Which of the following would be an appropriate role of internal audit in helping to establish an organization’s privacy program?

Options:

A.

Analyzing risks posed by new regulations

B.

Developing procedures to monitor the use of personal data

C.

Defining roles within the organization related to privacy

D.

Designing controls to protect personal data

Buy Now
Question # 397

An organization is disposing of a system containing sensitive data and has deleted all files from the hard disk. An IS auditor should be concerned because:

Options:

A.

deleted data cannot easily be retrieved.

B.

deleting the files logically does not overwrite the files' physical data.

C.

backup copies of files were not deleted as well.

D.

deleting all files separately is not as efficient as formatting the hard disk.

Buy Now
Question # 398

Which of the following would an IS auditor recommend as the MOST effective preventive control to reduce the risk of data leakage?

Options:

A.

Ensure that paper documents arc disposed security.

B.

Implement an intrusion detection system (IDS).

C.

Verify that application logs capture any changes made.

D.

Validate that all data files contain digital watermarks

Buy Now
Question # 399

An IS auditor assessing the controls within a newly implemented call center would First

Options:

A.

gather information from the customers regarding response times and quality of service.

B.

review the manual and automated controls in the call center.

C.

test the technical infrastructure at the call center.

D.

evaluate the operational risk associated with the call center.

Buy Now
Question # 400

When verifying the accuracy and completeness of migrated data for a new application system replacing a legacy system. It is MOST effective for an IS auditor to review;

Options:

A.

data analytics findings.

B.

audit trails

C.

acceptance lasting results

D.

rollback plans

Buy Now
Question # 401

Which of the following features of a library control software package would protect against unauthorized updating of source code?

Options:

A.

Required approvals at each life cycle step

B.

Date and time stamping of source and object code

C.

Access controls for source libraries

D.

Release-to-release comparison of source code

Buy Now
Question # 402

When reviewing a data classification scheme, it is MOST important for an IS auditor to determine if.

Options:

A.

each information asset is to a assigned to a different classification.

B.

the security criteria are clearly documented for each classification

C.

Senior IT managers are identified as information owner.

D.

the information owner is required to approve access to the asset

Buy Now
Question # 403

Which of the following should be the IS auditor's PRIMARY focus, when evaluating an organization's offsite storage facility?

Options:

A.

Shared facilities

B.

Adequacy of physical and environmental controls

C.

Results of business continuity plan (BCP) test

D.

Retention policy and period

Buy Now
Exam Code: CISA
Exam Name: Certified Information Systems Auditor
Last Update: Apr 2, 2025
Questions: 1404
CISA pdf

CISA PDF

$59.7  $199
CISA Engine

CISA Testing Engine

$67.5  $225
CISA PDF + Engine

CISA PDF + Testing Engine

$74.7  $249