ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 24

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
The FIRST step in an incident response plan is to:
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?
Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?
Which of the following findings from a database security audit presents the GREATEST risk of critical security exposures?

Question 231

Report
Export
Collapse

Which of the following activities would allow an IS auditor to maintain independence while facilitating a control sell-assessment (CSA)?

A.
Implementing the remediation plan
A.
Implementing the remediation plan
Answers
B.
Partially completing the CSA
B.
Partially completing the CSA
Answers
C.
Developing the remediation plan
C.
Developing the remediation plan
Answers
D.
Developing the CSA questionnaire
D.
Developing the CSA questionnaire
Answers
Suggested answer: D

Explanation:

Developing the CSA questionnaire is an activity that would allow an IS auditor to maintain independence while facilitating a control self-assessment (CSA). An IS auditor can design and provide a CSA questionnaire to help the business units or process owners to evaluate their own controls and identify any issues or improvement opportunities. This will enable an IS auditor to support and guide the CSA process without compromising their objectivity or independence. The other options are activities that would impair an IS auditor's independence while facilitating a CSA, as they involve implementing, completing, or developing remediation actions for control issues.Reference:

CISA Review Manual (Digital Version), Chapter 2, Section 2.41

CISA Review Questions, Answers & Explanations Database, Question ID 215

Question 232

Report
Export
Collapse

Which of the following would be an appropriate rote of internal audit in helping to establish an organization's privacy program?

A.
Analyzing risks posed by new regulations
A.
Analyzing risks posed by new regulations
Answers
B.
Designing controls to protect personal data
B.
Designing controls to protect personal data
Answers
C.
Defining roles within the organization related to privacy
C.
Defining roles within the organization related to privacy
Answers
D.
Developing procedures to monitor the use of personal data
D.
Developing procedures to monitor the use of personal data
Answers
Suggested answer: A

Explanation:

Analyzing risks posed by new regulations is an appropriate role of internal audit in helping to establish an organization's privacy program. An internal auditor can provide assurance and advisory services on the compliance and effectiveness of the privacy program, as well as identify and assess the potential risks and impacts of new or changing privacy regulations. The other options are not appropriate roles of internal audit, but rather the responsibilities of the management, the information security officer, or the privacy officer.Reference:

CISA Review Manual (Digital Version), Chapter 7, Section 7.4.21

CISA Review Questions, Answers & Explanations Database, Question ID 216

Question 233

Report
Export
Collapse

Which of the following occurs during the issues management process for a system development project?

A.
Contingency planning
A.
Contingency planning
Answers
B.
Configuration management
B.
Configuration management
Answers
C.
Help desk management
C.
Help desk management
Answers
D.
Impact assessment
D.
Impact assessment
Answers
Suggested answer: D

Explanation:

Impact assessment is an activity that occurs during the issues management process for a system development project. Issues management is a process of identifying, analyzing, resolving, and monitoring issues that may affect the project scope, schedule, budget, or quality. Impact assessment is a technique of evaluating the severity and priority of an issue, as well as its implications for the project objectives and deliverables. The other options are not activities that occur during the issues management process, but rather related to other processes such as contingency planning, configuration management, or help desk management.Reference:

CISA Review Manual (Digital Version), Chapter 4, Section 4.3.31

CISA Review Questions, Answers & Explanations Database, Question ID 217

Question 234

Report
Export
Collapse

Which of the following findings from an IT governance review should be of GREATEST concern?

A.
The IT budget is not monitored
A.
The IT budget is not monitored
Answers
B.
All IT services are provided by third parties.
B.
All IT services are provided by third parties.
Answers
C.
IT value analysis has not been completed.
C.
IT value analysis has not been completed.
Answers
D.
IT supports two different operating systems.
D.
IT supports two different operating systems.
Answers
Suggested answer: C

Explanation:

IT value analysis has not been completed is a finding from an IT governance review that should be of greatest concern. IT value analysis is a process of measuring and demonstrating the contribution of IT to the organization's goals and objectives. An IS auditor should be concerned about the lack of IT value analysis, as it may indicate that the IT investments and resources are not aligned with the business needs and expectations, or that the IT performance and outcomes are not monitored and evaluated. The other options are less critical findings that may not have a significant impact on the IT governance.Reference:

CISA Review Manual (Digital Version), Chapter 5, Section 5.11

CISA Review Questions, Answers & Explanations Database, Question ID 218

Question 235

Report
Export
Collapse

A month after a company purchased and implemented system and performance monitoring software, reports were too large and therefore were not reviewed or acted upon The MOST effective plan of action would be to:

A.
evaluate replacement systems and performance monitoring software.
A.
evaluate replacement systems and performance monitoring software.
Answers
B.
restrict functionality of system monitoring software to security-related events.
B.
restrict functionality of system monitoring software to security-related events.
Answers
C.
re-install the system and performance monitoring software.
C.
re-install the system and performance monitoring software.
Answers
D.
use analytical tools to produce exception reports from the system and performance monitoring software
D.
use analytical tools to produce exception reports from the system and performance monitoring software
Answers
Suggested answer: D

Explanation:

Using analytical tools to produce exception reports from the system and performance monitoring software is the most effective plan of action for a company that purchased and implemented system and performance monitoring software. Exception reports are reports that highlight deviations or anomalies from predefined thresholds or standards. Using analytical tools to produce exception reports can help to reduce the size and complexity of the system and performance monitoring reports, as well as to focus on the most relevant and critical information for review and action. The other options are less effective plans of action, as they may involve unnecessary costs, risks, or efforts.Reference:

CISA Review Manual (Digital Version), Chapter 4, Section 4.2.21

CISA Review Questions, Answers & Explanations Database, Question ID 219

Question 236

Report
Export
Collapse

An organization that has suffered a cyber-attack is performing a forensic analysis of the affected users' computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?

A.
An imaging process was used to obtain a copy of the data from each computer.
A.
An imaging process was used to obtain a copy of the data from each computer.
Answers
B.
The legal department has not been engaged.
B.
The legal department has not been engaged.
Answers
C.
The chain of custody has not been documented.
C.
The chain of custody has not been documented.
Answers
D.
Audit was only involved during extraction of the Information
D.
Audit was only involved during extraction of the Information
Answers
Suggested answer: C

Explanation:

The chain of custody has not been documented is a finding that should be of greatest concern for an IS auditor reviewing a forensic analysis process of an organization that has suffered a cyber attack. The chain of custody is a record of who handled, accessed, or modified the evidence during a forensic investigation. Documenting the chain of custody is essential to preserve the integrity, authenticity, and admissibility of the evidence in a court of law. The other options are less concerning findings that may not affect the validity or reliability of the forensic analysis process.Reference:

CISA Review Manual (Digital Version), Chapter 7, Section 7.51

CISA Review Questions, Answers & Explanations Database, Question ID 220

Question 237

Report
Export
Collapse

A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization's level of exposure In the affected country. Which of the following would be MOST helpful in making this assessment?

A.
Developing an inventory of all business entities that exchange personal data with the affected jurisdiction
A.
Developing an inventory of all business entities that exchange personal data with the affected jurisdiction
Answers
B.
Identifying data security threats in the affected jurisdiction
B.
Identifying data security threats in the affected jurisdiction
Answers
C.
Reviewing data classification procedures associated with the affected jurisdiction
C.
Reviewing data classification procedures associated with the affected jurisdiction
Answers
D.
Identifying business processes associated with personal data exchange with the affected jurisdiction
D.
Identifying business processes associated with personal data exchange with the affected jurisdiction
Answers
Suggested answer: D

Explanation:

Identifying business processes associated with personal data exchange with the affected jurisdiction is the most helpful activity in making an assessment of the organization's level of exposure in the affected country. An IS auditor should understand how the organization's business operations and functions rely on or involve the cross-border transfer of personal data, as well as the potential impacts and risks of the new regulation on the business continuity and compliance. The other options are less helpful activities that may provide additional information or context for the assessment, but not its primary focus.Reference:

CISA Review Manual (Digital Version), Chapter 7, Section 7.4.21

CISA Review Questions, Answers & Explanations Database, Question ID 221

Question 238

Report
Export
Collapse

Which of the following is MOST important for an IS auditor to do during an exit meeting with an auditee?

A.
Ensure that the facts presented in the report are correct
A.
Ensure that the facts presented in the report are correct
Answers
B.
Communicate the recommendations lo senior management
B.
Communicate the recommendations lo senior management
Answers
C.
Specify implementation dates for the recommendations.
C.
Specify implementation dates for the recommendations.
Answers
D.
Request input in determining corrective action.
D.
Request input in determining corrective action.
Answers
Suggested answer: A

Explanation:

Ensuring that the facts presented in the report are correct is the most important thing for an IS auditor to do during an exit meeting with an auditee. An IS auditor should confirm that the audit findings and observations are accurate, complete, and supported by sufficient evidence, as well as that the auditee understands and agrees with them. This will help to avoid any misunderstandings or disputes later on, as well as to enhance the credibility and quality of the audit report. The other options are less important things for an IS auditor to do during an exit meeting, as they may involve communicating the recommendations to senior management, specifying implementation dates for the recommendations, or requesting input in determining corrective action.Reference:

CISA Review Manual (Digital Version), Chapter 2, Section 2.5.21

CISA Review Questions, Answers & Explanations Database, Question ID 222

Question 239

Report
Export
Collapse

Which of the following controls BEST ensures appropriate segregation of dudes within an accounts payable department?

A.
Ensuring that audit trails exist for transactions
A.
Ensuring that audit trails exist for transactions
Answers
B.
Restricting access to update programs to accounts payable staff only
B.
Restricting access to update programs to accounts payable staff only
Answers
C.
Including the creator's user ID as a field in every transaction record created
C.
Including the creator's user ID as a field in every transaction record created
Answers
D.
Restricting program functionality according to user security profiles
D.
Restricting program functionality according to user security profiles
Answers
Suggested answer: D

Explanation:

Restricting program functionality according to user security profiles is the best control for ensuring appropriate segregation of duties within an accounts payable department. An IS auditor should verify that the access rights and permissions of the accounts payable staff are based on their roles and responsibilities, and that they are not able to perform incompatible or conflicting functions such as creating, approving, or paying invoices. This will help to prevent fraud, errors, or abuse of authority within the accounts payable process. The other options are less effective controls for ensuring segregation of duties, as they may involve audit trails, access restrictions, or user identification.Reference:

CISA Review Manual (Digital Version), Chapter 6, Section 6.31

CISA Review Questions, Answers & Explanations Database, Question ID 223

Question 240

Report
Export
Collapse

An internal audit department recently established a quality assurance (QA) program. Which of the following activities Is MOST important to include as part of the QA program requirements?

A.
Long-term Internal audit resource planning
A.
Long-term Internal audit resource planning
Answers
B.
Ongoing monitoring of the audit activities
B.
Ongoing monitoring of the audit activities
Answers
C.
Analysis of user satisfaction reports from business lines
C.
Analysis of user satisfaction reports from business lines
Answers
D.
Feedback from Internal audit staff
D.
Feedback from Internal audit staff
Answers
Suggested answer: B

Explanation:

Ongoing monitoring of the audit activities is the most important activity to include as part of the quality assurance (QA) program requirements for an internal audit department. An IS auditor should perform regular reviews and evaluations of the audit processes, methods, standards, and outcomes to ensure that they comply with the QA program objectives and criteria. This will help to maintain and improve the quality and consistency of the audit services and deliverables. The other options are less important activities to include as part of the QA program requirements, as they may involve long-term resource planning, user satisfaction reports, or feedback from internal audit staff.Reference:

CISA Review Manual (Digital Version), Chapter 2, Section 2.61

CISA Review Questions, Answers & Explanations Database, Question ID 224

Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms