ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 90

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
The FIRST step in an incident response plan is to:
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?

Question 891

Report
Export
Collapse

An organization has implemented a new data classification scheme and asks the IS auditor to evaluate its effectiveness. Which of the following would be of

GREATEST concern to the auditor?

A.
End-user managers determine who should access what information.
A.
End-user managers determine who should access what information.
Answers
B.
The organization has created a dozen different classification categories.
B.
The organization has created a dozen different classification categories.
Answers
C.
The compliance manager decides how the information should be classified.
C.
The compliance manager decides how the information should be classified.
Answers
D.
The organization classifies most of its information as confidential.
D.
The organization classifies most of its information as confidential.
Answers
Suggested answer: D

Question 892

Report
Export
Collapse

In a data center audit, an IS auditor finds that the humidity level is very low. The IS auditor would be MOST concerned because of an expected increase in:

A.
risk of fire.
A.
risk of fire.
Answers
B.
backup tape failures.
B.
backup tape failures.
Answers
C.
static electricity problems.
C.
static electricity problems.
Answers
D.
employee discomfort.
D.
employee discomfort.
Answers
Suggested answer: C

Question 893

Report
Export
Collapse

An organization's business continuity plan (BCP) should be:

A.
updated before an independent audit review.
A.
updated before an independent audit review.
Answers
B.
tested after an intrusion attempt into the organization's hot site.
B.
tested after an intrusion attempt into the organization's hot site.
Answers
C.
tested whenever new applications are implemented.
C.
tested whenever new applications are implemented.
Answers
D.
updated based on changes to personnel and environments.
D.
updated based on changes to personnel and environments.
Answers
Suggested answer: D

Explanation:

A BCP must stay current with organizational changes to ensure its effectiveness during a disruption. Personnel changes and environmental updates are directly relevant to how the BCP would be executed.

Reference

ISACA CISA Review Manual (Current Edition)- Chapter on Business Continuity and Disaster Recovery

Industry Standards (e.g., ISO 22301, NIST SP 800-34)- Guidelines for maintaining and updating a Business Continuity Plan

Question 894

Report
Export
Collapse

Which of the following presents the GREATEST risk associated with end-user computing (EUC) applica-tions over financial reporting?

A.
Inability to quickly modify and deploy a solution
A.
Inability to quickly modify and deploy a solution
Answers
B.
Lack of portability for users
B.
Lack of portability for users
Answers
C.
Loss of time due to manual processes
C.
Loss of time due to manual processes
Answers
D.
Calculation errors in spreadsheets
D.
Calculation errors in spreadsheets
Answers
Suggested answer: D

Explanation:

Spreadsheets, often used in EUC, are prone to manual input errors and formula mistakes. These errors can significantly compromise the accuracy and integrity of financial reporting.

Reference

ISACA CISA Review Manual (Current Edition)- Chapter on End-User Computing (EUC) risks

Industry Research on Spreadsheet Errors:Multiple studies highlight the prevalence of errors in spreadsheets, especially those used for financial purposes.

Question 895

Report
Export
Collapse

As part of an audit response, an auditee has concerns with the recommendations and is hesitant to implement them. Which of the following is the BEST course of action for the IS auditor?

A.
Accept the auditee's response and perform additional testing.
A.
Accept the auditee's response and perform additional testing.
Answers
B.
Suggest hiring a third-party consultant to perform a current state assessment.
B.
Suggest hiring a third-party consultant to perform a current state assessment.
Answers
C.
Conduct further discussions with the auditee to develop a mitigation plan.
C.
Conduct further discussions with the auditee to develop a mitigation plan.
Answers
D.
Issue a final report without including the opinion of the auditee.
D.
Issue a final report without including the opinion of the auditee.
Answers
Suggested answer: C

Explanation:

Collaborative discussions help address the auditee's concerns, find mutually agreeable solutions, and create buy-in for implementing improvements.

Reference

ISACA CISA Review Manual (Current Edition)- Chapters on audit reporting and communication

Auditing Standards- Emphasize the importance of understanding and addressing auditee concerns.

Question 896

Report
Export
Collapse

Following an IT audit, management has decided to accept the risk highlighted in the audit report. Which of the following would provide the MOST assurance to the IS auditor that management is adequately balancing the needs of the business with the need to manage risk?

A.
A communication plan exists for informing parties impacted by the risk.
A.
A communication plan exists for informing parties impacted by the risk.
Answers
B.
Potential impact and likelihood are adequately documented.
B.
Potential impact and likelihood are adequately documented.
Answers
C.
Identified risk is reported into the organization's risk committee.
C.
Identified risk is reported into the organization's risk committee.
Answers
D.
Established criteria exist for accepting and approving risk.
D.
Established criteria exist for accepting and approving risk.
Answers
Suggested answer: D

Explanation:

Clear criteria ensure a consistent, rational approach to risk acceptance decisions, demonstrating management's deliberate and informed approach to risk management.

Reference

ISACA CISA Review Manual (Current Edition)- Chapter on Risk Management

Risk Management Frameworks (e.g., ISO 31000, NIST SP 800-39)- Emphasize the importance of defined risk assessment and decision-making processes.

Question 897

Report
Export
Collapse

During an information security review, an IS auditor learns an organizational policy requires all employ-ees to attend information security training during the first week of each new year. What is the auditor's BEST recommendation to ensure employees hired after January receive adequate guid-ance regarding security awareness?

A.
Ensure new employees read and sign acknowledgment of the acceptable use policy.
A.
Ensure new employees read and sign acknowledgment of the acceptable use policy.
Answers
B.
Revise the policy to include security training during onboarding.
B.
Revise the policy to include security training during onboarding.
Answers
C.
Revise the policy to require security training every six months for all employees.
C.
Revise the policy to require security training every six months for all employees.
Answers
D.
Require management of new employees to provide an overview of security awareness.
D.
Require management of new employees to provide an overview of security awareness.
Answers
Suggested answer: B

Explanation:

This directly addresses the gap for new hires, creates a consistent expectation regardless of hiring date, and formalizes the process within organizational policy.

Reference

ISACA CISA Review Manual (Current Edition)- Chapters on Information Security Policies, Training and Awareness

Industry Best Practices for Security Awareness- Emphasize the importance of timely and comprehensive training for new employees.

Question 898

Report
Export
Collapse

Which of the following procedures for testing a disaster recovery plan (DRP) is MOST effective?

A.
Testing at a secondary site using offsite data backups
A.
Testing at a secondary site using offsite data backups
Answers
B.
Performing a quarterly tabletop exercise
B.
Performing a quarterly tabletop exercise
Answers
C.
Reviewing recovery time and recovery point objectives
C.
Reviewing recovery time and recovery point objectives
Answers
D.
Reviewing documented backup and recovery procedures
D.
Reviewing documented backup and recovery procedures
Answers
Suggested answer: A

Question 899

Report
Export
Collapse

Which of the following would an IS auditor find to be the GREATEST risk associated with the server room in a remote office location?

A.
The server room is secured by a key lock instead of an electronic lock.
A.
The server room is secured by a key lock instead of an electronic lock.
Answers
B.
The server room's location is known by people who work in the area.
B.
The server room's location is known by people who work in the area.
Answers
C.
The server room does not have temperature controls.
C.
The server room does not have temperature controls.
Answers
D.
The server room does not have biometric controls.
D.
The server room does not have biometric controls.
Answers
Suggested answer: C

Question 900

Report
Export
Collapse

Which of the following should be of GREATEST concern to an IS auditor when using data analytics?

A.
The data source lacks integrity.
A.
The data source lacks integrity.
Answers
B.
The data analytics software is open source.
B.
The data analytics software is open source.
Answers
C.
The data set contains irrelevant fields.
C.
The data set contains irrelevant fields.
Answers
D.
The data was not extracted by the auditor.
D.
The data was not extracted by the auditor.
Answers
Suggested answer: A
Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms