CISA exam demos are updated in SPOTO that cover all exam answers and questions. We have various exam dumps involving PMI-ACP, RMP, CISM, CISA, Cisco, AWS, Microsoft, CISSP, CCNA, CCNP, CCIE LAB, etc. Besides, SPOTO has an exam proxy service for all candidates. More special offers are waiting for you!
Benefits of Choosing SPOTO CISA Exam Dumps for All Candidates!
- 100% Passing Rate
- Timely Updated Exam Dumps
- Completely Coverage of Real Exam
- Real Simulated Exam Environment
- 24h Professional Tutors Instruction
- High-score Passing Guarantee
- Latest Passing Report Feedback
- Professional Service Team
Get SPOTO 100% Real CISA Exam Answers and Questions!
The following is the CISA exam demos, and if you want to know the answers, and you can contact us directly! We have a detailed explanation for you!
1. During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST:
A.conduct additional compliance testing.
B.perform a business impact analysis (BIA).
C.evaluate the impact on current disaster recovery capability.
D.issue an intermediate report to management.
Answer:
2. An organization has implemented a distributed security administration system to replace the previous centralized one. Is auditor’s GREATEST concern should be that:
A.security procedures may be inadequate to support the change.
B.end-user acceptance of the new system is likely to be difficult to obtain.
C.the new system will require additional training.
D.a distributed security system is inherently a weak security system
Answer:
3. Which of the following is the MOST important requirement for an IS auditor to evaluate when reviewing a transmission of personally identifiable information (PII) between two organizations?
A.Necessity
B.Completeness
C.Timeliness
D.Accuracy
Answer:
4. Which of the following is the MOST effective way to assess whether an outsourcer’s controls are following the service level agreement (SLA)?
A. Perform an onsite review of the outsourcer.
B. Review the outsourcer’s monthly service reports.
C. Perform a review of penalty clauses for non-performance.
D.Review an internal audit report from the outsourcer’s auditor
Answer:
5. Which of the following BEST indicates the effectiveness of an organization’s risk management program?
A. Control risk is minimized.
B. Inherent risk is eliminated.
C. Residual risk is minimized.
D. The overall risk is quantified.
Answer:
6. Which of the following is MOST likely to be included in a post-implementation review?
A.Results of live processing
B.Current sets of test data
C.Test results
D.Development methodology
Answer:
7. An IS auditor is mapping controls to risk for an accounts payable system. What is the BEST control to detect errors in the system?
A.Alignment of the process to business objectives
B.Management approval of payments
C.Input validation
D.Quality control review of new payments
Answer:
8. Attribute sampling is BEST suited to estimate:
A.compliance with approved procedures.
B.the true monetary value of a population.
C.the total error amount in the population.
D.whether a recorded balance is within limits of materiality.
Answer:
9. Which of the following would BEST prevent data from being orphaned?
A.Table indexes
B.Input validation checks
C.Referential integrity
D.Table partitioning
Answer:
10. At what point in software development should the user acceptance test plan be prepared?
A.Implementation planning
B.Requirements definition
C.Transfer into production
D.Feasibility study
Answer:
11. A retirement system verifies that the field for employee status has either a value of A (for active) or R (for retired). This is an example of which type of check?
A.Validity
B.Existence
C.Limit
D.Completeness
Answer:
12. Which of the following controls would BEST decrease the exposure if a password is compromised?
A. Passwords are masked.
B. Passwords are encrypted.
C. Passwords have format restrictions
D. Password changes are forced periodically.
Answer:
13.When auditing a quality assurance plan an IS auditor should be MOST concerned if the:
A.quality assurance function is periodically reviewed by internal audit.
B.scope of quality assurance activities is undefined.
The C.quality assurance function is separate from the programming function.
D.SDLC is coupled with the quality assurance plan.
Answer:
14. An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed. Which of the following should be the IS auditor’s NEXT course of action?
A.Obtain a verbal confirmation from IT for this exemption
B.Review the list of end-users and evaluate for authorization
C.Verify management’s approval for this exemption
D.Report this control process weakness to senior management
Answer:
15. Which of the following activities would allow an Is auditor to maintain independence while facilitating a control self-assessment (CSA)?
A.Developing the CSA questionnaire
B.Developing the remediation plan
C.Implementing the remediation plan
D. Partially completing the CSA
Answer:
16. Which of the following is the PRIMARY benefit of using an integrated audit approach?
A.Higher acceptance of the findings from the audited business areas.
B.A holistic perspective of overall risk and a better understanding of controls.
C.The avoidance of duplicated work and redundant recommendations.
D.Enhanced allocation of resources and reduced audit costs.
Answer:
17. Following a recent internal data breach, an IS auditor was asked to evaluate information security practices within the organization. Which of the following findings would be MOST important to report to senior management?
A.Desktop passwords do not require special characters.
B. Employees are not required to sign a non-compete agreement.
C. Users lack technical knowledge related to security and data protection.
D. Security education and awareness workshops have not been completed.
Answer:
18. What should an IS auditor do when informed that some recommendations cannot be implemented due to financial constraints?
A.Document management’s response in the working papers.
B. Insist on the recommendations to be implemented.
C.Agree to waive the recommendations
D. Suggest management to identify cost-effective alternatives.
Answer:
19. An organization using instant messaging to communicate with customers can prevent legitimate customers from being impersonated by:
A.using call monitoring
B.logging conversations
C.using firewalls to limit network traffic to authorized ports.
D.authenticating users before conversations are initiated.
Answer:
20. Following an are audit recommendation all Telnet and File Transfer Protocol (FTP) connections have been replaced by Secure Socket Shell (SSH) and Secure File Transfer Protocol (SFTP). Which risk treatment approach has the organization adopted?
A.Transfer
B.Mitigation
C.Acceptance
D.Avoidance
Answer:
Note: SPOTO has helped millions of candidates pass the CISA exam in the first try! we have 100% real exam answers and questions and professional tutors teams! if you have any questions, and you can contact us! Besides, the exam proxy service is a chance to get the certified for all candidates! Hurry to contact us now!
Comments