ISACA CISA Certified Information Systems Auditor Online Training
ISACA CISA Online Training
The questions for CISA were last updated at Apr 24,2024.
- Exam Code: CISA
- Exam Name: Certified Information Systems Auditor
- Certification Provider: ISACA
- Latest update: Apr 24,2024
An IS auditor is examining a front-end subledger and a main ledger.
Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?
- A . Double-posting of a single journal entry
- B . Inability to support new business transactions
- C . Unauthorized alteration of account attributes
- D . Inaccuracy of financial reporting
What is MOST important to verify during an external assessment of network vulnerability?
- A . Update of security information event management (SIEM) rules
- B . Regular review of the network security policy
- C . Completeness of network asset inventory
- D . Location of intrusion detection systems (IDS)
Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?
- A . Assurance that the new system meets functional requirements
- B . More time for users to complete training for the new system
- C . Significant cost savings over other system implemental or approaches
- D . Assurance that the new system meets performance requirements
A system development project is experiencing delays due to ongoing staff shortages.
Which of the following strategies would provide the GREATEST assurance of system quality at implementation?
- A . Implement overtime pay and bonuses for all development staff.
- B . Utilize new system development tools to improve productivity.
- C . Recruit IS staff to expedite system development.
- D . Deliver only the core functionality on the initial target date.
Which of the following is MOST important to ensure when developing an effective security awareness program?
- A . Training personnel are information security professionals.
- B . Phishing exercises are conducted post-training.
- C . Security threat scenarios are included in the program content.
- D . Outcome metrics for the program are established.
An online retailer is receiving customer complaints about receiving different items from what they ordered on the organization’s website. The root cause has been traced to poor data quality. Despite efforts to clean erroneous data from the system, multiple data quality issues continue to occur.
Which of the following recommendations would be the BEST way to reduce the likelihood of future occurrences?
- A . Assign responsibility for improving data quality.
- B . Invest in additional employee training for data entry.
- C . Outsource data cleansing activities to reliable third parties.
- D . Implement business rules to validate employee data entry.
Which of the following is the BEST recommendation to prevent fraudulent electronic funds transfers by accounts payable employees?
- A . Periodic vendor reviews
- B . Dual control
- C . Independent reconciliation
- D . Re-keying of monetary amounts
- E . Engage an external security incident response expert for incident handling.
Which of the following demonstrates the use of data analytics for a loan origination process?
- A . Evaluating whether loan records are included in the batch file and are validated by the servicing system
- B . Comparing a population of loans input in the origination system to loans booked on the servicing system
- C . Validating whether reconciliations between the two systems are performed and discrepancies are investigated
- D . Reviewing error handling controls to notify appropriate personnel in the event of a transmission failure
During the discussion of a draft audit report. IT management provided suitable evidence fiat a process has been implemented for a control that had been concluded by the IS auditor as Ineffective.
Which of the following is the auditor’s BEST action?
- A . Explain to IT management that the new control will be evaluated during follow-up
- B . Re-perform the audit before changing the conclusion.
- C . Change the conclusion based on evidence provided by IT management.
- D . Add comments about the action taken by IT management in the report.
Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?
- A . Background checks
- B . User awareness training
- C . Transaction log review
- D . Mandatory holidays