ISACA CISA Certified Information Systems Auditor Online Training
ISACA CISA Online Training
The questions for CISA were last updated at May 05,2024.
- Exam Code: CISA
- Exam Name: Certified Information Systems Auditor
- Certification Provider: ISACA
- Latest update: May 05,2024
Which of the following is the MOST effective way for an organization to project against data loss?
- A . Limit employee internet access.
- B . Implement data classification procedures.
- C . Review firewall logs for anomalies.
- D . Conduct periodic security awareness training.
While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function. In order to resolve the situation, the IS auditor’s BEST course of action would be to:
- A . re-prioritize the original issue as high risk and escalate to senior management.
- B . schedule a follow-up audit in the next audit cycle.
- C . postpone follow-up activities and escalate the alternative controls to senior audit management.
- D . determine whether the alternative controls sufficiently mitigate the risk.
An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner.
Which of the following is the auditor’s BEST recommendation?
- A . Increase the capacity of existing systems.
- B . Upgrade hardware to newer technology.
- C . Hire temporary contract workers for the IT function.
- D . Build a virtual environment.
An IS auditor notes that several employees are spending an excessive amount of time using social media sites for personal reasons.
Which of the following should the auditor recommend be performed FIRST?
- A . Implement a process to actively monitor postings on social networking sites.
- B . Adjust budget for network usage to include social media usage.
- C . Use data loss prevention (DLP) tools on endpoints.
- D . implement policies addressing acceptable usage of social media during working hours.
The PRIMARY advantage of object-oriented technology is enhanced:
- A . efficiency due to the re-use of elements of logic.
- B . management of sequential program execution for data access.
- C . grouping of objects into methods for data access.
- D . management of a restricted variety of data types for a data object.
An IS auditor is following up on prior period items and finds management did not address an audit finding.
Which of the following should be the IS auditor’s NEXT course of action?
- A . Note the exception in a new report as the item was not addressed by management.
- B . Recommend alternative solutions to address the repeat finding.
- C . Conduct a risk assessment of the repeat finding.
- D . Interview management to determine why the finding was not addressed.
From an IS auditor’s perspective, which of the following would be the GREATEST risk associated with an incomplete inventory of deployed software in an organization?
- A . Inability to close unused ports on critical servers
- B . Inability to identify unused licenses within the organization
- C . Inability to deploy updated security patches
- D . Inability to determine the cost of deployed software
An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged.
The IS auditor’s FIRST action should be to:
- A . recommend that the option to directly modify the database be removed immediately.
- B . recommend that the system require two persons to be involved in modifying the database.
- C . determine whether the log of changes to the tables is backed up.
- D . determine whether the audit trail is secured and reviewed.
During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?
- A . Rollback strategy
- B . Test cases
- C . Post-implementation review objectives
- D . Business case
What should be the PRIMARY basis for selecting which IS audits to perform in the coming year?
- A . Senior management’s request
- B . Prior year’s audit findings
- C . Organizational risk assessment
- D . Previous audit coverage and scope