ISACA CISA Certified Information Systems Auditor Online Training
ISACA CISA Online Training
The questions for CISA were last updated at May 17,2024.
- Exam Code: CISA
- Exam Name: Certified Information Systems Auditor
- Certification Provider: ISACA
- Latest update: May 17,2024
Coding standards provide which of the following?
- A . Program documentation
- B . Access control tables
- C . Data flow diagrams
- D . Field naming conventions
Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?
- A . Risk identification
- B . Risk classification
- C . Control self-assessment (CSA)
- D . Impact assessment
An organization’s enterprise architecture (EA) department decides to change a legacy system’s components while maintaining its original functionality.
Which of the following is MOST important for an IS auditor to understand when reviewing this decision?
- A . The current business capabilities delivered by the legacy system
- B . The proposed network topology to be used by the redesigned system
- C . The data flows between the components to be used by the redesigned system
- D . The database entity relationships within the legacy system
During an ongoing audit, management requests a briefing on the findings to date.
Which of the following is the IS auditor’s BEST course of action?
- A . Review working papers with the auditee.
- B . Request the auditee provide management responses.
- C . Request management wait until a final report is ready for discussion.
- D . Present observations for discussion only.
A data breach has occurred due lo malware.
Which of the following should be the FIRST course of action?
- A . Notify the cyber insurance company.
- B . Shut down the affected systems.
- C . Quarantine the impacted systems.
- D . Notify customers of the breach.
An IS auditor will be testing accounts payable controls by performing data analytics on the entire population of transactions.
Which of the following is MOST important for the auditor to confirm when sourcing the population data?
- A . The data is taken directly from the system.
- B . There is no privacy information in the data.
- C . The data can be obtained in a timely manner.
- D . The data analysis tools have been recently updated.
Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?
- A . Write access to production program libraries
- B . Write access to development data libraries
- C . Execute access to production program libraries
- D . Execute access to development program libraries
Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
- A . Audit cycle defined in the audit plan
- B . Complexity of management’s action plans
- C . Recommendation from executive management
- D . Residual risk from the findings of previous audits
Which of the following is the MOST important benefit of involving IS audit when implementing governance of enterprise IT?
- A . Identifying relevant roles for an enterprise IT governance framework
- B . Making decisions regarding risk response and monitoring of residual risk
- C . Verifying that legal, regulatory, and contractual requirements are being met
- D . Providing independent and objective feedback to facilitate improvement of IT processes
Which of the following strategies BEST optimizes data storage without compromising data retention practices?
- A . Limiting the size of file attachments being sent via email
- B . Automatically deleting emails older than one year
- C . Moving emails to a virtual email vault after 30 days
- D . Allowing employees to store large emails on flash drives