ISACA CISA Certified Information Systems Auditor Online Training
ISACA CISA Online Training
The questions for CISA were last updated at May 30,2024.
- Exam Code: CISA
- Exam Name: Certified Information Systems Auditor
- Certification Provider: ISACA
- Latest update: May 30,2024
During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:
- A . Future compatibility of the application.
- B . Proposed functionality of the application.
- C . Controls incorporated into the system specifications.
- D . Development methodology employed.
Which of the following documents would be MOST useful in detecting a weakness in segregation of duties?
- A . System flowchart
- B . Data flow diagram
- C . Process flowchart
- D . Entity-relationship diagram
Which of the following is the BEST justification for deferring remediation testing until the next audit?
- A . The auditor who conducted the audit and agreed with the timeline has left the organization.
- B . Management’s planned actions are sufficient given the relative importance of the observations.
- C . Auditee management has accepted all observations reported by the auditor.
- D . The audit environment has changed significantly.
An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system. End users indicated concerns with the accuracy of critical automatic calculations made by the system.
The auditor’s FIRST course of action should be to:
- A . review recent changes to the system.
- B . verify completeness of user acceptance testing (UAT).
- C . verify results to determine validity of user concerns.
- D . review initial business requirements.
A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization.
Which of the following is MOST effective in detecting such an intrusion?
- A . Periodically reviewing log files
- B . Configuring the router as a firewall
- C . Using smart cards with one-time passwords
- D . Installing biometrics-based authentication
An IS auditor finds the log management system is overwhelmed with false positive alerts.
The auditor’s BEST recommendation would be to:
- A . establish criteria for reviewing alerts.
- B . recruit more monitoring personnel.
- C . reduce the firewall rules.
- D . fine tune the intrusion detection system (IDS).
Which of the following MOST effectively minimizes downtime during system conversions?
- A . Phased approach
- B . Direct cutover
- C . Pilot study
- D . Parallel run
Management is concerned about sensitive information being intentionally or unintentionally emailed as attachments outside the organization by employees.
What is the MOST important task before implementing any associated email controls?
- A . Require all employees to sign nondisclosure agreements (NDAs).
- B . Develop an acceptable use policy for end-user computing (EUC).
- C . Develop an information classification scheme.
- D . Provide notification to employees about possible email monitoring.
Which of the following is MOST important for an effective control self-assessment (CSA) program?
- A . Determining the scope of the assessment
- B . Performing detailed test procedures
- C . Evaluating changes to the risk environment
- D . Understanding the business process
When determining whether a project in the design phase will meet organizational objectives, what is BEST to compare against the business case?
- A . Implementation plan
- B . Project budget provisions
- C . Requirements analysis
- D . Project plan