ValidTorrent

http://www.validtorrent.com
High-quality valid dumps & reliable dumps torrent & useful PDF torrent
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

Exam : CISA

Title : Certified Information Systems

Auditor

Vendor : ISACA

Version : DEMO

1 Validtorrent.com.
Get Latest & Valid cisa Exam's Question and Answers from 1
https://www.validtorrent.com/CISA-valid-exam-torrent.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

NO.1 An IS auditor finds that needed security patches cannot be applied to some of an organization's
network devices due to compatibility issues. The organization has not budgeted sufficiently for
security upgrades. Which of the following should the auditor recommend be done FIRST?
A. Implement stronger security patch management processes.
B. Prioritize funding for next year's budget.
C. Discuss adding compensating controls with the vendor.
D. Perform a risk analysis of the relevant security issues.
Answer: D

NO.2 An IS auditor begins an assignment and identifies audit components for which the auditor is
not qualified to assess. Which of the following is the BEST course of anion?
A. Notify audit management for a decision on how to proceed
B. Exclude the related tests from the audit plan and continue the assignment.
C. Complete the audit and give full disclosure in the final audit report
D. Complete the work assignment to the best of the auditor's Ability
Answer: A

NO.3 One advantage of monetary unit sampling is the fact that:

A. large-value population items are segregated and audited separately
B. it increases the likelihood of selecting material items from the population,
C. results are stated in terms of the frequency of items in error
D. it can easily be applied manually when computer resources are not available
Answer: B

NO.4 Which of the following is the PRIMARY reason for an IS auditor to use computer-assisted audit
techniques (CAATs)?
A. To perform direct testing of production data
B. To efficiently test an entire population
C. To conduct automated sampling for testing
D. To enable quicker access to information
Answer: B

NO.5 Which of the following physical controls will MOST effectively prevent breaches of computer
room security?
A. Photo IDs
B. RFID badge
C. CCTV monitoring
D. Retina scanner
Answer: D

NO.6 Which of the following IS functions can be performed by the same group or individual while
still providing the proper segregation of duties?
A. Application programming and systems analysis

2 Validtorrent.com.
Get Latest & Valid cisa Exam's Question and Answers from 2
https://www.validtorrent.com/CISA-valid-exam-torrent.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

B. Database administration and computer operations

C. Security administration and application programming
D. Computer operations and application Multiple versions of the same operating system
programming
Answer: A

NO.7 A multinational organization is integrating its existing payroll system with a human resource
information system. Which of the following should be of GREATEST concern to the IS auditor?
A. Application interfaces
B. Currency conversion
C. Scope creep
D. System documentation
Answer: D

NO.8 An organization decides to establish a formal incident response capability with clear roles and
responsibilities facilitating centralized reporting of security incidents. Which type of control is being
implemented?
A. Corrective control
B. Compensating control
C. Detective control
D. Preventive control
Answer: A

NO.9 Which of the following is an IS auditor's BEST recommendation to help an organization

increase the efficiency of computing resources?
A. Virtualization
B. Real-time backups
C. Hardware upgrades
D. Overclocking the central processing unit (CPU)
Answer: C

NO.10 An IS auditor is a member of an application development team that is selecting software.

Which of the following would impair the auditor's independence?
A. Reviewing the request for proposal (RFP)
B. Witnessing the vendor selection process
C. Approving the vendor selection methodology
D. verifying the weighting of each selection criteria
Answer: C

NO.11 In the risk assessment process, which of the following should be identified FIRST?
A. Threats
B. Impact
C. Vulnerabilities

3 Validtorrent.com.
Get Latest & Valid cisa Exam's Question and Answers from 3
https://www.validtorrent.com/CISA-valid-exam-torrent.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

D. Assets
Answer: D

NO.12 Which of the following would BEST enable an IS auditor to perform an audit that requires
testing the full population of data?
A. Proficiency in programming and coding
B. Proficiency in the use of data analytics tools
C. Experience in database administration
D. Expertise in statistical sampling of data
Answer: B

NO.13 What is the PRIMARY benefit of prototyping as a method of system development?

A. Minimizes the time the IS auditor has to review the system.
B. Reduces the need for testing.
C. Eliminates the need for documentation.
D. Increases the likelihood of user satisfaction.
Answer: D

NO.14 A CIO has asked an IS auditor to implement several security controls for an organization s IT
processes and systems. The auditor should:
A. refuse due to independence issues.
B. communicate the conflict of interest to audit management
C. obtain approval from executive management for the implementation
D. perform the assignment and future audits with due professional care.
Answer: B

NO.15 An IS auditor is evaluating a virtual server environment and teams that the production server,
development server and management console are housed in the same physical host. What
A. The development server and management console share the same host.
B. The management console is a single point of failure
C. The physical host is a single point of failure.
D. The development and production servers share the same host.
Answer: C

NO.16 For a company that outsources payroll processing, which of the following is the BEST way to
ensure that only authorized employees are paid?
A. Electronic payroll reports should be independently reviewed.
B. Employees should receive pay statements showing gross pay, net pay. and deductions.
C. The company's bank reconciliations should be independently prepared and checked.
D. Only payroll employees should be given the password for data entry and report retrieval.
Answer: A

NO.17 During the design phase of a software development project, the PRIMARY responsibility of an

4 Validtorrent.com.
Get Latest & Valid cisa Exam's Question and Answers from 4
https://www.validtorrent.com/CISA-valid-exam-torrent.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

IS auditor is to evaluate the:

A. future compatibility of the design.
B. proposed functionality of the application.
C. controls incorporated into the system specifications.
D. development methodology employed.
Answer: C

NO.18 Which of the following is the GREATEST concern with conducting penetration testing on an
internally developed application in the production environment?
A. The testing may identify only known operating system vulnerabilities.
B. Internal security staff may not be qualified to conduct application penetration testing.
C. The issues identified during the testing may require significant remediation efforts.
D. The testing could create application availability issues.
Answer: D

NO.19 When reviewing a project to replace multiple manual data entry systems with an artificial
intelligence (Al) system, the IS auditor should be MOST concerned with the impact At will have on:
A. employee retention
B. enterprise architecture (EA).
C. task capacity output
D. future task updates
Answer: B

NO.20 While conducting a review of project plans related to a new software development, an IS
auditor finds the project initiation document (PID) is incomplete. What is the BEST way for the
auditor to proceed?
A. Escalate to the project steering committee.
B. Inform audit management of possible risks associated with the deficiency.
C. Prepare a finding for the audit report.
D. Meet with the project sponsor to discuss the incomplete document.
Answer: D

NO.21 To protect information assets, which of the following should be done FIRST?
A. Encrypt data.
B. Classify data.
C. Back up data.
D. Restrict access to data.
Answer: B

NO.22 Which of the following would be the MOST effective method to identify high risk areas in the
business to be included in the audit plan?
A. Engage with management to understand the business.
B. Review external audit reports of the business.

5 Validtorrent.com.
Get Latest & Valid cisa Exam's Question and Answers from 5
https://www.validtorrent.com/CISA-valid-exam-torrent.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

C. Review industry reports to identify common risk areas

D. Validate current risk from poor internal audit findings.
Answer: A

NO.23 Which of the following projects would be MOST important to review in an audit of an
organizations financial statements?
A. Automation of operational risk management processes
B. Resource optimization of the enterprise resource planning (ERP) system
C. Security enhancements to the customer relationship database
D. Outsourcing of the payroll system to an external service provider
Answer: D

NO.24 Which of the following is MOST influential when defining disaster recovery strategies?
A. Existing server redundancies
B. Maximum tolerable downtime
C. Annual loss expectancy
D. Data classification scheme
Answer: C

NO.25 Which of the following should be of GREATEST concern to an IS auditor reviewing the controls
for a continuous software release process?
A. Test libraries have not been reviewed in over six months
B. Testing documentation is not attached to production releases.
C. Release documentation is not updated to reflect successful deployment
D. Developers are able to approve their own releases
Answer: D

NO.26 During a review of an application system, an IS auditor identifies automated controls

designed to prevent the entry of duplicate transactions. What is the BEST way to verify that the
controls work as designed?
A. Use generalized audit software for seeking data corresponding to duplicate transactions.
B. Enter duplicate transactions in a copy of the live system.
C. Review quality assurance (QA) test results.
D. Implement periodic reconciliations.
Answer: B

NO.27 Which of the following is the BEST source of information for an IS auditor when planning an
audit of a business application's controls?
A. Process flow diagrams
B. Access control lists
C. User documentation
D. Change control procedures
Answer: A

6 Validtorrent.com.
Get Latest & Valid cisa Exam's Question and Answers from 6
https://www.validtorrent.com/CISA-valid-exam-torrent.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

NO.28 servDuring an internal audit review of a human resources (HR) recruitment system
implementation the IS auditor notes that several defects were unresolved at the time the system
went live Which of the following is the auditor's MOST important task prior to formulating an audit
opinion?
A. Review the initial implementation plan for timelines.
B. Confirm the project plan was approved.
C. Confirm the seventy of the identified defects.
D. Review the user acceptance test (UAT) results for defects
Answer: C

NO.29 Which of the following is the MAIN benefit of using data analytics when testing the
effectiveness of controls?
A. Analytics remove the need to focus on areas of higher risk
B. The demand for IS auditors is reduced over time
C. The full population can be tested.
D. Analytics can be applied to any type of control
Answer: C

NO.30 What would be an IS auditor's BEST recommendation upon finding that a third-party IT
service provider hosts the organization's human resources (HR) system in a foreign country?
A. Perform background verification checks.
B. Implement change management review.
C. Review third-party audit reports.
D. Conduct a privacy impact analysis.
Answer: D

7 Validtorrent.com.
Get Latest & Valid cisa Exam's Question and Answers from 7
https://www.validtorrent.com/CISA-valid-exam-torrent.html