Free Isaca CISA Exam Dumps and CISA Exam Questions

Question No: 21

MultipleChoice

Which of the following is the MOST efficient way to assess the controls in a service provider's environment?

Options

AReview testing performed by the service provider's internal audit department.

BReview the service provider's master service agreement (MSA).

CRequire the service provider to conduct control self-assessments (CSAs).

DObtain an independent auditor's report from the service provider.

Question No: 22

MultipleChoice

An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities Which of the following is the BEST recommendation by the IS auditor?

Options

AImprove the change management process

BEstablish security metrics.

CPerform a penetration test

DPerform a configuration review

Question No: 23

MultipleChoice

When assessing whether an organization's IT performance measures are comparable to other organizations in the same industry, which of the following would be MOST helpful to review13

Options

AIT governance frameworks

BBenchmarking surveys

CUtilization reports

CBalanced scorecard

Question No: 24

MultipleChoice

Which of the following is MOST important for an IS auditor to consider when performing the risk assessment prior to an audit engagement?

Options

AIndustry standards and best practices

BThe results of the previous audit

CThe design of controls

DThe amount of time since the previous audit

Question No: 25

MultipleChoice

Due to limited storage capacity, an organization has decided to reduce the actual retention period (or media containing completed low-value transactions. Which ol the following is MOST important lor the organization to ensure?

Options

AThe policy includes a strong risk-based approach.

BThe retention period allows for review during the year-end audit.

CThe retention period complies with data owner responsibilities.

DThe total transaction amount has no impact on financial reporting

Question No: 26

MultipleChoice

During the implementation of an upgraded enterprise resource planning (ERP) system, which of Ihe following is the MOST important consideration for a go-live decision?

Options

ABusiness case

BRollback strategy

CTest cases

DPost-implementation review objectives

Question No: 27

MultipleChoice

What is the GREATEST concern tor an IS auditor reviewing contracts for licensed software that executes a critical business process?

Options

AThe contract does not contain a right-to-audit clause.

BAn operational level agreement (OLA) was not negotiated.

CSeveral vendor deliverables missed the commitment date.

DSoftware escrow was not negotiated.

Question No: 28

MultipleChoice

On a public-key cryptosystem when there is no previous knowledge between parties, which of the following will BEST help to prevent one person from using a fictitious key to impersonate someone else?

Options

AEncrypt the message containing the senders public key, using a private-key cryptosystem.

BSend a certificate that can be verified by a certification authority with the public key.

CEncrypt the message containing the senders public key; using the recipients pubic key.

DSend the public key to the recipient prior to establishing the connection.

Question No: 29

MultipleChoice

Which of the following should be seen as one of the most significant factors considered when determining the frequency of IS audits within your organization?

Options

AThe cost of risk analysis

BThe income generated by the business function

CResource allocation strategy

DThe nature and level of risk

ENone of the choices.

Question No: 30

MultipleChoice

Properly planned risk-based audit programs are often capable of offering which of the following benefits?

Options

Aaudit efficiency and effectiveness.

Baudit efficiency only.

Caudit effectiveness only.

Daudit transparency only.

Eaudit transparency and effectiveness.

FNone of the choices.

Free Isaca CISA Exam Dumps - Page 3