Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
NO.1 At what point in software development should the user acceptance test plan be prepared?
A. Transfer into production
B. Implementation planning
C. Feasibility study
D. Requirements definition
Answer: D
NO.2 Reconciliations have identified data discrepancies between an enterprise data warehouse and
a revenue system for key financial reports. What is the GREATEST risk to the organization in this
situation?
A. Decisions may be made based on incorrect information
B. Undetected fraud may occur.
C. The key financial reports may no longer be produced.
D. Financial reports may be delayed.
Answer: A
NO.3 The practice of periodic secure code reviews is which type of control?
A. Detective
B. Preventive
C. Corrective
D. Compensating
Answer: B
NO.4 Which of the following audit procedures would be MOST conclusive in evaluating the
effectiveness of an e-commerce application system's edit routine?
A. Review of program documentation
B. Use of test transactions
C. Review of source code
D. Interviews with knowledgeable users
Answer: C
NO.5 The BEST way to prevent fraudulent payments is to implement segregation of duties between
payment processing and:
A. check creation.
B. vendor setup.
C. requisition creation.
D. payment approval.
Answer: D
NO.6 An IS auditor is reviewing the change management process in a large IT service organization.
Which of the following observations would be the GREATEST concern?
A. A senior developer has permanent access to promote code for emergency software releases
B. Emergency software releases are not fully documented after implementation
Get Latest & Valid CISA Exam's Question and Answers 2from Freecram.com. 1
https://www.freecram.com/exam/CISA-certified-information-systems-auditor-e2240.html
� Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
C. Code is migrated manually into production during emergency software releases
D. User acceptance testing (UAT) can be waived in case of emergency software releases
Answer: A
NO.7 Which of the following should be an IS auditor's PRIMARY focus when developing a risk-
banned IS audit program?
A. IT strategic plans
B. Portfolio management
C. Business processes
D. Business plans
Answer: C
NO.8 Which of the following would be the MOST appropriate reason for an organization to purchase
fault-tolerant hardware?
A. Improving system performance
B. Minimizing business loss
C. Reducing hardware maintenance costs
D. Compensating for the lack of contingency planning
Answer: B
NO.9 A review of IT interface controls finds an organization does not have a process to identify and
correct records that do not get transferred to the receiving system. Which of the following is.........
A. Implement software to perform automatic reconciliations of data between systems
B. Enable automatic encryption, decryption and electronic signing of data files
C. Have coders perform manual reconciliation of data between systems
D. Automate the transfer of data between systems as much as feasible.
Answer: D
NO.10 Which of the following is the BEST preventive control to ensure the integrity of server
operating systems?
A. Logging all activity on the server
B. Protecting the server in a secure data center
C. Monitoring server performance
D. Hardening the server configurations
Answer: D
NO.11 An IS auditor is assigned to review the development of a specific application. Which of the
following would be the MOST significant step following the feasibility study?
A. Assist users in the design of proper acceptance-testing procedures.
B. Attend project progress meetings to monitor timely implementation of the application.
C. Follow up with project sponsor for project's budgets and actual costs.
D. Review functional design to determine that appropriate controls are planned.
Answer: D
Get Latest & Valid CISA Exam's Question and Answers 3from Freecram.com. 2
https://www.freecram.com/exam/CISA-certified-information-systems-auditor-e2240.html
� Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
NO.12 Regression testing should be used during a system development project to ensure that:
A. the results of testing are statistically vsalid
B. the test plan is based on an analysis of the impact of past testing
C. errors have not been introduced to the system during modification
D. system testing will address high-probability errors.
Answer: C
NO.13 A data center's physical access log system captures each visitor's identification document
numbers along with the visitor's photo. Which of the following sampling methods would be MOST
useful to an IS auditor conducting compliance testing for the effectiveness of the system?
A. Variable sampling
B. Quota sampling
C. Attribute sampling
D. Haphazard sampling
Answer: D
NO.14 Which of the following is the BEST way to reduce sampling risk?
A. Plan the audit in accordance with generally accepted auditing principles
B. Align the sampling approach with the one used by external auditors
C. Assign experienced auditors to the sampling process.
D. Ensure each item has an equal chance to be selected
Answer: D
NO.15 Which of the following physical controls will MOST effectively prevent breaches of computer
room security?
A. Photo IDs
B. RFID badge
C. Retina scanner
D. CCTV monitoring
Answer: C
NO.16 Which of the following is the PRIMARY objective of implementing privacy-related controls
within an organization"?
A. To prevent confidential data loss
B. To identify data at rest and data in transit for encryption
C. To comply with legal and regulatory requirements
D. To provide options to individuals regarding use of their data
Answer: D
NO.17 When evaluating a protect immediately prior to implementation, which of the following
would provide the BEST evidence that the system has the required functionality?
A. Quality assurance (QA) results
Get Latest & Valid CISA Exam's Question and Answers 4from Freecram.com. 3
https://www.freecram.com/exam/CISA-certified-information-systems-auditor-e2240.html
� Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
B. User acceptance testing (UAT) results
C. Integration testing results
D. Sign-off from senior management
Answer: A
NO.18 Which of the following is the BEST indicator of the effectiveness of signature-based intrusion
detection systems (IDSs)?
A. An increase in the number of detected incidents not previously identified
B. An increase in the number of identified false positives
C. An increase in the number of internally reported critical incidents
D. An increase in the number of unfamiliar sources of intruders
Answer: C
NO.19 An e-commerce enterprise's disaster recovery (DR) site has 30% less processing capability
than the primary site. Based on this information, which of the following presents the GREATEST risk?
A. Network firewalls and database firewalls at the DR site do not provide high availability.
B. The DR site is in a shared location that hosts multiple other enterprises.
C. The DR site has not undergone testing to confirm its effectiveness.
D. No disaster recovery plan (DRP) testing has been performed during the last six months.
Answer: C
NO.20 In a high-volume, real-time system, the MOST effective technique by which to continuously
monitor and analyze transaction processing is:
A. integrated test facility (ITF)
B. embedded audit modules.
C. parallel simulation.
D. transaction tagging
Answer: A
NO.21 A new privacy regulation requires a customer's privacy information to be deleted within 72
hours, if requested.
Which of the following would be an IS auditor's GREATEST concern regarding compliance to this
regulation?
A. Lack of knowledge of where customers' information is saved
B. End user access to applications with customer information
C. Incomplete backup and retention policies
D. Outdated online privacy policies
Answer: A
NO.22 An organization has agreed to perform remediation related to high-risk audit findings. The
remediation process involves a complex reorganization of user roles as well as the Implementation of
several compensating controls that may not be completed within the next audit cycle Which of the
following is the BEST way for an IS auditor to follow up on their activities?
Get Latest & Valid CISA Exam's Question and Answers 5from Freecram.com. 4
https://www.freecram.com/exam/CISA-certified-information-systems-auditor-e2240.html
� Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
A. Schedule a review of the controls after the projected remediation date
B. Provide management with a remediation timeline and verity adherence
C. Continue to audit the failed controls according to the audit schedule
D. Review the progress of remediation on a regular basis
Answer: B
NO.23 When an IS auditor evaluates key performance indicators (KPls) (or IT initiatives, it is MOST
important that the KPIs indicate.
A. IT objectives are measured
B. IT solutions are within budget
C. IT deliverables are process driven.
D. IT resources are fully utilized
Answer: A
NO.24 The BEST way to preserve data integrity through all phases of application containerization is
to ensure which of the following?
A. Information security roles are defined and communicated in the information security policy.
B. Developers are educated about how their roles relate to application security best practices.
C. The development team performs regular patching of application containers.
D. Segregation of duties is developed and maintained in the application container environment.
Answer: D
NO.25 When developing metrics to measure the contribution of IT to the achievement of business
goals, the MOST important consideration is that the metrics:
A. provide quantitative measurement of IT initiatives in relation with business targets,
B. are used by similar industries to measure the effect of IT on business strategy.
C. measure the effectiveness of IT controls in the achievement of IT strategy.
D. are expressed in terms of how IT risk impacts the achievement of business goals.
Answer: A
NO.26 Which of the following is the BEST way to minimize the impact of a ransomware attack?
A. Maintain a regular schedule for patch updates.
B. Provide user awareness training on ransomware attacks.
C. Perform more frequent system backups.
D. Grant system access based on least privilege.
Answer: C
NO.27 Which of the following is the MOST important process to ensure planned IT system changes
are completed in an efficient manner?
A. Incident management
B. Configuration management
C. Release management
D. Demand management
Get Latest & Valid CISA Exam's Question and Answers 6from Freecram.com. 5
https://www.freecram.com/exam/CISA-certified-information-systems-auditor-e2240.html
� Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!
Answer: C
NO.28 An IS auditor is evaluating a virtual server environment and learns that the production server,
development server, and management console are housed in the same physical host. What should be
the auditor's PRIMARY concern?
A. The development and production servers share the same host
B. The development server and management console share the same host
C. The management console is a single point of failure.
D. The physical host is a single point of failure
Answer: C
NO.29 An IS auditor noted that a change to a critical calculation was placed into the production
environment without being tested. Which of the following is the BEST way to obtain assurance that
the calculation functions correctly?
A. Check regular execution of the calculation batch job.
B. Perform substantive testing using computer-assisted audit techniques (CAATs).
C. Obtain post-change approval from management.
D. Interview the lead system developer.
Answer: A
NO.30 Which of the following is the BEST IS audit strategy?
A. Perform audits based on Impact and probability of error and failure.
B. Cycle general control and application audits over a two-year period
C. Conduct general control audits annually and application audits in alternating years
D. Limit audits to new application system developments
Answer: A
Get Latest & Valid CISA Exam's Question and Answers 7from Freecram.com. 6
https://www.freecram.com/exam/CISA-certified-information-systems-auditor-e2240.html
