DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CISA Practice Tests & Real Exam Dumps 2024 Updated, Certified Information Systems Auditor | SPOTO

Welcome to SPOTO's CISA Practice Tests & Real Exam Dumps for 2024! Our updated mock tests and exam dumps are designed to equip you with the necessary skills to excel in the Certified Information Systems Auditor® (CISA®) certification exam. Using mock tests for exam preparation offers numerous advantages, including familiarizing you with the exam format, improving time management, identifying weak areas for focused study, and boosting confidence. With SPOTO, access a wealth of exam materials, sample questions, and practice tests, ensuring a comprehensive and effective exam preparation experience. Prepare confidently, master exam questions, and achieve success with SPOTO's CISA Exam Practice and Real Exam Dumps. Join us today and take the next step towards your CISA certification journey.

Take other online exams

Question #1
What type of BCP test uses actual resources to simulate a system crash and validate the plan's effectiveness?
A. Paper
B. Preparedness
C. Walk-through
D. Parallel
View answer
Correct Answer: B

View The Updated CISA Exam Questions

SPOTO Provides 100% Real CISA Exam Questions for You to Pass Your CISA Exam!

Question #2
IT governance is PRIMARILY the responsibility of the:
A. chief executive office
B. board of director
C. IT steering committe
D. audit committe
View answer
Correct Answer: A
Question #3
What is often assured through table link verification and reference checks?
A. Database integrity
B. Database synchronization
C. Database normalcy
D. Database accuracy
View answer
Correct Answer: B
Question #4
An IS auditor usually places more reliance on evidence directly collected. What is an example of such evidence?
A. Evidence collected through personal observation
B. Evidence collected through systems logs provided by the organization's security administration
C. Evidence collected through surveys collected from internal staff
D. Evidence collected through transaction reports provided by the organization's IT administration
View answer
Correct Answer: B
Question #5
Assessing IT risks is BEST achieved by:
A. evaluating threats associated with existing IT assets and IT project
B. using the firm's past actual loss experience to determine current exposur
C. reviewing published loss statistics from comparable organization
D. reviewing IT control weaknesses identified in audit report
View answer
Correct Answer: A
Question #6
Processing controls ensure that data is accurate and complete, and is processed only through which of the following? Choose the BEST answer.
A. Documented routines
B. Authorized routines
C. Accepted routines
D. Approved routines
View answer
Correct Answer: D
Question #7
Which of the following is the MOST critical step in planning an audit?
A. Implementing a prescribed auditing framework such as COBIT
B. Identifying current controls
C. Identifying high-risk audit targets
D. Testing controls
View answer
Correct Answer: A
Question #8
An advantage of using sanitized live transactions in test data is that:
A. all transaction types will be include
B. every error condition is likely to be teste
C. no special routines are required to assess the result
D. test transactions are representative of live processin
View answer
Correct Answer: B
Question #9
The directory system of a database-management system describes:
A. The access method to the data
B. The location of data AND the access method
C. The location of data
D. Neither the location of data NOR the access method
View answer
Correct Answer: A
Question #10
Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should:
A. include the finding in the final report, because the IS auditor is responsible for an accurate report of all finding
B. not include the finding in the final report, because the audit report should include only unresolved finding
C. not include the finding in the final report, because corrective action can be verified by the IS auditor during the audi
D. include the finding in the closing meeting for discussion purposes onl
View answer
Correct Answer: A
Question #11
An IS auditor should carefully review the functional requirements in a systems-development project to ensure that the project is designed to:
A. Meet business objectives
B. Enforce data security
C. Be culturally feasible
D. Be financially feasible
View answer
Correct Answer: A
Question #12
Fourth-Generation Languages (4GLs) are most appropriate for designing the application's graphical user interface (GUI). They are inappropriate for designing any intensive data-calculation procedures. True or false?
A. True
B. False
View answer
Correct Answer: A
Question #13
As compared to understanding an organization's IT process from evidence directly collected, how valuable are prior audit reports as evidence?
A. The same valu
B. Greater valu
C. Lesser valu
D. Prior audit reports are not relevan
View answer
Correct Answer: B
Question #14
What is the lowest level of the IT governance maturity model where an IT balanced scorecard exists?
A. Repeatable but Intuitive
B. Defined
C. Managed and Measurable
D. Optimized
View answer
Correct Answer: B
Question #15
To properly evaluate the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of which of the following? Choose the BEST answer.
A. The business objectives of the organization
B. The effect of segregation of duties on internal controls
C. The point at which controls are exercised as data flows through the system
D. Organizational control policies
View answer
Correct Answer: B
Question #16
Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital?
A. Multiplexer
B. Modem
C. Protocol converter
D. Concentrator
View answer
Correct Answer: A
Question #17
Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation?
A. Multiple cycles of backup files remain availabl
B. Access controls establish accountability for e-mail activit
C. Data classification regulates what information should be communicated via e-mai
D. Within the enterprise, a clear policy for using e-mail ensures that evidence is availabl
View answer
Correct Answer: A
Question #18
Who is responsible for the overall direction, costs, and timetables for systems-development projects?
A. The project sponsor
B. The project steering committee
C. Senior management
D. The project team leader
View answer
Correct Answer: B
Question #19
When reviewing an active project, an IS auditor observed that, because of a reduction in anticipated benefits and increased costs, the business case was no longer valid. The IS auditor should recommend that the:
A. project be discontinue
B. business case be updated and possible corrective actions be identifie
C. project be returned to the project sponsor for reapprova
D. project be completed and the business case be updated late
View answer
Correct Answer: D
Question #20
Parity bits are a control used to validate:
A. Data authentication
B. Data completeness
C. Data source
D. Data accuracy
View answer
Correct Answer: A
Question #21
Why is the WAP gateway a component warranting critical concern and review for the IS auditor when auditing and testing controls enforcing message confidentiality?
A. WAP is often configured by default settings and is thus insecur
B. WAP provides weak encryption for wireless traffi
C. WAP functions as a protocol-conversion gateway for wireless TLS to Internet SS
D. WAP often interfaces critical IT system
View answer
Correct Answer: B
Question #22
What is used as a control to detect loss, corruption, or duplication of data?
A. Redundancy check
B. Reasonableness check
C. Hash totals
D. Accuracy check
View answer
Correct Answer: D
Question #23
After an IS auditor has identified threats and potential impacts, the auditor should:
A. Identify and evaluate the existing controls
B. Conduct a business impact analysis (BIA)
C. Report on existing controls
D. Propose new controls
View answer
Correct Answer: B
Question #24
In an audit of an inventory application, which approach would provide the BEST evidence that purchase orders are valid?
A. Testing whether inappropriate personnel can change application parameters
B. Tracing purchase orders to a computer listing
C. Comparing receiving reports to purchase order details
D. Reviewing the application documentation
View answer
Correct Answer: B
Question #25
In the process of evaluating program change controls, an IS auditor would use source code comparison software to:
A. examine source program changes without information from IS personne
B. detect a source program change made between acquiring a copy of the source and the comparison ru
C. confirm that the control copy is the current version of the production progra
D. ensure that all changes made in the current source copy are detecte
View answer
Correct Answer: D
Question #26
An IS auditor finds that, in accordance with IS policy, IDs of terminated users are deactivated within 90 days of termination. The IS auditor should:
A. report that the control is operating effectively since deactivation happens within the time frame stated in the IS polic
B. verify that user access rights have been granted on a need-to-have basi
C. recommend changes to the IS policy to ensure deactivation of user IDs upon terminatio
D. recommend that activity logs of terminated users be reviewed on a regular basi
View answer
Correct Answer: A
Question #27
Which of the following audit techniques would BEST aid an auditor in determining whether there have been unauthorized program changes since the last authorized program update?
A. Test data run
B. Code review
C. Automated code comparison
D. Review of code migration procedures
View answer
Correct Answer: C
Question #28
During an audit, an IS auditor notices that the IT department of a medium-sized organization has no separate risk management function, and the organization's operational risk documentation only contains a few broadly described IT risks. What is the MOST appropriate recommendation in this situation?
A. Create an IT risk management department and establish an IT risk framework with the aid of external risk management expert
B. Use common industry standard aids to divide the existing risk documentation into several individual risks which will be easier to handl
C. No recommendation is necessary since the current approach is appropriate for a medium-sized organizatio
D. Establish regular IT risk management meetings to identify and assess risks, and create a mitigation plan as input to the organization's risk managemen
View answer
Correct Answer: A
Question #29
Which of the following should an IS auditor recommend to BEST enforce alignment of an IT project portfolio with strategic organizational priorities?
A. Define a balanced scorecard (BSC) for measuring performance
B. Consider user satisfaction in the key performance indicators (KPIs)
C. Select projects according to business benefits and risks
D. Modify the yearly process of defining the project portfolio
View answer
Correct Answer: C
Question #30
An IS auditor evaluates the test results of a modification to a system that deals with payment computation. The auditor finds that 50 percent of the calculations do not match predetermined totals. Which of the following would MOST likely be the next step in the audit?
A. Design further tests of the calculations that are in erro
B. Identify variables that may have caused the test results to be inaccurat
C. Examine some of the test cases to confirm the result
D. Document the results and prepare a report of findings, conclusions and recommendation
View answer
Correct Answer: A
Question #31
Which of the following would provide the highest degree of server access control?
A. A mantrap-monitored entryway to the server room
B. Host-based intrusion detection combined with CCTV
C. Network-based intrusion detection
D. A fingerprint scanner facilitating biometric access control
View answer
Correct Answer: C
Question #32
An IS auditor who was involved in designing an organization's business continuity plan (BCP) has been assigned to audit the plan. The IS auditor should:
A. decline the assignmen
B. inform management of the possible conflict of interest after completing the audit assignmen
C. inform the business continuity planning (BCP) team of the possible conflict of interest prior to beginning the assignmen
D. communicate the possibility of conflict of interest to management prior to starting the assignmen
View answer
Correct Answer: C
Question #33
Run-to-run totals can verify data through which stage(s) of application processing?
A. Initial
B. Various
C. Final
D. Output
View answer
Correct Answer: D
Question #34
An organization is implementing an enterprise resource planning (ERP) application to meet its business objectives. Of the following, who is PRIMARILY responsible for overseeing the project in order to ensure that it is progressing in accordance with the project plan and that it will deliver the expected results?
A. Project sponsor
B. System development project team (SPDT)
C. Project steering committee
D. User project team (UPT)
View answer
Correct Answer: A
Question #35
CORRECT TEXT The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. Which would be the BEST audit technique to use in this situation?
A. Test data
B. Generalized audit software
C. Integrated test facility
D. Embedded audit module
View answer
Correct Answer: B
Question #36
An IS auditor has been assigned to review IT structures and activities recently outsourced to various providers. Which of the following should the IS auditor determine FIRST?
A. That an audit clause is present in all contracts
B. That the SLA of each contract is substantiated by appropriate KPIs
C. That the contractual warranties of the providers support the business needs of the organization
D. That at contract termination, support is guaranteed by each outsourcer for new outsourcers
View answer
Correct Answer: A
Question #37
Which of the following is the key benefit of control self-assessment (CSA)?
A. Management ownership of the internal controls supporting business objectives is reinforce
B. Audit expenses are reduced when the assessment results are an input to external audit wor
C. Improved fraud detection since internal business staff are engaged in testing controls
D. Internal auditors can shift to a consultative approach by using the results of the assessmen
View answer
Correct Answer: B
Question #38
Which of the following is the dominating objective of BCP and DRP?
A. To protect human life
B. To mitigate the risk and impact of a business interruption
C. To eliminate the risk and impact of a business interruption
D. To transfer the risk and impact of a business interruption
View answer
Correct Answer: A
Question #39
When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:
A. controls needed to mitigate risks are in plac
B. vulnerabilities and threats are identifie
C. audit risks are considere
D. a gap analysis is appropriat
View answer
Correct Answer: B
Question #40
Which of the following would MOST likely indicate that a customer data warehouse should remain in-house rather than be outsourced to an offshore operation?
A. Time zone differences could impede communications between IT team
B. Telecommunications cost could be much higher in the first yea
C. Privacy laws could prevent cross-border flow of informatio
D. Software development may require more detailed specification
View answer
Correct Answer: B
Question #41
Which of the following IT governance best practices improves strategic alignment?
A. Supplier and partner risks are manage
B. A knowledge base on customers, products, markets and processes is in plac
C. A structure is provided that facilitates the creation and sharing of business informatio
D. Top management mediate between the imperatives of business and technolog
View answer
Correct Answer: D
Question #42
Which of the following is best suited for searching for address field duplications?
A. Text search forensic utility software
B. Generalized audit software
C. Productivity audit software
D. Manual review
View answer
Correct Answer: A
Question #43
What is the most common reason for information systems to fail to meet the needs of users? Choose the BEST answer.
A. Lack of funding
B. Inadequate user participation during system requirements definition
C. Inadequate senior management participation during system requirements definition
D. Poor IT strategic planning
View answer
Correct Answer: A
Question #44
Which of the following BEST supports the prioritization of new IT projects?
A. Internal control self-assessment (CSA)
B. Information systems audit
C. Investment portfolio analysis
D. Business risk assessment
View answer
Correct Answer: D
Question #45
What can be implemented to provide the highest level of protection from external attack?
A. Layering perimeter network protection by configuring the firewall as a screened host in a screened subnet behind the bastion host
B. Configuring the firewall as a screened host behind a router
C. Configuring the firewall as the protecting bastion host
D. Configuring two load-sharing firewalls facilitating VPN access from external hosts to internal hosts
View answer
Correct Answer: D
Question #46
When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor?
A. There could be a question regarding the legal jurisdictio
B. Having a provider abroad will cause excessive costs in future audit
C. The auditing process will be difficult because of the distanc
D. There could be different auditing norm
View answer
Correct Answer: D
Question #47
Which of the following is the MOST important function to be performed by IS management when a service has been outsourced?
A. Ensuring that invoices are paid to the provider
B. Participating in systems design with the provider
C. Renegotiating the provider's fees
D. Monitoring the outsourcing provider's performance
View answer
Correct Answer: B
Question #48
When developing a security architecture, which of the following steps should be executed FIRST?
A. Developing security procedures
B. Defining a security policy
C. Specifying an access control methodology
D. Defining roles and responsibilities
View answer
Correct Answer: D
Question #49
An off-site processing facility should be easily identifiable externally because easy identification helps ensure smoother recovery. True or false?
A. True
B. False
View answer
Correct Answer: B
Question #50
Key verification is one of the best controls for ensuring that:
A. Data is entered correctly
B. Only authorized cryptographic keys are used
C. Input is authorized
D. Database indexing is performed properly
View answer
Correct Answer: A
Question #51
What is a data validation edit control that matches input data to an occurrence rate? Choose the BEST answer.
A. Accuracy check
B. Completeness check
C. Reasonableness check
D. Redundancy check
View answer
Correct Answer: B
Question #52
To aid management in achieving IT and business alignment, an IS auditor should recommend the use of:
A. control self-assessment
B. a business impact analysi
C. an IT balanced scorecar
D. business process reengineerin
View answer
Correct Answer: D
Question #53
The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as:
A. rule
B. decision tree
C. semantic net
D. dataflow diagram
View answer
Correct Answer: A
Question #54
Which of the following exploit vulnerabilities to cause loss or damage to the organization and its assets?
A. Exposures
B. Threats
C. Hazards
D. Insufficient controls
View answer
Correct Answer: D
Question #55
Which of the following BEST characterizes a mantrap or deadman door, which is used as a deterrent control for the vulnerability of piggybacking?
A. A monitored double-doorway entry system
B. A monitored turnstile entry system
C. A monitored doorway entry system
D. A one-way door that does not allow exit after entry
View answer
Correct Answer: A
Question #56
Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation?
A. Specific developments only
B. Business requirements only
C. All phases of the installation must be documented
D. No need to develop a customer specific documentation
View answer
Correct Answer: B
Question #57
Which of the following is of greatest concern when performing an IS audit?
A. Users' ability to directly modify the database
B. Users' ability to submit queries to the database
C. Users' ability to indirectly modify the database
D. Users' ability to directly view the database
View answer
Correct Answer: B

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: