Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 571:

  Which of the following is the GREATEST advantage of maintaining an internal IS audit function within an organization?

  A. Increased independence and impartiality of recommendations
  B. Better understanding of the business and processes
  C. Ability to negotiate recommendations with management
  D. Increased IS audit staff visibility and availability throughout the year
  B. Better understanding of the business and processes

  ---

  Explanation

• Question 572:

  During a project audit, an IS auditor notes that project reporting does not accurately reflect current progress. Which of the following is the GREATEST resulting impact?

  A. The project manager will have to be replaced.
  B. The project reporting to the board of directors will be incomplete.
  C. The project steering committee cannot provide effective governance.
  D. The project will not withstand a quality assurance (QA) review.
  C. The project steering committee cannot provide effective governance.

  ---

  Explanation

  The greatest resulting impact of project reporting not accurately reflecting current progress is that the project steering committee cannot provide effective governance. The project steering committee is a group of senior executives or stakeholders who oversee the project and provide strategic direction, guidance, and support. The project steering committee relies on accurate and timely project reporting to monitor the project's status, performance, risks, issues, and changes. If the project reporting is inaccurate, the project steering committee cannot make informed decisions, resolve problems, allocate resources, or ensure alignment with the organizational goals and objectives. The other options are not as impactful as option

  C. The project manager will have to be replaced is a possible consequence, but not the greatest impact, of inaccurate project reporting. The project manager is responsible for planning, executing, monitoring, controlling, and closing the project. The project manager may face disciplinary actions or termination if they fail to provide accurate and honest project reporting. However, this does not necessarily affect the overall governance of the project. The project reporting to the board of directors will be incomplete is a potential risk, but not the greatest impact, of inaccurate project reporting. The board of directors is the highest governing body of an organization that sets the vision, mission, values, and policies. The board of directors may receive periodic or ad hoc project reporting to ensure that the project is aligned with the organizational strategy and delivers value. If the project reporting is inaccurate, the board of directors may lose confidence in the project or intervene in its management. However, this does not directly affect the day-to-day governance of the project. The project will not withstand a quality assurance (QA) review is a possible outcome, but not the greatest impact, of inaccurate project reporting. A quality assurance review is a process to evaluate the quality of the project's processes and deliverables against predefined standards and criteria. A quality assurance review may reveal discrepancies or errors in the project reporting that may affect the credibility and reliability of the project. However, this does not necessarily affect the governance of the project.

  References: Project Steering Committee - Roles and Responsibilities, Project Reporting Best Practices, Quality Assurance in Project Management

• Question 573:

  Which of the following is the MOST important consideration when incorporating data analytics into an audit?

  A. Ability of the auditor to perform complex analysis
  B. Availability and cost of the tools
  C. Complexity of the data and related audit process
  D. Availability and quality of data
  C. Complexity of the data and related audit process

  ---

  Explanation

• Question 574:

  An IS auditor has obtained a large complex data set for analysis. Which of the following activities will MOST improve the output from the use of data analytics tools?

  A. Data classification
  B. Data preparation
  C. Data masking
  D. Data anonymization
  B. Data preparation

  ---

  Explanation

• Question 575:

  While reviewing the effectiveness of an incident response program, an IS auditor notices a high number of reported incidents involving malware originating from removable media found by employees. Which of the following is the MOST appropriate recommendation to management?

  A. Restrict access to removable media ports on company devices.
  B. Install an additional antivirus program to increase protection.
  C. Ensure the antivirus program contains up-to-date signature files for all company devices.
  D. Implement an organization-wide removable media policy.
  D. Implement an organization-wide removable media policy.

  ---

  Explanation

• Question 576:

  Which of the following is the BEST sampling method to use when relatively few errors are expected to be found in a population?

  A. Variable sampling
  B. Judgmental sampling
  C. Stop-or-go sampling
  D. Discovery sampling
  D. Discovery sampling

  ---

  Explanation

  Discovery sampling is a type of statistical sampling that's used when the expected error rate in the population is very low1. This method is designed to discover at least one instance of an attribute or condition in a population1. It's often used in

  auditing to uncover fraud or noncompliance with rules and regulations.

  References:

  What are sampling methods and how do you choose the best one?

• Question 577:

  A company is using a software developer for a project. At which of the following points should the software quality assurance (QA) plan be developed?

  A. As part of software definition
  B. During the feasibility phase
  C. Prior to acceptance testing
  D. As part of the design phase
  D. As part of the design phase

  ---

  Explanation

• Question 578:

  In an organization that has undergone an expansion through an acquisition, which of the following would BEST secure the enterprise network?

  A. Business or role-based segmentation
  B. Using security groups
  C. Log analysis of system access
  D. Encryption of data traversing networks.
  B. Using security groups

  ---

  Explanation

• Question 579:

  Coding standards provide which of the following?

  A. Program documentation
  B. Access control tables
  C. Data flow diagrams
  D. Field naming conventions
  D. Field naming conventions

  ---

  Explanation

  Coding standards provide field naming conventions, which are rules for naming variables, constants, functions, classes, and other elements in a program. Coding standards help to ensure consistency, readability, maintainability, and portability of code. Program documentation, access control tables, and data flow diagrams are not part of coding standards.

  References: CISA Review Manual (Digital Version), Chapter 4, Section 4.3.1

• Question 580:

  The management of a small e-commerce firm is concerned about the impact of AI adoption on its intellectual property. Which of the following BEST addresses this concern?

  A. Developing an AI acceptable use policy
  B. Sanctioning employees for using generative AI
  C. Performing manual reviews of AI web traffic logs
  D. Deny-listing chat-based AI websites and plugins
  A. Developing an AI acceptable use policy

  ---

  Explanation

  Explanation