CISA EXAM STUDY QUESTIONS
AND 100% CORRECT ANSWERS!!
Question #:7 - (Exam Topic 3)
Which of the following is MOST important to determine during the planning phase of
a cloud-based messaging and collaboration platform acquisition? A. Role-based access
control policies
B. Types of data that can be uploaded to the platform
C. Processes for on-boarding and off-boarding users to the platform
D. Processes for reviewing administrator activity
B. Types of data that can be uploaded to the platform.
Question #:9 - (Exam Topic 3) Audit frameworks cart assist the IS audit function by:
A. defining the authority and responsibility of the IS audit function.
B. providing details on how to execute the audit program.
C. providing direction and information regarding the performance of
audits. D. outlining the specific steps needed to complete audits
C. providing direction and information regarding the performance of audits.
Question #:10 - (Exam Topic 3)
An IS auditor is reviewing processes for importing market price data from external data
providers. Which of the following findings should the auditor consider MOST critical?
A. The quality of the data is not monitored.
B. Imported data is not disposed frequently.
C. The transfer protocol is not encrypted.
D. The transfer protocol does not require authentication.
,A. The quality of the data is not monitored.
Question #:11 - (Exam Topic 3)
Which of the following is the BEST approach for determining the overall IT risk appetite
of an organization when business units use different methods for managing IT risks? A.
Average the business units' IT risk levels
B. Identify the highest-rated IT risk level among the business units
C. Prioritize the organization's IT risk scenarios
D. Establish a global IT risk scoring criteria
D. Establish a global IT risk scoring criteria.
Question #:13 - (Exam Topic 3)
Which of the following is the BEST metric to measure the alignment of IT and
business strategy?
A. Level of stakeholder satisfaction with the scope of planned IT projects
B. Percentage of enterprise risk assessments that include IT-related risk
C. Percentage of stat satisfied with their IT-related roles
D. Frequency of business process capability maturity assessments
B. Percentage of enterprise risk assessments that include IT-related risk.
Question #:15 - (Exam Topic 3)
The PRIMARY benefit of information asset classification is that it:
A. prevents loss of assets.
B. helps to align organizational objectives.
C. facilitates budgeting accuracy.
D. enables risk management decisions.
D. enables risk management decisions.
Question #:16 - (Exam Topic 3)
Which of the following IT service management activities is MOST likely to help with
identifying the root cause of repeated instances of network latency? A. Change
management
, B. Problem management
C. incident management
D. Configuration management
C. incident management.
Question #:18 - (Exam Topic 3)
Which of the following would provide an IS auditor with the GREATEST assurance that
data disposal controls support business strategic objectives? A. Media recycling policy
B. Media sanitization policy
C. Media labeling policy
D. Media shredding policy
B. Media sanitization policy.
Question #:21 - (Exam Topic 3)
Which of the following should be of GREATEST concern to an IS auditor reviewing
a network printer disposal process?
A. Disposal policies and procedures are not consistently implemented
B. Evidence is not available to verify printer hard drives have been sanitized prior to
disposal.
C. Business units are allowed to dispose printers directly
to D. Inoperable printers are stored in an unsecured area.
B. Evidence is not available to verify printer hard drives have been sanitized prior to disposal.
Question #:22 - (Exam Topic 3)
Which of the following findings should be of GREATEST concern to an IS auditor
assessing the risk associated with end-user computing (EUC) in an organization?
A. Insufficient processes to track ownership of each EUC application?
B. Insufficient processes to lest for version control
C. Lack of awareness training for EUC users
D. Lack of defined criteria for EUC applications
D. Lack of defined criteria for EUC applications.
AND 100% CORRECT ANSWERS!!
Question #:7 - (Exam Topic 3)
Which of the following is MOST important to determine during the planning phase of
a cloud-based messaging and collaboration platform acquisition? A. Role-based access
control policies
B. Types of data that can be uploaded to the platform
C. Processes for on-boarding and off-boarding users to the platform
D. Processes for reviewing administrator activity
B. Types of data that can be uploaded to the platform.
Question #:9 - (Exam Topic 3) Audit frameworks cart assist the IS audit function by:
A. defining the authority and responsibility of the IS audit function.
B. providing details on how to execute the audit program.
C. providing direction and information regarding the performance of
audits. D. outlining the specific steps needed to complete audits
C. providing direction and information regarding the performance of audits.
Question #:10 - (Exam Topic 3)
An IS auditor is reviewing processes for importing market price data from external data
providers. Which of the following findings should the auditor consider MOST critical?
A. The quality of the data is not monitored.
B. Imported data is not disposed frequently.
C. The transfer protocol is not encrypted.
D. The transfer protocol does not require authentication.
,A. The quality of the data is not monitored.
Question #:11 - (Exam Topic 3)
Which of the following is the BEST approach for determining the overall IT risk appetite
of an organization when business units use different methods for managing IT risks? A.
Average the business units' IT risk levels
B. Identify the highest-rated IT risk level among the business units
C. Prioritize the organization's IT risk scenarios
D. Establish a global IT risk scoring criteria
D. Establish a global IT risk scoring criteria.
Question #:13 - (Exam Topic 3)
Which of the following is the BEST metric to measure the alignment of IT and
business strategy?
A. Level of stakeholder satisfaction with the scope of planned IT projects
B. Percentage of enterprise risk assessments that include IT-related risk
C. Percentage of stat satisfied with their IT-related roles
D. Frequency of business process capability maturity assessments
B. Percentage of enterprise risk assessments that include IT-related risk.
Question #:15 - (Exam Topic 3)
The PRIMARY benefit of information asset classification is that it:
A. prevents loss of assets.
B. helps to align organizational objectives.
C. facilitates budgeting accuracy.
D. enables risk management decisions.
D. enables risk management decisions.
Question #:16 - (Exam Topic 3)
Which of the following IT service management activities is MOST likely to help with
identifying the root cause of repeated instances of network latency? A. Change
management
, B. Problem management
C. incident management
D. Configuration management
C. incident management.
Question #:18 - (Exam Topic 3)
Which of the following would provide an IS auditor with the GREATEST assurance that
data disposal controls support business strategic objectives? A. Media recycling policy
B. Media sanitization policy
C. Media labeling policy
D. Media shredding policy
B. Media sanitization policy.
Question #:21 - (Exam Topic 3)
Which of the following should be of GREATEST concern to an IS auditor reviewing
a network printer disposal process?
A. Disposal policies and procedures are not consistently implemented
B. Evidence is not available to verify printer hard drives have been sanitized prior to
disposal.
C. Business units are allowed to dispose printers directly
to D. Inoperable printers are stored in an unsecured area.
B. Evidence is not available to verify printer hard drives have been sanitized prior to disposal.
Question #:22 - (Exam Topic 3)
Which of the following findings should be of GREATEST concern to an IS auditor
assessing the risk associated with end-user computing (EUC) in an organization?
A. Insufficient processes to track ownership of each EUC application?
B. Insufficient processes to lest for version control
C. Lack of awareness training for EUC users
D. Lack of defined criteria for EUC applications
D. Lack of defined criteria for EUC applications.
