Online Access Free ISACA.CISA.v2025-06-20.q647 Practice Test (Page 110)

CISA Exam Question 541

Which of the following should be of MOST concern to an IS auditor reviewing an organization's operational log management?

A.Data formats have not been standardized across all logs.

B.Critical events are being logged to immutable log files.

C.Applications are logging events into multiple log files.

D.Log file size has grown year over year.

CISA Exam Question 542

To help determine whether a controls-reliant approach to auditing financial systems in a company should be used, which sequence of IS audit work is MOST appropriate?

A.Detailed examination of financial transactions followed by review of the general ledger

B.Review of major financial applications followed by a review of IT governance processes

C.Review of application controls followed by a test of key business process controls

D.Review of the general IS controls followed by a review of the application controls

CISA Exam Question 543

An audit has identified that business units have purchased cloud-based applications without IPs support. What is the GREATEST risk associated with this situation?

A.The applications are not included in business continuity plans (BCFs)

B.The applications may not reasonably protect data.

C.The application purchases did not follow procurement policy.

D.The applications could be modified without advanced notice.

Correct Answer: B

The greatest risk associated with the situation of business units purchasing cloud-based applications without IT support is that the applications may not reasonably protect data. Cloud-based applications are software applications that run on the internet, rather than on a local device or network. Cloud-based applications offer manybenefits, such as scalability, accessibility, and cost-effectiveness, but they also pose many challenges and risks, especially for data security1.
Data security is the process of protecting data from unauthorized access, use, modification, disclosure, or destruction. Data security is essential for ensuring the confidentiality, integrity, and availability of data, as well as complying with legal and regulatory requirements. Data security is especially important for cloud- based applications, as data are stored and processed on remote servers that are owned and managed by third- party cloud service providers (CSPs)2.
When business units purchase cloud-based applications without IT support, they may not be aware of or follow the best practices and standards for data security in the cloud. They may not performadequate risk assessments, vendor evaluations, contract reviews, or audits to ensure that the CSPs and the applications meet the organization's data security policies and expectations. They may not implement appropriate data encryption, backup, recovery, or disposal methods to protect the data in transit and at rest. They may not monitor or control the access and usage of the data by internal or external users. They may not report or respond to any data breaches or incidents that may occur3.
These actions or inactions may expose the organization's data to various threats and vulnerabilities in the cloud, such as cyberattacks, human errors, malicious insiders, misconfigurations, or legal disputes. These threats and vulnerabilities may result in data loss, leakage, corruption, or compromise, which may have serious consequences for theorganization's reputation, operations, performance, compliance, and liability4.
Therefore, it is essential that business units consult and collaborate with IT support before purchasing any cloud-based applications, and follow the organization's guidelines and procedures for cloud security. IT support can help business units to select and use cloud-based applications that are suitable and secure for their needs and objectives.
References:
* Top 5 Risks With Cloud Software and How to Mitigate Them4
* Mitigate risksand secure your cloud-native applications3
* 12 Risks, Threats & Vulnerabilities in Moving to the Cloud2
* Best Practices to Manage Risks in the Cloud1

CISA Exam Question 544

An IT strategic plan that BEST leverages IT in achieving organizational goals will include:

A.a comparison of future needs against current capabilities.

B.a risk-based ranking of projects.

C.enterprise architecture (EA) impacts.

D.IT budgets linked to the organization's budget.

Correct Answer: C

An IT strategic plan that best leverages IT in achieving organizational goals will include enterprise architecture (EA) impacts. EA is the practice of analyzing, designing, planning, and implementing enterprise analysis to successfully execute on business strategies1. EA helps organizations structure IT projects and policies to align with business goals, to stay agile and resilient in the face of rapid change, and to stay on top of industry trends and disruptions1. EA also describes an organization's processes, information processes and personnel and other organizational subunits aligned with the organization's core goals and strategies2. By including EA impacts in the IT strategic plan, an organization can ensure that the IT initiatives are consistent with the business vision, objectives, and tactics, and that they support the desired business outcomes3.
A comparison of future needs against current capabilities, a risk-based ranking of projects, and IT budgets linked to the organization's budget are all important elements of an IT strategic plan, but they do not necessarily leverage IT in achieving organizational goals. A comparison of future needsagainst current capabilities can help identify gaps and opportunities for improvement, but it does not provide a clear direction or roadmap for how to achieve them. A risk-based ranking of projects can help prioritize the most critical and beneficial projects, but it does not ensure that they are aligned with the business strategy or that they deliver value to the stakeholders. IT budgets linked to the organization's budget can help allocate resources and monitor costs, but they do not reflect the impact or contribution of IT to the business performance or growth.
References:
Implement Agile IT Strategic Planning with Enterprise Architecture - The Open Group Blog What is enterprise architecture? A framework for transformation | CIO Strategic Planning and Enterprise Architecture

CISA Exam Question 545

An organization produces control reports with a desktop application that accesses data in the central production database. Which of the following would give an IS auditor concern about the reliability of these reports?

A.The reports are printed by the same person who reviews them.

B.The report definitions can be modified by end users.

C.The report definitions file is not included in routine backups.

D.The reports are available to all end users.

Other Version: 1805ISACA.CISA.v2025-06-11.q606; 2254ISACA.CISA.v2023-03-04.q272; 2353ISACA.CISA.v2022-10-31.q203; 2452ISACA.CISA.v2022-03-29.q126; 123ISACA.Examprepaway.CISA.v2022-02-10.by.barret.126q.pdf; 8606ISACA.CISA.v2021-11-29.q567; 36ISACA.Actualvce.CISA.v2021-08-31.by.ralap.101q.pdf

Latest Upload: 292ISACA.CGEIT.v2025-09-19.q537; 155Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62; 155Scrum.SAFe-Practitioner.v2025-09-18.q63; 146Workday.Workday-Prism-Analytics.v2025-09-17.q17; 131Oracle.1Z0-1055-24.v2025-09-17.q28; 129Oracle.1Z1-182.v2025-09-17.q32; 245Nutanix.NCP-US-6.5.v2025-09-16.q73; 266Oracle.1z0-071.v2025-09-16.q232; 203Oracle.1Z1-922.v2025-09-16.q125; 326CyberArk.PAM-CDE-RECERT.v2025-09-15.q100

CISA Exam Question 541

CISA Exam Question 542

CISA Exam Question 543

CISA Exam Question 544

CISA Exam Question 545

Download PDF File