The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 91
- Question
- Answer
- CISA Question 92
- Question
- Answer
- CISA Question 93
- Question
- Answer
- CISA Question 94
- Question
- Answer
- CISA Question 95
- Question
- Answer
- CISA Question 96
- Question
- Answer
- CISA Question 97
- Question
- Answer
- CISA Question 98
- Question
- Answer
- CISA Question 99
- Question
- Answer
- CISA Question 100
- Question
- Answer
CISA Question 91
Question
Which of the following is MOST effective in detecting an intrusion attempt?
A. Installing biometrics-based authentication
B. Analyzing system logs
C. Using smart cards with one-time passwords
D. Using packet filter software
Answer
A. Installing biometrics-based authentication
CISA Question 92
Question
Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?
A. File Transfer Protocol (FTP)
B. Application level firewalls
C. Instant messaging policy
D. File level encryption
Answer
B. Application level firewalls
CISA Question 93
Question
Which of the following types of firewalls provide the GREATEST degree of control against hacker intrusion?
A. Screening router
B. Packet filtering router
C. Application level gateway
D. Circuit gateway
Answer
C. Application level gateway
CISA Question 94
Question
Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system?
A. Blocking external IM traffic
B. Blocking attachments in IM
C. Allowing only corporate IM solutions
D. Encrypting IM traffic
Answer
B. Blocking attachments in IM
CISA Question 95
Question
An organization shares some of its customers’ personally identifiable information (PII) with third-party suppliers for business purposes. What is MOST important for the IS auditor to evaluate to ensure that risk associated with leakage of privacy-related data during transmission is effectively managed?
A. Encrypting and masking of customer data
B. The third party’s privacy and data security policies
C. Nondisclosure and indemnity agreements
D. Service and operational level agreements
Answer
A. Encrypting and masking of customer data
CISA Question 96
Question
An organization sends daily backup media by courier to an offsite location. Which of the following provides the BEST evidence that the media is transported reliably?
A. Documented backup media transport procedures
B. Certification of the courier company
C. Deliver schedule of the backup media
D. Signed acknowledgements by offsite manager
Answer
D. Signed acknowledgements by offsite manager
CISA Question 97
Question
During an audit of a disaster recovery plan (DRP) for a critical business area, an IS auditor finds that not all critical systems are covered. What should the auditor do NEXT?
A. Evaluate the impact of not covering the systems
B. Escalate the finding to senior management
C. Evaluate the prior year’s audit results regarding critical system coverage
D. Verify whether the systems are part of the business impact analysis (BIA)
Answer
A. Evaluate the impact of not covering the systems
CISA Question 98
Question
Which of the following would an IS auditor recommend as the MOST effective preventive control to reduce the risk of data leakage?
A. Ensure that paper documents are disposed securely.
B. Verify that application logs capture any changes made.
C. Implement an intrusion detection system (IDS).
D. Validate all data files contain digital watermarks.
Answer
D. Validate all data files contain digital watermarks.
CISA Question 99
Question
Which of the following is the PRIMARY concern when negotiating a contract for a hot site?
A. Complete testing of the recovery plan
B. Availability of the site in the event of multiple disaster declarations
C. Reciprocal agreements with other organizations
D. Coordination with the site staff in the event of multiple disaster declarations
Answer
B. Availability of the site in the event of multiple disaster declarations
CISA Question 100
Question
Which of the following is MOST important to ensure when reviewing a global organization’s controls to protect data held on its IT infrastructure across all of its locations?
A. The threat of natural disasters in each location hosting infrastructure has been accounted for.
B. The capacity of underlying communications infrastructure in the host locations is sufficient.
C. Technical capabilities exist in each location to manage the data and recovery operations.
D. Relevant data protection legislation and regulations for each location are adhered to.
Answer
D. Relevant data protection legislation and regulations for each location are adhered to.