The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 81
- Question
- Answer
- Explanation
- CISA Question 82
- Question
- Answer
- Explanation
- CISA Question 83
- Question
- Answer
- CISA Question 84
- Question
- Answer
- CISA Question 85
- Question
- Answer
- CISA Question 86
- Question
- Answer
- CISA Question 87
- Question
- Answer
- CISA Question 88
- Question
- Answer
- CISA Question 89
- Question
- Answer
- CISA Question 90
- Question
- Answer
CISA Question 81
Question
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to- consumer transactions via the internet?
A. Customers are widely dispersed geographically, but the certificate authorities are not.
B. Customers can make their transactions from any computer or mobile device.
C. The certificate authority has several data processing subcenters to administer certificates.
D. The organization is the owner of the certificate authority.
Answer
D. The organization is the owner of the certificate authority.
Explanation
If the certificate authority belongs to the same organization, this would generate a conflict of interest. That is, if a customer wanted to repudiate a transaction, they could allege that because of the shared interests, an unlawful agreement exists between the parties generating the certificates, if a customer wanted to repudiate a transaction, they could argue that there exists a bribery between the parties to generate the certificates, as shared interests exist. The other options are not weaknesses.
CISA Question 82
Question
Applying a digital signature to data traveling in a network provides:
A. confidentiality and integrity.
B. security and nonrepudiation.
C. integrity and nonrepudiation.
D. confidentiality and nonrepudiation.
Answer
C. integrity and nonrepudiation.
Explanation
The process of applying a mathematical algorithm to the data that travel in the network and placing the results of this operation with the hash data is used for controlling data integrity, since any unauthorized modification to this data would result in a different hash. The application of a digital signature would accomplish the non-repudiation of the delivery of the message. The term security is a broad concept and not a specific one. In addition to a hash and a digital signature, confidentiality is applied when an encryption process exists.
CISA Question 83
Question
An IS auditor observes that a business-critical application does not currently have any level of fault tolerance. Which of the following is the GREATEST concern with this situation?
A. Degradation of services
B. Limited tolerance for damage
C. Decreased mean time between failure (MTBF)
D. Single point of failure
Answer
D. Single point of failure
CISA Question 84
Question
Which of the following is the BEST recommendation to prevent fraudulent electronic funds transfers by accounts payable employees?
A. Re-keying of monetary amounts
B. Dual control
C. Periodic vendor reviews
D. Independent reconciliation
Answer
B. Dual control
CISA Question 85
Question
An organization allows employees to retain confidential data on personal mobile devices. Which of the following is the BEST recommendation to mitigate the risk of data leakage from lost or stolen devices?
A. Require employees to attend security awareness training
B. Password protect critical data files
C. Enable device auto-lock function
D. Configure to auto-wipe after multiple failed access attempts
Answer
B. Password protect critical data files
CISA Question 86
Question
An organization uses multiple offsite data center facilities. Which of the following is MOST important to consider when choosing related backup devices and media?
A. Associated costs
B. Standardization
C. Backup media capacity
D. Restoration speed
Answer
D. Restoration speed
CISA Question 87
Question
Which type of attack poses the GREATEST risk to an organization’s most sensitive data?
A. Password attack
B. Eavesdropping attack
C. Spear phishing attack
D. Insider attack
Answer
D. Insider attack
CISA Question 88
Question
What is BEST for an IS auditor to review when assessing the effectiveness of changes recently made to processes and tools related to an organization’s business continuity plan (BCP)?
A. Change management processes
B. Completed test plans
C. Updated inventory of systems
D. Full test results
Answer
D. Full test results
CISA Question 89
Question
An IS auditor is reviewing an organization’s business continuity plan (BCP) following a change in organizational structure with significant impact to business processes. Which of the following findings should be the auditor’s GREATEST concern?
A. Copies of the BCP have not been distributed to new business unit end users since the reorganization
B. The most recent business impact analysis (BIA) was performed two years before the reorganization
C. A test plan for the BCP has not been completed during the last two years
D. Key business process end users did not participate in the business impact analysis (BIA)
Answer
B. The most recent business impact analysis (BIA) was performed two years before the reorganization
CISA Question 90
Question
A USB device containing sensitive production data was lost by an employee, and its contents were subsequently found published online. Which of the following controls is the BEST recommendation to prevent a similar recurrence?
A. Training users on USB device security
B. Monitoring data being downloaded on USB devices
C. Electronically tracking portable devices
D. Using a strong encryption algorithm
Answer
A. Training users on USB device security