ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 11

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 1121

Question

Which of the following will BEST provide an organization with ongoing assurance of the information security services provided by a cloud provider?

A. Continuous monitoring of an information security risk profile
B. Evaluating the provider’s security incident response plan
C. Requiring periodic self-assessment by the provider
D. Ensuring the provider’s roles and responsibilities are established

Answer

A. Continuous monitoring of an information security risk profile

CISA Question 1122

Question

What should be the PRIMARY objective of conducting interviews with business unit managers when developing an information security strategy?

A. Obtain information on department goals.
B. Classify information assets.
C. Identify data and system ownership.
D. Determine information types.

Answer

A. Obtain information on department goals.

CISA Question 1123

Question

When an operating system is being hardened, it is MOST important for an information security manager to ensure that:

A. default passwords are changed.
B. anonymous access is removed.
C. file access is restricted.
D. system logs are activated.

Answer

A. default passwords are changed.

CISA Question 1124

Question

The selection of security controls is PRIMARILY linked to:

A. risk appetite of the organization.
B. regulatory requirements.
C. business impact assessment.
D. best practices of similar organizations.

Answer

C. business impact assessment.

CISA Question 1125

Question

Which of the following is the MOST beneficial outcome of testing an incident response plan?

A. The plan is enhanced to reflect the findings of the test.
B. Test plan results are documented.
C. Incident response time is improved.
D. The response includes escalation to senior management.

Answer

C. Incident response time is improved.

CISA Question 1126

Question

An information security manager reads a media report of a new type of malware attack. Who should be notified FIRST?

A. Security operations team
B. Data owners
C. Communications department
D. Application owners

Answer

A. Security operations team

CISA Question 1127

Question

A company has purchased a rival organization and is looking to integrate security strategies. Which of the following is the GREATEST issue to consider?

A. The organizations have different risk appetites
B. Differing security technologies
C. Differing security skills within the organizations
D. Confidential information could be leaked

Answer

A. The organizations have different risk appetites

CISA Question 1128

Question

Which is MOST important when contracting an external party to perform a penetration test?

A. Obtain approval from IT management.
B. Define the project scope.
C. Increase the frequency of log reviews.
D. Provide network documentation.

Answer

B. Define the project scope.

CISA Question 1129

Question

An organization is considering moving one of its critical business applications to a cloud hosting service. The cloud provider may not provide the same level of security for this application as the organization. Which of the following will provide the BEST information to help maintain the security posture?

A. Risk assessment
B. Cloud security strategy
C. Vulnerability assessment
D. Risk governance framework

Answer

A. Risk assessment

CISA Question 1130

Question

The GREATEST benefit of choosing a private cloud over a public cloud would be:

A. server protection.
B. online service availability.
C. containment of customer data.
D. collection of data forensics.

Answer

C. containment of customer data.