The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1131
- Question
- Answer
- CISA Question 1132
- Question
- Answer
- CISA Question 1133
- Question
- Answer
- CISA Question 1134
- Question
- Answer
- CISA Question 1135
- Question
- Answer
- CISA Question 1136
- Question
- Answer
- CISA Question 1137
- Question
- Answer
- CISA Question 1138
- Question
- Answer
- CISA Question 1139
- Question
- Answer
- CISA Question 1140
- Question
- Answer
- Explanation
CISA Question 1131
Question
Utilizing external resources for highly technical information security tasks allows an information security manager to:
A. transfer business risk.
B. distribute technology risk.
C. outsource responsibility.
D. leverage limited resources.
Answer
A. transfer business risk.
CISA Question 1132
Question
Which of the following is a PRIMARY security responsibility of an information owner?
A. Determining the controls associated with information classification
B. Testing information classification controls
C. Maintaining the integrity of data in the information systems
D. Deciding what level of classification the information requires
Answer
C. Maintaining the integrity of data in the information systems
CISA Question 1133
Question
Which of the following is the MOST important consideration when designing information security architecture?
A. Risk management parameters for the organization are defined.
B. The existing threat landscape is monitored.
C. The information security architecture is aligned with industry standards.
D. The level of security supported is based on business decisions.
Answer
D. The level of security supported is based on business decisions.
CISA Question 1134
Question
Which of the following is the MOST important factor when determining the frequency of information security risk reassessment?
A. Audit findings
B. Risk priority
C. Mitigating controls
D. Risk metrics
Answer
D. Risk metrics
CISA Question 1135
Question
To ensure appropriate control of information processed in IT systems, security safeguards should be based PRIMARILY on:
A. established guidelines.
B. overall IT capacity and operational constraints.
C. efficient technical processing considerations.
D. criteria consistent with classification levels.
Answer
A. established guidelines.
CISA Question 1136
Question
Which of the following is the MOST important prerequisite to performing an information security assessment?
A. Reviewing the business impact analysis (BIA)
B. Assessing threats and vulnerabilities
C. Determining risk tolerance
D. Classifying assets
Answer
D. Classifying assets
CISA Question 1137
Question
Which of the following BEST supports the risk assessment process to determine criticality of an asset?
A. Threat assessment
B. Residual risk analysis
C. Vulnerability assessment
D. Business impact analysis (BIA)
Answer
D. Business impact analysis (BIA)
CISA Question 1138
Question
An e-commerce enterprise’s disaster recovery (DR) site has 30% less processing capability than the primary site. Based on this information, which of the following presents the GREATEST risk?
A. Network firewalls and database firewalls at the DR site do not provide high availability.
B. No disaster recovery plan (DRP) testing has been performed during the last six months.
C. The DR site is in a shared location that hosts multiple other enterprises.
D. The DR site has not undergone testing to confirm its effectiveness.
Answer
D. The DR site has not undergone testing to confirm its effectiveness.
CISA Question 1139
Question
Which of the following is the PRIMARY concern if a business continuity plan (BCP) is not based on a business impact analysis (BIA)?
A. The critical systems were not identified, but all systems are covered in the BCP.
B. The knowledge of key people within the organization was not considered in the BCP.
C. The strategy of the BCP does not reflect estimated potential losses.
D. Management was not involved in the early stages of the BCP.
Answer
D. Management was not involved in the early stages of the BCP.
CISA Question 1140
Question
Which of the following is a program evaluation review technique that considers different scenarios for planning and control projects?
A. Function Point Analysis (FPA)
B. GANTT
C. Rapid Application Development (RAD)
D. PERT
Answer
D. PERT
Explanation
PERT is a program-evaluation review technique that considers different scenarios for planning and control projects.