The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1161
- Question
- Answer
- Explanation
- CISA Question 1162
- Question
- Answer
- Explanation
- CISA Question 1163
- Question
- Answer
- Explanation
- CISA Question 1164
- Question
- Answer
- Explanation
- CISA Question 1165
- Question
- Answer
- Explanation
- CISA Question 1166
- Question
- Answer
- Explanation
- CISA Question 1167
- Question
- Answer
- Explanation
- CISA Question 1168
- Question
- Answer
- Explanation
- CISA Question 1169
- Question
- Answer
- Explanation
- CISA Question 1170
- Question
- Answer
- Explanation
CISA Question 1161
Question
What type of BCP test uses actual resources to simulate a system crash and validate the plan’s effectiveness?
A. Paper
B. Preparedness
C. Walk-through
D. Parallel
Answer
B. Preparedness
Explanation
Of the three major types of BCP tests (paper, walk-through, and preparedness), only the preparedness test uses actual resources to simulate a system crash and validate the plan’s effectiveness.
CISA Question 1162
Question
Which of the following is MOST is critical during the business impact assessment phase of business continuity planning?
A. End-user involvement
B. Senior management involvement
C. Security administration involvement
D. IS auditing involvement
Answer
A. End-user involvement
Explanation
End-user involvement is critical during the business impact assessment phase of business continuity planning.
CISA Question 1163
Question
Establishing data ownership is an important first step for which of the following processes?
A. Assigning user access privileges
B. Developing organizational security policies
C. Creating roles and responsibilities
D. Classifying data
Answer
D. Classifying data
Explanation
To properly implement data classification, establishing data ownership is an important first step.
CISA Question 1164
Question
Who is ultimately responsible and accountable for reviewing user access to systems?
A. Systems security administrators
B. Data custodians
C. Data owners
D. Information systems auditors
Answer
C. Data owners
Explanation
Data owners are ultimately responsible and accountable for reviewing user access to systems.
CISA Question 1165
Question
Which of the following is used to evaluate biometric access controls?
A. FAR
B. EER
C. ERR
D. FRR
Answer
B. EER
Explanation
When evaluating biometric access controls, a low equal error rate (EER) is preferred. EER is also called the crossover error rate (CER).
CISA Question 1166
Question
Which of the following is BEST characterized by unauthorized modification of data before or during systems data entry?
A. Data diddling
B. Skimming
C. Data corruption
D. Salami attack
Answer
A. Data diddling
Explanation
Data diddling involves modifying data before or during systems data entry.
CISA Question 1167
Question
What is the key distinction between encryption and hashing algorithms?
A. Hashing algorithms ensure data confidentiality.
B. Hashing algorithms are irreversible.
C. Encryption algorithms ensure data integrity.
D. Encryption algorithms are not irreversible.
Answer
B. Hashing algorithms are irreversible.
Explanation
A key distinction between encryption and hashing algorithms is that hashing algorithms are irreversible.
CISA Question 1168
Question
What can ISPs use to implement inbound traffic filtering as a control to identify IP packets transmitted from unauthorized sources?
A. OSI Layer 2 switches with packet filtering enabled
B. Virtual Private Networks
C. Access Control Lists (ACL)
D. Point-to-Point Tunneling Protocol
Answer
C. Access Control Lists (ACL)
Explanation
ISPs can use access control lists to implement inbound traffic filtering as a control to identify IP packets transmitted from unauthorized sources.
CISA Question 1169
Question
What is an effective countermeasure for the vulnerability of data entry operators potentially leaving their computers without logging off?
A. Employee security awareness training
B. Administrator alerts
C. Screensaver passwords
D. Close supervision
Answer
C. Screensaver passwords
Explanation
Screensaver passwords are an effective control to implement as a countermeasure for the vulnerability of data entry operators potentially leaving their computers without logging off.
CISA Question 1170
Question
Which of the following provides the strongest authentication for physical access control?
A. Sign-in logs
B. Dynamic passwords
C. Key verification
D. Biometrics
Answer
D. Biometrics
Explanation
Biometrics can be used to provide excellent physical access control.