The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1201
- Question
- Answer
- Explanation
- CISA Question 1202
- Question
- Answer
- Explanation
- CISA Question 1203
- Question
- Answer
- Explanation
- CISA Question 1204
- Question
- Answer
- Explanation
- CISA Question 1205
- Question
- Answer
- Explanation
- CISA Question 1206
- Question
- Answer
- Explanation
- CISA Question 1207
- Question
- Answer
- Explanation
- CISA Question 1208
- Question
- Answer
- Explanation
- CISA Question 1209
- Question
- Answer
- Explanation
- CISA Question 1210
- Question
- Answer
- Explanation
CISA Question 1201
Question
Which of the following could lead to an unintentional loss of confidentiality?
A. Lack of employee awareness of a company’s information security policy
B. Failure to comply with a company’s information security policy
C. A momentary lapse of reason
D. Lack of security policy enforcement procedures
Answer
A. Lack of employee awareness of a company’s information security policy
Explanation
Lack of employee awareness of a company’s information security policy could lead to an unintentional loss of confidentiality.
CISA Question 1202
Question
If senior management is not committed to strategic planning, how likely is it that a company’s implementation of IT will be successful?
A. IT cannot be implemented if senior management is not committed to strategic planning.
B. More likely.
C. Less likely.
D. Strategic planning does not affect the success of a company’s implementation of IT.
Answer
C. Less likely.
Explanation
A company’s implementation of IT will be less likely to succeed if senior management is not committed to strategic planning.
CISA Question 1203
Question
Key verification is one of the best controls for ensuring that:
A. Data is entered correctly
B. Only authorized cryptographic keys are used
C. Input is authorized
D. Database indexing is performed properly
Answer
A. Data is entered correctly
Explanation
Key verification is one of the best controls for ensuring that data is entered correctly.
CISA Question 1204
Question
Batch control reconciliation is a _____________________ (fill the blank) control for mitigating risk of inadequate segregation of duties.
A. Detective
B. Corrective
C. Preventative
D. Compensatory
Answer
D. Compensatory
Explanation
Batch control reconciliations is a compensatory control for mitigating risk of inadequate segregation of duties.
CISA Question 1205
Question
A core tenant of an IS strategy is that it must:
A. Be inexpensive
B. Be protected as sensitive confidential information
C. Protect information confidentiality, integrity, and availability
D. Support the business objectives of the organization
Answer
D. Support the business objectives of the organization
Explanation
Above all else, an IS strategy must support the business objectives of the organization.
CISA Question 1206
Question
Proper segregation of duties normally does not prohibit a LAN administrator from also having programming responsibilities. True or false?
A. True
B. False
Answer
B. False
Explanation
Proper segregation of duties normally prohibits a LAN administrator from also having programming responsibilities.
CISA Question 1207
Question
Who is ultimately accountable for the development of an IS security policy?
A. The board of directors
B. Middle management
C. Security administrators
D. Network administrators
Answer
A. The board of directors
Explanation
The board of directors is ultimately accountable for the development of an IS security policy.
CISA Question 1208
Question
What should an IS auditor do if he or she observes that project-approval procedures do not exist?
A. Advise senior management to invest in project-management training for the staff
B. Create project-approval procedures for future project implementations
C. Assign project leaders
D. Recommend to management that formal approval procedures be adopted and documented
Answer
D. Recommend to management that formal approval procedures be adopted and documented
Explanation
If an IS auditor observes that project-approval procedures do not exist, the IS auditor should recommend to management that formal approval procedures be adopted and documented.
CISA Question 1209
Question
Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. True or false?
A. True
B. False
Answer
A. True
Explanation
Proper segregation of duties prohibits a system analyst from performing quality-assurance functions.
CISA Question 1210
Question
Who is accountable for maintaining appropriate security measures over information assets?
A. Data and systems owners
B. Data and systems users
C. Data and systems custodians
D. Data and systems auditors
Answer
A. Data and systems owners
Explanation
Data and systems owners are accountable for maintaining appropriate security measures over information assets.