ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 13

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 1391

Question

After assessing risk, the decision to treat the risk should be based PRIMARILY on:

A. whether the level of risk exceeds risk appetite
B. availability of financial resources
C. whether the level of risk exceeds inherent risk
D. the criticality of the risk

Answer

D. the criticality of the risk

CISA Question 1392

Question

The recovery point objective (RPO) is required in which of the following?

A. Information security plan
B. Incident response plan
C. Disaster recovery plan
D. Business continuity plan

Answer

D. Business continuity plan

CISA Question 1393

Question

Which of the following is MOST likely to prevent social engineering attacks?

A. Security awareness program
B. Employee background checks
C. Implementing positive identification policies
D. Enforcing stronger hiring policies

Answer

A. Security awareness program

CISA Question 1394

Question

Which of the following would provide the BEST justification for a new information security investment?

A. Defined key performance indicators (KPIs)
B. Projected reduction in risk
C. Results of a comprehensive threat analysis
D. Senior management involvement in project prioritization

Answer

C. Results of a comprehensive threat analysis

CISA Question 1395

Question

Which of the following needs be established FIRST in order to categorize data properly?

A. A data protection policy
B. A data classification framework
C. A data asset inventory
D. A data asset protection standard

Answer

B. A data classification framework

CISA Question 1396

Question

Which of the following is the BEST way to identify the potential impact of a successful attack on an organization’s mission critical applications?

A. Execute regular vulnerability scans
B. Conduct penetration testing
C. Perform an application vulnerability review
D. Perform an independent code review

Answer

B. Conduct penetration testing

CISA Question 1397

Question

A third-party service provider has proposed a data loss prevention (DLP) solution. Which of the following MUST be in place for this solution to be relevant to the organization?

A. An adequate data testing environment
B. Senior management support
C. A business case
D. A data classification

Answer

C. A business case

CISA Question 1398

Question

When performing a data classification project, an information security manager should:

A. assign information critically and sensitivity
B. identify information owners
C. identify information custodians
D. assign information access privileges

Answer

A. assign information critically and sensitivity

CISA Question 1399

Question

Business applications should be selected for disaster recovery testing on the basis of:

A. the results of contingency desktop checks
B. the number of failure points that are being tested
C. recovery time objectives (RTOs)
D. criticality to the enterprise

Answer

C. recovery time objectives (RTOs)

CISA Question 1400

Question

When building a corporate-wide business continuity plan, it is discovered there are two separate lines of business systems that could be impacted by the same threat. Which of the following is the BEST method to determine the priority of systems recovery in the event of a disaster?

A. Reviewing the business plans of each department
B. Evaluating the cost associated with each system‘s outage
C. Reviewing each system‘s key performance indicators (KPIs)
D. Comparing the recovery point objectives (RPOs)

Answer

B. Evaluating the cost associated with each system‘s outage