The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1371
- Question
- Answer
- CISA Question 1372
- Question
- Answer
- CISA Question 1373
- Question
- Answer
- Explanation
- CISA Question 1374
- Question
- Answer
- CISA Question 1375
- Question
- Answer
- CISA Question 1376
- Question
- Answer
- CISA Question 1377
- Question
- Answer
- CISA Question 1378
- Question
- Answer
- CISA Question 1379
- Question
- Answer
- CISA Question 1380
- Question
- Answer
CISA Question 1371
Question
Which of the following is the MOST effective way to reduce risk to an organization from widespread use of web-based communication technologies?
A. Publish an enterprise-wide policy outlining acceptance use of web-based communication technologies.
B. Incorporate risk awareness training for web-based communications into the IT security program.
C. Monitor staff usage of web-based communication and notify the IT security department of violations.
D. Block access from user devices to unauthorized pages that allow web-based communication.
Answer
B. Incorporate risk awareness training for web-based communications into the IT security program.
CISA Question 1372
Question
The FIRST step in establishing a firewall security policy is to determine the:
A. necessary logical access rights.
B. expected data throughput.
C. business requirements.
D. existing firewall configuration.
Answer
C. business requirements.
CISA Question 1373
Question
Which of the following is the BEST preventative control to protect the confidentiality of data on a corporate smartphone in the event it is lost?
A. Encryption of the data stored on the device
B. Biometric authentication for the device
C. Password for device authentication
D. Remote data wipe program
Answer
D. Remote data wipe program
Explanation
CISA Question 1374
Question
The BEST way to assure an organization’s board of directors that IT strategies support business objectives is to:
A. provide regular assessments of emerging technologies
B. identify and report on the achievement of critical success factors (CSFs)
C. confirm that IT strategies have been fully documented and disseminated
D. ensure that senior business managers review IT budgets
Answer
B. identify and report on the achievement of critical success factors (CSFs)
CISA Question 1375
Question
Which of the following is the BEST method to prevent wire transfer fraud by bank employees?
A. Re-keying of wire dollar amounts
B. Independent reconciliation
C. Two-factor authentication control
D. System-enforced dual control
Answer
D. System-enforced dual control
CISA Question 1376
Question
An employee has accidentally posted confidential data to the company’s social media page. Which of the following is the BEST control to prevent this from recurring?
A. Require all updates to be made by the marketing director
B. Implement a moderator approval process
C. Perform periodic audits of social media updates
D. Establish two-factor access control for social media accounts
Answer
B. Implement a moderator approval process
CISA Question 1377
Question
Which of the following methods would BEST help detect unauthorized disclosure of confidential documents sent over corporate email?
A. Installing firewalls on the corporate network
B. Requiring all users to encrypt documents before sending
C. Monitoring all emails based on pre-defined criteria
D. Reporting all outgoing emails that are marked as confidential
Answer
C. Monitoring all emails based on pre-defined criteria
CISA Question 1378
Question
Data confidentiality is a requirement for an organization’s new web service. Which of the following would provide the BEST protection?
A. Telnet
B. Secure Sockets Layer (SSL)
C. Transport Layer Security (TLS)
D. Secure File Transfer Protocol (SFTP)
Answer
C. Transport Layer Security (TLS)
CISA Question 1379
Question
Which of the following should an IS auditor recommend be done FIRST upon learning that new data protection legislation may affect the organization?
A. Implement data protection best practices
B. Implement a new security baseline for achieving compliance
C. Restrict system access for noncompliant business processes
D. Perform a gap analysis of data protection practices
Answer
D. Perform a gap analysis of data protection practices
CISA Question 1380
Question
To protect information assets, which of the following should be done FIRST?
A. Restrict access to data
B. Encrypt data
C. Classify data
D. Back up data
Answer
C. Classify data