Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 13

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1371

Question

Which of the following is the MOST effective way to reduce risk to an organization from widespread use of web-based communication technologies?

A. Publish an enterprise-wide policy outlining acceptance use of web-based communication technologies.
B. Incorporate risk awareness training for web-based communications into the IT security program.
C. Monitor staff usage of web-based communication and notify the IT security department of violations.
D. Block access from user devices to unauthorized pages that allow web-based communication.

Answer

B. Incorporate risk awareness training for web-based communications into the IT security program.

CISA Question 1372

Question

The FIRST step in establishing a firewall security policy is to determine the:

A. necessary logical access rights.
B. expected data throughput.
C. business requirements.
D. existing firewall configuration.

Answer

C. business requirements.

CISA Question 1373

Question

Which of the following is the BEST preventative control to protect the confidentiality of data on a corporate smartphone in the event it is lost?

A. Encryption of the data stored on the device
B. Biometric authentication for the device
C. Password for device authentication
D. Remote data wipe program

Answer

D. Remote data wipe program

Explanation

CISA Question 1374

Question

The BEST way to assure an organization’s board of directors that IT strategies support business objectives is to:

A. provide regular assessments of emerging technologies
B. identify and report on the achievement of critical success factors (CSFs)
C. confirm that IT strategies have been fully documented and disseminated
D. ensure that senior business managers review IT budgets

Answer

B. identify and report on the achievement of critical success factors (CSFs)

CISA Question 1375

Question

Which of the following is the BEST method to prevent wire transfer fraud by bank employees?

A. Re-keying of wire dollar amounts
B. Independent reconciliation
C. Two-factor authentication control
D. System-enforced dual control

Answer

D. System-enforced dual control

CISA Question 1376

Question

An employee has accidentally posted confidential data to the company’s social media page. Which of the following is the BEST control to prevent this from recurring?

A. Require all updates to be made by the marketing director
B. Implement a moderator approval process
C. Perform periodic audits of social media updates
D. Establish two-factor access control for social media accounts

Answer

B. Implement a moderator approval process

CISA Question 1377

Question

Which of the following methods would BEST help detect unauthorized disclosure of confidential documents sent over corporate email?

A. Installing firewalls on the corporate network
B. Requiring all users to encrypt documents before sending
C. Monitoring all emails based on pre-defined criteria
D. Reporting all outgoing emails that are marked as confidential

Answer

C. Monitoring all emails based on pre-defined criteria

CISA Question 1378

Question

Data confidentiality is a requirement for an organization’s new web service. Which of the following would provide the BEST protection?

A. Telnet
B. Secure Sockets Layer (SSL)
C. Transport Layer Security (TLS)
D. Secure File Transfer Protocol (SFTP)

Answer

C. Transport Layer Security (TLS)

CISA Question 1379

Question

Which of the following should an IS auditor recommend be done FIRST upon learning that new data protection legislation may affect the organization?

A. Implement data protection best practices
B. Implement a new security baseline for achieving compliance
C. Restrict system access for noncompliant business processes
D. Perform a gap analysis of data protection practices

Answer

D. Perform a gap analysis of data protection practices

CISA Question 1380

Question

To protect information assets, which of the following should be done FIRST?

A. Restrict access to data
B. Encrypt data
C. Classify data
D. Back up data

Answer

C. Classify data

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker