The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1381
- Question
- Answer
- CISA Question 1382
- Question
- Answer
- Explanation
- CISA Question 1383
- Question
- Answer
- CISA Question 1384
- Question
- Answer
- CISA Question 1385
- Question
- Answer
- CISA Question 1386
- Question
- Answer
- CISA Question 1387
- Question
- Answer
- CISA Question 1388
- Question
- Answer
- CISA Question 1389
- Question
- Answer
- CISA Question 1390
- Question
- Answer
CISA Question 1381
Question
Which of the following should be the FIRST step to help ensure the necessary regulatory requirements are addressed in an organization’s crossborder data protection policy?
A. Conduct a risk assessment
B. Perform a gap analysis
C. Conduct stakeholder interviews
D. Perform a business impact analysis (BIA)
Answer
B. Perform a gap analysis
CISA Question 1382
Question
Which of the following methods of providing telecommunications continuity involves the use of an alternative media?
A. Alternative routing
B. Diverse routing
C. Long haul network diversity
D. Last mile circuit protection
Answer
A. Alternative routing
Explanation
Alternative routing is a method of routing information via an alternate medium such as copper cable or fiber optics. This involves use of different networks, circuits or end points should the normal network be unavailable. Diverse routing routes traffic through split cable facilities or duplicate cable facilities. This can be accomplished with different and/or duplicate cable sheaths. If different cable sheaths are used, the cable may be in the same conduit and therefore subject to the same interruptions as the cable it is backing up. The communication service subscriber can duplicate the facilities by having alternate routes, although the entrance to and from the customer premises may be in the same conduit.
The subscriber can obtain diverse routing and alternate routing from the local carrier, including dual entrance facilities. This type of access is time-consuming and costly. Long haul network diversity is a diverse long-distance network utilizing T1 circuits among the major long-distance carriers. It ensures long-distance access should any one carrier experience a network failure. Last mile circuit protection is a redundant combination of local carrier T1s microwave and/or coaxial cable access to the local communications loop. This enables the facility to have access during a local carrier communication disaster. Alternate local carrier routing is also utilized.
CISA Question 1383
Question
Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:
A. the likelihood of a given threat attempting to exploit a vulnerability
B. a function of the cost and effectiveness of controls over a vulnerability
C. the magnitude of the impact should a threat exploit a vulnerability
D. a function of the likelihood and impact, should a threat exploit a vulnerability
Answer
A. the likelihood of a given threat attempting to exploit a vulnerability
CISA Question 1384
Question
A data leakage prevention (DLP) solution has identified that several employees are sending confidential company data to their personal email addresses in violation of company policy. The information security manager should FIRST:
A. initiate an investigation to determine the full extent of noncompliance
B. notify senior management that employees are breaching policy
C. limit access to the Internet for employees involved
D. contact the employees involved to retake security awareness training
Answer
A. initiate an investigation to determine the full extent of noncompliance
CISA Question 1385
Question
Which of the following is the MOST important reason for performing vulnerability assessments periodically?
A. Technology risks must be mitigated.
B. Management requires regular reports.
C. The environment changes constantly.
D. The current threat levels are being assessed.
Answer
C. The environment changes constantly.
CISA Question 1386
Question
Which of the following would BEST support a business case to implement a data leakage prevention (DLP) solution?
A. An unusual upward trend in outbound email volume
B. Lack of visibility into previous data leakage incidents
C. Industry benchmark of DLP investments
D. A risk assessment on the threat of data leakage
Answer
D. A risk assessment on the threat of data leakage
CISA Question 1387
Question
While conducting a test of a business continuity plan, which of the following is the MOST important consideration?
A. The test simulates actual prime-time processing conditions.
B. The test is scheduled to reduce operational impact.
C. The test involves IT members in the test process.
D. The test addresses the critical components.
Answer
A. The test simulates actual prime-time processing conditions.
CISA Question 1388
Question
Before a failover test of a critical business application is performed, it is MOST important for the information security manager to:
A. obtain a signed risk acceptation from the recovery team
B. obtain senior management‘s approval
C. inform the users that the test is taking place
D. verify that the information assets have been classified properly
Answer
B. obtain senior management‘s approval
CISA Question 1389
Question
Which of the following is the PRIMARY purpose of data classification?
A. To determine access rights to data
B. To provide a basis for protecting data
C. To select encryption technologies
D. To ensure integrity of data
Answer
B. To provide a basis for protecting data
CISA Question 1390
Question
When preventive controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?
A. Identity unacceptable risk levels
B. Manage the impact
C. Evaluate potential threats
D. Assess vulnerabilities
Answer
B. Manage the impact