ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 14

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 1401

Question

Reviewing which of the following would provide the GREATEST input to the asset classification process:

A. Risk assessment
B. Sensitivity of the data
C. Replacement cost of the asset
D. Compliance requirements

Answer

B. Sensitivity of the data

CISA Question 1402

Question

Which of the following would be the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)?

A. Perform industry research annually and document the overall ranking of the IPS.
B. Perform a penetration test to demonstrate the ability to protect.
C. Establish and present appropriate metrics that track performance.
D. Provide yearly competitive pricing to illustrate the value of the IPS.

Answer

C. Establish and present appropriate metrics that track performance.

CISA Question 1403

Question

An information security risk analysis BEST assists an organization in ensuring that:

A. cost-effective decisions are made with regard to which assets need protection
B. the organization implements appropriate security technologies
C. the infrastructure has the appropriate level of access control
D. an appropriate level of funding is applied to security processes

Answer

B. the organization implements appropriate security technologies

CISA Question 1404

Question

When using digital signatures, a sender transmits an encrypted message digest. This ensures that the:

A. message is not intercepted during transmission
B. message is not altered during transmission
C. message sender obtains acknowledgement of delivery
D. message remains confidential during transmission

Answer

B. message is not altered during transmission

CISA Question 1405

Question

Which of the following would BEST protect against web-based cross-domain attacks?

A. Network addressing scheme
B. Database hardening
C. Encryption controls
D. Application controls

Answer

D. Application controls

CISA Question 1406

Question

Which of the following should be an information security manager’s PRIMARY role when an organization initiates a data classification process?

A. Assign the asset classification level.
B. Define the classification structure to be implemented.
C. Verify that assets have been appropriately classified.
D. Apply security in accordance with specific classification.

Answer

B. Define the classification structure to be implemented.

CISA Question 1407

Question

Which of the following is necessary to determine what would constitute a disaster for an organization?

A. Backup strategy analysis
B. Threat probability analysis
C. Risk analysis
D. Recovery strategy analysis

Answer

D. Recovery strategy analysis

CISA Question 1408

Question

Invoking a business continuity plan (BCP) is demonstrating which type of control?

A. Corrective
B. Preventive
C. Detective
D. Directive

Answer

B. Preventive

CISA Question 1409

Question

An IS auditor is performing a consulting engagement and needs to make a recommendation for securing all doors to a data center to prevent unauthorized access. Which of the following access control techniques would be MOST difficult for an intruder to compromise?

A. Dead-man door and swipe card
B. Smart card and numeric keypad
C. USB token and password
D. Biometrics and PIN

Answer

D. Biometrics and PIN

CISA Question 1410

Question

When is the BEST time to commence continuity planning for a new application system?

A. Immediately after implementation
B. Just prior to the handover to the system maintenance group
C. During the design phase
D. Following successful user testing

Answer

C. During the design phase