ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 14

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 1411

Question

An IS auditor has been asked to participate in the creation of an organization’s formal business continuity program. Which of the following would impair auditor independence?

A. Developing disaster recovery test scenarios
B. Determining system criticality
C. Facilitating the business impact analysis (BIA)
D. Participating on the business continuity committee

Answer

A. Developing disaster recovery test scenarios

CISA Question 1412

Question

To develop a robust data security program, the FIRST course of action should be to:

A. implement monitoring controls
B. implement data loss prevention (DLP) controls
C. perform an inventory of assets
D. interview IT senior management

Answer

C. perform an inventory of assets

CISA Question 1413

Question

Which of the following should be the FIRST step when conducting an IT risk assessment?

A. Assess vulnerabilities
B. Identify assets to be protected
C. Evaluate controls in place
D. Identify potential threats

Answer

B. Identify assets to be protected

CISA Question 1414

Question

Which of the following activities is MOST important in determining whether a test of a disaster recovery plan (DRP) has been successful?

A. Evaluating participation by key personnel
B. Testing at the backup data center
C. Analyzing whether predetermined test objectives were met
D. Testing with offsite backup files

Answer

C. Analyzing whether predetermined test objectives were met

CISA Question 1415

Question

Which of the following would be of GREATEST concern to an IS auditor reviewing a critical spreadsheet during a financial audit?

A. Periodic access reviews are manually performed.
B. Changes to the file are not always documented.
C. Access requests are manually processed.
D. A copy of the current validated file is not available.

Answer

B. Changes to the file are not always documented.

CISA Question 1416

Question

An organization has outsourced its data leakage monitoring to an Internet service provider (ISP). Which of the following is the BEST way for an IS auditor to determine the effectiveness of this service?

A. Verify the ISP has staff to deal with data leakage
B. Review the ISP’s external audit report
C. Review the data leakage clause in the SLA
D. Simulate a data leakage incident

Answer

C. Review the data leakage clause in the SLA

CISA Question 1417

Question

When developing a business continuity plan (BCP), which of the following should be performed FIRST?

A. Develop business continuity training
B. Classify operations
C. Conduct a business impact analysis (BIA)
D. Establish a disaster recovery plan (DRP)

Answer

C. Conduct a business impact analysis (BIA)

CISA Question 1418

Question

Which of the following is the MOST important reason for updating and retesting a business continuity plan (BCP)?

A. Staff turnover
B. Emerging technology
C. Significant business change
D. Matching industry best practices

Answer

C. Significant business change

CISA Question 1419

Question

As part of business continuity planning, which of the following is MOST important to include in a business impact analysis (BIA)?

A. Define a risk appetite.
B. Assess risk of moving significant applications to the cloud.
C. Assess recovery scenarios.
D. Assess threats to the organization.

Answer

D. Assess threats to the organization.

CISA Question 1420

Question

An organization’s software developers need access to personally identifiable information (PII) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?

A. Data masking
B. Data encryption
C. Data tokenization
D. Data abstraction

Answer

C. Data tokenization