The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
CISA Question 1411
Question
An IS auditor has been asked to participate in the creation of an organization’s formal business continuity program. Which of the following would impair auditor independence?
A. Developing disaster recovery test scenarios
B. Determining system criticality
C. Facilitating the business impact analysis (BIA)
D. Participating on the business continuity committee
Answer
A. Developing disaster recovery test scenarios
CISA Question 1412
Question
To develop a robust data security program, the FIRST course of action should be to:
A. implement monitoring controls
B. implement data loss prevention (DLP) controls
C. perform an inventory of assets
D. interview IT senior management
Answer
C. perform an inventory of assets
CISA Question 1413
Question
Which of the following should be the FIRST step when conducting an IT risk assessment?
A. Assess vulnerabilities
B. Identify assets to be protected
C. Evaluate controls in place
D. Identify potential threats
Answer
B. Identify assets to be protected
CISA Question 1414
Question
Which of the following activities is MOST important in determining whether a test of a disaster recovery plan (DRP) has been successful?
A. Evaluating participation by key personnel
B. Testing at the backup data center
C. Analyzing whether predetermined test objectives were met
D. Testing with offsite backup files
Answer
C. Analyzing whether predetermined test objectives were met
CISA Question 1415
Question
Which of the following would be of GREATEST concern to an IS auditor reviewing a critical spreadsheet during a financial audit?
A. Periodic access reviews are manually performed.
B. Changes to the file are not always documented.
C. Access requests are manually processed.
D. A copy of the current validated file is not available.
Answer
B. Changes to the file are not always documented.
CISA Question 1416
Question
An organization has outsourced its data leakage monitoring to an Internet service provider (ISP). Which of the following is the BEST way for an IS auditor to determine the effectiveness of this service?
A. Verify the ISP has staff to deal with data leakage
B. Review the ISP’s external audit report
C. Review the data leakage clause in the SLA
D. Simulate a data leakage incident
Answer
C. Review the data leakage clause in the SLA
CISA Question 1417
Question
When developing a business continuity plan (BCP), which of the following should be performed FIRST?
A. Develop business continuity training
B. Classify operations
C. Conduct a business impact analysis (BIA)
D. Establish a disaster recovery plan (DRP)
Answer
C. Conduct a business impact analysis (BIA)
CISA Question 1418
Question
Which of the following is the MOST important reason for updating and retesting a business continuity plan (BCP)?
A. Staff turnover
B. Emerging technology
C. Significant business change
D. Matching industry best practices
Answer
C. Significant business change
CISA Question 1419
Question
As part of business continuity planning, which of the following is MOST important to include in a business impact analysis (BIA)?
A. Define a risk appetite.
B. Assess risk of moving significant applications to the cloud.
C. Assess recovery scenarios.
D. Assess threats to the organization.
Answer
D. Assess threats to the organization.
CISA Question 1420
Question
An organization’s software developers need access to personally identifiable information (PII) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?
A. Data masking
B. Data encryption
C. Data tokenization
D. Data abstraction
Answer
C. Data tokenization
