Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 14

By: Author Alex Lim

Posted on Last updated:

Home > ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 14 > Page 2

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1411

Question

An IS auditor has been asked to participate in the creation of an organization’s formal business continuity program. Which of the following would impair auditor independence?

A. Developing disaster recovery test scenarios
B. Determining system criticality
C. Facilitating the business impact analysis (BIA)
D. Participating on the business continuity committee

Answer

A. Developing disaster recovery test scenarios

CISA Question 1412

Question

To develop a robust data security program, the FIRST course of action should be to:

A. implement monitoring controls
B. implement data loss prevention (DLP) controls
C. perform an inventory of assets
D. interview IT senior management

Answer

C. perform an inventory of assets

CISA Question 1413

Question

Which of the following should be the FIRST step when conducting an IT risk assessment?

A. Assess vulnerabilities
B. Identify assets to be protected
C. Evaluate controls in place
D. Identify potential threats

Answer

B. Identify assets to be protected

CISA Question 1414

Question

Which of the following activities is MOST important in determining whether a test of a disaster recovery plan (DRP) has been successful?

A. Evaluating participation by key personnel
B. Testing at the backup data center
C. Analyzing whether predetermined test objectives were met
D. Testing with offsite backup files

Answer

C. Analyzing whether predetermined test objectives were met

CISA Question 1415

Question

Which of the following would be of GREATEST concern to an IS auditor reviewing a critical spreadsheet during a financial audit?

A. Periodic access reviews are manually performed.
B. Changes to the file are not always documented.
C. Access requests are manually processed.
D. A copy of the current validated file is not available.

Answer

B. Changes to the file are not always documented.

CISA Question 1416

Question

An organization has outsourced its data leakage monitoring to an Internet service provider (ISP). Which of the following is the BEST way for an IS auditor to determine the effectiveness of this service?

A. Verify the ISP has staff to deal with data leakage
B. Review the ISP’s external audit report
C. Review the data leakage clause in the SLA
D. Simulate a data leakage incident

Answer

C. Review the data leakage clause in the SLA

CISA Question 1417

Question

When developing a business continuity plan (BCP), which of the following should be performed FIRST?

A. Develop business continuity training
B. Classify operations
C. Conduct a business impact analysis (BIA)
D. Establish a disaster recovery plan (DRP)

Answer

C. Conduct a business impact analysis (BIA)

CISA Question 1418

Question

Which of the following is the MOST important reason for updating and retesting a business continuity plan (BCP)?

A. Staff turnover
B. Emerging technology
C. Significant business change
D. Matching industry best practices

Answer

C. Significant business change

CISA Question 1419

Question

As part of business continuity planning, which of the following is MOST important to include in a business impact analysis (BIA)?

A. Define a risk appetite.
B. Assess risk of moving significant applications to the cloud.
C. Assess recovery scenarios.
D. Assess threats to the organization.

Answer

D. Assess threats to the organization.

CISA Question 1420

Question

An organization’s software developers need access to personally identifiable information (PII) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?

A. Data masking
B. Data encryption
C. Data tokenization
D. Data abstraction

Answer

C. Data tokenization

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.