Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 15

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1501

Question

Which of the following would MOST likely impact the integrity of a database backup?

A. Record fields contain null information
B. Open database files during backup
C. Relational database model used
D. Backing up the database to an optical disk

Answer

D. Backing up the database to an optical disk

CISA Question 1502

Question

Which of the following requirements in a document control standard would provide nonrepudiation to digitally signed legal documents?

A. All digital signatures must include a hashing algorithm.
B. All digitally signed documents must be stored in an encrypted database.
C. All documents requiring digital signatures must be signed by both the customer and a witness.
D. Only secure file transfer protocol (SFTP) may be used for digitally signed documentation.

Answer

A. All digital signatures must include a hashing algorithm.

CISA Question 1503

Question

Which of the following should an IS auditor expect to find in an organization’s information security policies?

A. Authentication requirements
B. Asset provisioning lifecycle
C. Security configuration settings
D. Secure coding procedures

Answer

A. Authentication requirements

CISA Question 1504

Question

An organization wants to reuse company-provided smartphones collected from staff leaving the organization. Which of the following would be the BEST recommendation?

A. The memory cards of the smartphones should be replaced.
B. Smartphones should not be reused, but physically destroyed.
C. Data should be securely deleted from the smartphones.
D. The SIM card and telephone number should be changed.

Answer

C. Data should be securely deleted from the smartphones.

CISA Question 1505

Question

In a high-volume, real-time system, the MOST effective technique by which to continuously monitor and analyze transaction processing is:

A. integrated test facility (ITF).
B. embedded audit modules.
C. parallel simulation.
D. transaction tagging.

Answer

D. transaction tagging.

CISA Question 1506

Question

Which of the following IS functions can be performed by the same group or individual while still providing the proper segregation of duties?

A. Computer operations and application programming
B. Database administration and computer operations
C. Security administration and application programming
D. Application programming and systems analysis

Answer

A. Computer operations and application programming

CISA Question 1507

Question

When designing metrics for information security, the MOST important consideration is that the metrics:

A. provide actionable data.
B. apply to all business units.
C. are easy to understand.
D. track trends over time.

Answer

D. track trends over time.

CISA Question 1508

Question

Email required for business purposes is being stored on employees’ personal devices. Which of the following is an IS auditor’s BEST recommendation?

A. Implement an email containerization solution on personal devices
B. Prohibit employees from storing company email on personal devices.
C. Ensure antivirus to utilize passwords on personal devices.
D. Require employees to utilize passwords on personal devices.

Answer

D. Require employees to utilize passwords on personal devices.

CISA Question 1509

Question

Which of the following is the MOST effective method of destroying sensitive data stored on electronic media?

A. Physical destruction
B. Degaussing
C. Random character overwrite
D. Low-level formatting

Answer

A. Physical destruction

CISA Question 1510

Question

When protecting the confidentiality of information assets, the MOST effective control practice is the:

A. awareness training of personnel on regulatory requirements.
B. enforcement of a need-to-know access control philosophy.
C. utilization of a dual-factor authentication mechanism.
D. configuration of read-only access to all users.

Answer

C. utilization of a dual-factor authentication mechanism.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.