Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 2

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 101

Question

A healthcare facility offers patients health tracking devices that can be monitored remotely by healthcare professionals. Which of the following is the BEST way to protect patient personal information from unauthorized exfiltration?

A. Restrict the devices to using Internet Protocol (IP) version 6 only
B. Add a digital certificate to the devices that limits communication to specific servers
C. Provide the patients with Internet security training and education programs
D. Configure the devices to reboot automatically every 7 days

Answer

B. Add a digital certificate to the devices that limits communication to specific servers

CISA Question 102

Question

Critical processes are not defined in an organization’s business continuity plan (BCP). Which of the following would have MOST likely identified the gap?

A. Updating the risk register
B. Reviewing the business continuity strategy
C. Reviewing the business impact analysis (BIA)
D. Testing the incident response plan

Answer

D. Testing the incident response plan

CISA Question 103

Question

Which of the following recommendations by an IS auditor is the BEST control to protect an organization’s corporate network from the guest wireless network?

A. Hide the service set identifier (SSID) of the guest network
B. Place the guest network in its own virtual local area network (LAN)
C. Authenticate devices connecting to the guest network
D. Ensure the guest access point is running the latest software

Answer

B. Place the guest network in its own virtual local area network (LAN)

CISA Question 104

Question

Which of the following would BEST protect the confidentiality of sensitive data in transit between multiple offices?

A. Public key infrastructure (PKI)
B. Kerberos
C. Digital signatures
D. Hash algorithms

Answer

A. Public key infrastructure (PKI)

CISA Question 105

Question

Which of the following is the PRIMARY protocol for protecting outbound content from tampering and eavesdropping?

A. Transport Layer Security (TLS)
B. Point-to-Point Protocol (PPP)
C. Secure Shell (SSH)
D. Internet Key Exchange (IKE)

Answer

A. Transport Layer Security (TLS)

CISA Question 106

Question

As part of business continuity planning, which of the following is MOST important to assess when conducting a business impact analysis (BIA)?

A. Risk appetite
B. Recovery scenarios
C. Completeness of critical asset inventory
D. Critical applications in the cloud

Answer

C. Completeness of critical asset inventory

CISA Question 107

Question

Which of the following statements appearing in an organization’s acceptable use policy BEST demonstrates alignment with data classification standards related to the protection of information assets?

A. Information assets should only be accessed by persons with a justified need
B. All information assets must be encrypted when stored on the organization’s systems
C. Any information assets transmitted over a public network must be approved by executive management
D. All information assets will be assigned a clearly defined level to facilitate proper employee handling

Answer

D. All information assets will be assigned a clearly defined level to facilitate proper employee handling

CISA Question 108

Question

Which of the following is the GREATEST advantage of vulnerability scanning over penetration testing?

A. Custom-developed applications can be tested more accurately.
B. The testing produces a lower number of false positive results.
C. The testing process can be automated to cover large groups of assets.
D. Network bandwidth is utilized more efficiently.

Answer

C. The testing process can be automated to cover large groups of assets.

CISA Question 109

Question

Which of the following is the BEST way to ensure payment transaction data is restricted to the appropriate users?

A. Using a single menu for sensitive application transactions
B. Restricting access to transactions using network security software
C. Implementing two-factor authentication
D. Implementing role-based access at the application level

Answer

B. Restricting access to transactions using network security software

CISA Question 110

Question

During a database security audit, an IS auditor is reviewing the process used to upload source data. Which of the following is the MOST significant risk area for the auditor to focus on?

A. Data integrity
B. Data sensitivity
C. Data resilience
D. Data normalization

Answer

C. Data resilience

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.