The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 121
- Question
- Answer
- CISA Question 122
- Question
- Answer
- Reference
- CISA Question 123
- Question
- Answer
- CISA Question 124
- Question
- Answer
- CISA Question 125
- Question
- Answer
- CISA Question 126
- Question
- Answer
- CISA Question 127
- Question
- Answer
- CISA Question 128
- Question
- Answer
- CISA Question 129
- Question
- Answer
- CISA Question 130
- Question
- Answer
CISA Question 121
Question
Due to a global pandemic, a health organization has instructed its employees to work from home as much as possible. The employees communicate using instant messaging. Which of the following is the GREATEST risk in this situation?
A. Employee productivity may decrease when working from home.
B. The capacity of servers may not allow all users to connect simultaneously.
C. Employees may exchange patient information through less secure methods.
D. Home office setups may not be compliant with workplace health and safety requirements.
Answer
C. Employees may exchange patient information through less secure methods.
CISA Question 122
Question
Which of the following BEST guards against the risk of attack by hackers?
A. Tunneling
B. Firewalls
C. Encryption
D. Message validation
Answer
B. Firewalls
Reference
ISACA Journal > Issues > 2015 > Volume 5 > Addressing Cybersecurity Vulnerabilities
https://www.isaca.org/resources/isaca-journal/issues/2015/volume-5/addressing-cybersecurity-vulnerabilities
CISA Question 123
Question
Which of the following clauses is MOST important to include in a contract to help maintain data privacy in the event a Platform as a Service (PaaS) provider becomes financially insolvent?
A. Secure data destruction
B. Intellectual property protection
C. Data classification
D. Software escrow
Answer
B. Intellectual property protection
CISA Question 124
Question
A new privacy regulation requires a customer’s privacy information to be deleted within 72 hours, if requested. Which of the following would be an IS auditor’s GREATEST concern regarding compliance to this regulation?
A. Lack of knowledge of where customers’ information is saved
B. Outdated online privacy policies
C. Incomplete backup and retention policies
D. End user access to applications with customer information
Answer
D. End user access to applications with customer information
CISA Question 125
Question
An organization performs both full and incremental database backups. Which of the following will BEST enable full restoration in the event of the destruction of the data center?
A. Rotate all backups to an offsite location daily.
B. Transmit incremental backups to an offsite location daily.
C. Move full backups to an offsite location weekly.
D. Maintain full and incremental backups in a secure server room.
Answer
B. Transmit incremental backups to an offsite location daily.
CISA Question 126
Question
Tunneling provides additional security for connecting one host to another through the Internet by:
A. enabling the use of stronger encryption keys.
B. facilitating the exchange of public key infrastructure (PKI) certificates.
C. providing end-to-end encryption.
D. preventing password cracking and replay attacks.
Answer
C. providing end-to-end encryption.
CISA Question 127
Question
During an IT operations audit, multiple unencrypted backup tapes containing sensitive credit card information cannot be found. Which of the following presents the GREATEST risk to the organization?
A. Reputational damage due to potential identity theft
B. The cost of recreating the missing backup tapes
C. Business disruption if a data restore cannot be completed
D. Human resource cost of responding to the incident
Answer
A. Reputational damage due to potential identity theft
CISA Question 128
Question
An external attacker spoofing an internal protocol (IP) address can BEST be detected by which of the following?
A. Using a state table to compare the message states of each packet as it enters the system
B. Comparing the source address to the interface used as the entry point
C. Using static IP addresses for identification
D. Comparing the source address to the domain name server entry
Answer
B. Comparing the source address to the interface used as the entry point
CISA Question 129
Question
Which of the following is a benefit of using symmetric cryptography instead of asymmetric cryptography?
A. Can be used for digital signature
B. Efficiency of use
C. Enhanced authentication
D. Improved key management
Answer
B. Efficiency of use
CISA Question 130
Question
An organization is evaluating a disaster recovery testing scenario in which a ransomware attack occurs and the business impact analysis (BIA) indicates the recovery point objective (RPO) is 6 hours. Which of the following BEST ensures the most recent good data set will be available after the attack occurs?
A. Replication occurs every 15 minutes.
B. Backup is configured every 5 hours.
C. Replication is every 6 hours.
D. Backup is configured every 4 hours.
Answer
A. Replication occurs every 15 minutes.