Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 2

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 121

Question

Due to a global pandemic, a health organization has instructed its employees to work from home as much as possible. The employees communicate using instant messaging. Which of the following is the GREATEST risk in this situation?

A. Employee productivity may decrease when working from home.
B. The capacity of servers may not allow all users to connect simultaneously.
C. Employees may exchange patient information through less secure methods.
D. Home office setups may not be compliant with workplace health and safety requirements.

Answer

C. Employees may exchange patient information through less secure methods.

CISA Question 122

Question

Which of the following BEST guards against the risk of attack by hackers?

A. Tunneling
B. Firewalls
C. Encryption
D. Message validation

Answer

B. Firewalls

Reference

ISACA Journal > Issues > 2015 > Volume 5 > Addressing Cybersecurity Vulnerabilities
https://www.isaca.org/resources/isaca-journal/issues/2015/volume-5/addressing-cybersecurity-vulnerabilities

CISA Question 123

Question

Which of the following clauses is MOST important to include in a contract to help maintain data privacy in the event a Platform as a Service (PaaS) provider becomes financially insolvent?

A. Secure data destruction
B. Intellectual property protection
C. Data classification
D. Software escrow

Answer

B. Intellectual property protection

CISA Question 124

Question

A new privacy regulation requires a customer’s privacy information to be deleted within 72 hours, if requested. Which of the following would be an IS auditor’s GREATEST concern regarding compliance to this regulation?

A. Lack of knowledge of where customers’ information is saved
B. Outdated online privacy policies
C. Incomplete backup and retention policies
D. End user access to applications with customer information

Answer

D. End user access to applications with customer information

CISA Question 125

Question

An organization performs both full and incremental database backups. Which of the following will BEST enable full restoration in the event of the destruction of the data center?

A. Rotate all backups to an offsite location daily.
B. Transmit incremental backups to an offsite location daily.
C. Move full backups to an offsite location weekly.
D. Maintain full and incremental backups in a secure server room.

Answer

B. Transmit incremental backups to an offsite location daily.

CISA Question 126

Question

Tunneling provides additional security for connecting one host to another through the Internet by:

A. enabling the use of stronger encryption keys.
B. facilitating the exchange of public key infrastructure (PKI) certificates.
C. providing end-to-end encryption.
D. preventing password cracking and replay attacks.

Answer

C. providing end-to-end encryption.

CISA Question 127

Question

During an IT operations audit, multiple unencrypted backup tapes containing sensitive credit card information cannot be found. Which of the following presents the GREATEST risk to the organization?

A. Reputational damage due to potential identity theft
B. The cost of recreating the missing backup tapes
C. Business disruption if a data restore cannot be completed
D. Human resource cost of responding to the incident

Answer

A. Reputational damage due to potential identity theft

CISA Question 128

Question

An external attacker spoofing an internal protocol (IP) address can BEST be detected by which of the following?

A. Using a state table to compare the message states of each packet as it enters the system
B. Comparing the source address to the interface used as the entry point
C. Using static IP addresses for identification
D. Comparing the source address to the domain name server entry

Answer

B. Comparing the source address to the interface used as the entry point

CISA Question 129

Question

Which of the following is a benefit of using symmetric cryptography instead of asymmetric cryptography?

A. Can be used for digital signature
B. Efficiency of use
C. Enhanced authentication
D. Improved key management

Answer

B. Efficiency of use

CISA Question 130

Question

An organization is evaluating a disaster recovery testing scenario in which a ransomware attack occurs and the business impact analysis (BIA) indicates the recovery point objective (RPO) is 6 hours. Which of the following BEST ensures the most recent good data set will be available after the attack occurs?

A. Replication occurs every 15 minutes.
B. Backup is configured every 5 hours.
C. Replication is every 6 hours.
D. Backup is configured every 4 hours.

Answer

A. Replication occurs every 15 minutes.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker