ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 2

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 131

Question

Which of the following user actions constitutes the GREATEST risk for introducing viruses into a local network?

A. Downloading a file from an external server
B. Uploading a file onto an internal server
C. Opening an email attachment
D. Viewing a hypertext markup language (HTML) document

Answer

A. Downloading a file from an external server

CISA Question 132

Question

The practice of performing backups reflects which type of internal control?

A. Corrective
B. Preventive
C. Detective
D. Compensating

Answer

A. Corrective

CISA Question 133

Question

What is the MOST important consideration of any disaster response plan?

A. Personnel safety
B. Business resumption
C. Adequate resource capacity
D. IT asset protection

Answer

A. Personnel safety

CISA Question 134

Question

An IS auditor is evaluating the risk of zero-day attacks and related mitigating controls for an organization. The auditor’s BEST recommendation is to implement:

A. a demilitarized zone (DMZ).
B. a signature-based antivirus program.
C. a heuristic intrusion prevention system (IPS).
D. an intrusion detection system (IDS).

Answer

C. a heuristic intrusion prevention system (IPS).

CISA Question 135

Question

Which of the following types of environmental equipment will MOST likely be deployed below the floor tiles of a data center?

A. Temperature sensors
B. Air pressure sensors
C. Humidity sensors
D. Water sensors

Answer

D. Water sensors

CISA Question 136

Question

Which of the following is the BEST method to secure credit card information displayed by an application used by both customer service representatives and fraud analysts?

A. Truncation
B. One-way hash
C. Encryption
D. Masking

Answer

C. Encryption

CISA Question 137

Question

The PRIMARY purpose of conducting a test of an alternate site as part of a disaster recovery program is to:

A. assess security awareness among employees.
B. determine recovery time objectives (RTOs).
C. verify the alternate infrastructure works as designed.
D. identify hidden costs for maintaining the site.

Answer

C. verify the alternate infrastructure works as designed.

CISA Question 138

Question

Which of the following BEST help to ensure system resiliency for a business application that processes high-volume and real-time retail transactions?

A. Adequate resourcing for the incident response team
B. Adequate encryption between applications
C. Adequate application clustering
D. Adequate reciprocal recovery agreement

Answer

C. Adequate application clustering

CISA Question 139

Question

A manager identifies active privileged accounts belonging to staff who have left the organization. Which of the following is the threat actor in this scenario?

A. Hacktivists
B. Deleted log data
C. Terminated staff
D. Unauthorized access

Answer

C. Terminated staff

CISA Question 140

Question

Which of the following is the BEST control to help prevent sensitive data leaving an organization via email?

A. Scanning outgoing emails
B. Providing encryption solutions for employees
C. Conducting periodic phishing tests
D. Blocking outbound emails sent without encryption

Answer

D. Blocking outbound emails sent without encryption