Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 2

By: Author Alex Lim

Posted on Last updated:

Home > ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 2 > Page 6

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 151

Question

An organization’s sensitive data is stored in a cloud computing environment and is encrypted. Which of the following findings should be of GREATEST concern to an IS auditor?

A. Symmetric keys are used for encryption.
B. Encryption keys are not rotated on a regular basis.
C. Test data encryption keys are being used in production.
D. Data encryption keys are accessible to the service provider.

Answer

B. Encryption keys are not rotated on a regular basis.

CISA Question 152

Question

What is the BEST type of network topology to reduce the risk of network faults?

A. Bus network
B. Star network
C. Ring network
D. Mesh network

Answer

D. Mesh network

CISA Question 153

Question

Which of the following is the BEST way to minimize the impact of a ransomware attack?

A. Grant system access based on least privilege.
B. Provide user awareness training on ransomware attacks.
C. Perform more frequent system backups.
D. Maintain a regular schedule for patch updates.

Answer

B. Provide user awareness training on ransomware attacks.

CISA Question 154

Question

An IS auditor is reviewing environmental controls and finds extremely high levels of humidity in the data center. Which of the following is the PRIMARY risk to computer equipment from this condition?

A. Brownout
B. Fire
C. Static electricity
D. Corrosion

Answer

D. Corrosion

CISA Question 155

Question

Which of the following would BEST help management maintain a current and effective business continuity plan (BCP)?

A. Update the critical business software list on an annual basis.
B. Perform a periodic recovery test and include a lessons-learned summary.
C. Perform an annual walk-through and verify resources at the recovery site.
D. Verify vendor restore requirements are consistent with the recovery plan.

Answer

B. Perform a periodic recovery test and include a lessons-learned summary.

CISA Question 156

Question

Which of the following is the BEST control to reduce the likelihood that a spear phishing attack will be successful?

A. Tools for users to report suspicious emails and unusual financial transactions
B. Spam filtering for emails containing external hyperlinks sent to mass recipient lists
C. Automated alerts to security managers identifying confidential information transferred externally
D. Education for staff and high-profile users on social engineering

Answer

D. Education for staff and high-profile users on social engineering

CISA Question 157

Question

Which of the following would provide the BEST evidence of the adequacy of firewall rules?

A. Performing penetration tests
B. Reviewing intrusion detection system (IDS) logs
C. Reviewing network logs
D. Verifying firewall configuration

Answer

A. Performing penetration tests

CISA Question 158

Question

What is the PRIMARY reason for including a clause requiring source code escrow in an application vendor agreement?

A. Protect the organization from copyright disputes.
B. Ensure source code changes are recorded.
C. Segregate system development and live environments.
D. Ensure the source code remains available.

Answer

A. Protect the organization from copyright disputes.

CISA Question 159

Question

Which of the following controls would BEST help to protect an organization from social engineering attacks?

A. Email monitoring
B. Social media access restrictions
C. Security awareness training
D. Firewall access control list reviews

Answer

C. Security awareness training

CISA Question 160

Question

What is the MAIN objective when implementing security controls within an application?

A. To minimize reputational risk to the organization
B. To minimize the exposure to the fullest extent possible
C. To optimize the level of data protection achieved against cost
D. To optimize user functionality of the application

Answer

C. To optimize the level of data protection achieved against cost

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.