Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 2

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 151

Question

An organization’s sensitive data is stored in a cloud computing environment and is encrypted. Which of the following findings should be of GREATEST concern to an IS auditor?

A. Symmetric keys are used for encryption.
B. Encryption keys are not rotated on a regular basis.
C. Test data encryption keys are being used in production.
D. Data encryption keys are accessible to the service provider.

Answer

B. Encryption keys are not rotated on a regular basis.

CISA Question 152

Question

What is the BEST type of network topology to reduce the risk of network faults?

A. Bus network
B. Star network
C. Ring network
D. Mesh network

Answer

D. Mesh network

CISA Question 153

Question

Which of the following is the BEST way to minimize the impact of a ransomware attack?

A. Grant system access based on least privilege.
B. Provide user awareness training on ransomware attacks.
C. Perform more frequent system backups.
D. Maintain a regular schedule for patch updates.

Answer

B. Provide user awareness training on ransomware attacks.

CISA Question 154

Question

An IS auditor is reviewing environmental controls and finds extremely high levels of humidity in the data center. Which of the following is the PRIMARY risk to computer equipment from this condition?

A. Brownout
B. Fire
C. Static electricity
D. Corrosion

Answer

D. Corrosion

CISA Question 155

Question

Which of the following would BEST help management maintain a current and effective business continuity plan (BCP)?

A. Update the critical business software list on an annual basis.
B. Perform a periodic recovery test and include a lessons-learned summary.
C. Perform an annual walk-through and verify resources at the recovery site.
D. Verify vendor restore requirements are consistent with the recovery plan.

Answer

B. Perform a periodic recovery test and include a lessons-learned summary.

CISA Question 156

Question

Which of the following is the BEST control to reduce the likelihood that a spear phishing attack will be successful?

A. Tools for users to report suspicious emails and unusual financial transactions
B. Spam filtering for emails containing external hyperlinks sent to mass recipient lists
C. Automated alerts to security managers identifying confidential information transferred externally
D. Education for staff and high-profile users on social engineering

Answer

D. Education for staff and high-profile users on social engineering

CISA Question 157

Question

Which of the following would provide the BEST evidence of the adequacy of firewall rules?

A. Performing penetration tests
B. Reviewing intrusion detection system (IDS) logs
C. Reviewing network logs
D. Verifying firewall configuration

Answer

A. Performing penetration tests

CISA Question 158

Question

What is the PRIMARY reason for including a clause requiring source code escrow in an application vendor agreement?

A. Protect the organization from copyright disputes.
B. Ensure source code changes are recorded.
C. Segregate system development and live environments.
D. Ensure the source code remains available.

Answer

A. Protect the organization from copyright disputes.

CISA Question 159

Question

Which of the following controls would BEST help to protect an organization from social engineering attacks?

A. Email monitoring
B. Social media access restrictions
C. Security awareness training
D. Firewall access control list reviews

Answer

C. Security awareness training

CISA Question 160

Question

What is the MAIN objective when implementing security controls within an application?

A. To minimize reputational risk to the organization
B. To minimize the exposure to the fullest extent possible
C. To optimize the level of data protection achieved against cost
D. To optimize user functionality of the application

Answer

C. To optimize the level of data protection achieved against cost

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker