The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2151
- Question
- Answer
- CISA Question 2152
- Question
- Answer
- CISA Question 2153
- Question
- Answer
- CISA Question 2154
- Question
- Answer
- CISA Question 2155
- Question
- Answer
- CISA Question 2156
- Question
- Answer
- CISA Question 2157
- Question
- Answer
- CISA Question 2158
- Question
- Answer
- CISA Question 2159
- Question
- Answer
- CISA Question 2160
- Question
- Answer
CISA Question 2151
Question
Which of the following BEST describes the relationship between vulnerability scanning and penetration testing?
A. For entities with regulatory drivers the two tests must be the same.
B. Both are labor-intensive in preparation, planning and execution.
C. Both utilize a risk-based analysis that considers treats scenarios.
D. The scope of both is determined primarily by the likelihood of exploitation.
Answer
C. Both utilize a risk-based analysis that considers treats scenarios.
CISA Question 2152
Question
Which of the following would be MOST helpful in ensuring security procedures are followed by employees in a multinational organization?
A. Security architecture review
B. Regular clean desk reviews
C. Comprehensive end-user training
D. Regular policy updates by management
Answer
C. Comprehensive end-user training
CISA Question 2153
Question
Which of the following would be the GREATEST concern when an organization’s disaster recovery strategy utilizes a cold site?
A. The lack of electrical power connections
B. The lack of networking infrastructure
C. The lack of appropriate environmental controls
D. The lack of hardware components availability
Answer
D. The lack of hardware components availability
CISA Question 2154
Question
Since data storage of a critical business application is on a redundant array of inexpensive disks (RAID), backups are not considered essential.
The IS auditor should recommend proper backups because RAID:
A. relies on proper maintenance.
B. cannot offer protection against disk corruption.
C. cannot recover from a natural disaster.
D. disks cannot be hot-swapped for quick recovery.
Answer
C. cannot recover from a natural disaster.
CISA Question 2155
Question
When reviewing a disaster recovery plan (DRP), an IS auditor should examine the:
A. access to the computer site by backup staff.
B. offsite data file storage.
C. uninterruptible power supply (UPS).
D. fire-fighting equipment.
Answer
B. offsite data file storage.
CISA Question 2156
Question
Of the following procedures for testing a disaster recovery plan (DRP), which should be used MOST frequently?
A. Unannounced shutdown of the primary computing facility.
B. Review of documented backup and recovery procedures
C. Testing at a secondary site using offsite data backups
D. Preplanned shutdown of the computing facility during an off-peak period
Answer
B. Review of documented backup and recovery procedures
CISA Question 2157
Question
An IS auditor observes that an organization’s critical IT systems have experienced several failures throughout the year. Which of the following is the BEST recommendation?
A. Perform a disaster recovery test.
B. Perform a root cause analysis.
C. Contract for a hot site.
D. Implement redundant systems.
Answer
B. Perform a root cause analysis.
CISA Question 2158
Question
Which of the following is MOST important for an IS auditor to verify during a disaster recovery audit?
A. Disaster recovery tests are carries out.
B. Regular backups are made and stored offsite.
C. The disaster recovery plan is updated on a regular basis.
D. Media are stored in fireproof cabinets.
Answer
A. Disaster recovery tests are carries out.
CISA Question 2159
Question
Which of the following should be of MOST concern to an IS auditor reviewing an organization’s disaster recovery plan (DRP)?
A. The responsibility for declaring a disaster is not identified.
B. The disaster recovery steps are not detailed.
C. The CIO has not signed off on the DRP.
D. Copies of the DRP are not kept in a secure offsite location.
Answer
B. The disaster recovery steps are not detailed.
CISA Question 2160
Question
Which of the following is MOST influential when defining disaster recovery strategies?
A. Existing server redundancies
B. Maximum tolerable downtime
C. Data classification scheme
D. Annual loss expectancy
Answer
B. Maximum tolerable downtime