Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 20

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2151

Question

Which of the following BEST describes the relationship between vulnerability scanning and penetration testing?

A. For entities with regulatory drivers the two tests must be the same.
B. Both are labor-intensive in preparation, planning and execution.
C. Both utilize a risk-based analysis that considers treats scenarios.
D. The scope of both is determined primarily by the likelihood of exploitation.

Answer

C. Both utilize a risk-based analysis that considers treats scenarios.

CISA Question 2152

Question

Which of the following would be MOST helpful in ensuring security procedures are followed by employees in a multinational organization?

A. Security architecture review
B. Regular clean desk reviews
C. Comprehensive end-user training
D. Regular policy updates by management

Answer

C. Comprehensive end-user training

CISA Question 2153

Question

Which of the following would be the GREATEST concern when an organization’s disaster recovery strategy utilizes a cold site?

A. The lack of electrical power connections
B. The lack of networking infrastructure
C. The lack of appropriate environmental controls
D. The lack of hardware components availability

Answer

D. The lack of hardware components availability

CISA Question 2154

Question

Since data storage of a critical business application is on a redundant array of inexpensive disks (RAID), backups are not considered essential.
The IS auditor should recommend proper backups because RAID:

A. relies on proper maintenance.
B. cannot offer protection against disk corruption.
C. cannot recover from a natural disaster.
D. disks cannot be hot-swapped for quick recovery.

Answer

C. cannot recover from a natural disaster.

CISA Question 2155

Question

When reviewing a disaster recovery plan (DRP), an IS auditor should examine the:

A. access to the computer site by backup staff.
B. offsite data file storage.
C. uninterruptible power supply (UPS).
D. fire-fighting equipment.

Answer

B. offsite data file storage.

CISA Question 2156

Question

Of the following procedures for testing a disaster recovery plan (DRP), which should be used MOST frequently?

A. Unannounced shutdown of the primary computing facility.
B. Review of documented backup and recovery procedures
C. Testing at a secondary site using offsite data backups
D. Preplanned shutdown of the computing facility during an off-peak period

Answer

B. Review of documented backup and recovery procedures

CISA Question 2157

Question

An IS auditor observes that an organization’s critical IT systems have experienced several failures throughout the year. Which of the following is the BEST recommendation?

A. Perform a disaster recovery test.
B. Perform a root cause analysis.
C. Contract for a hot site.
D. Implement redundant systems.

Answer

B. Perform a root cause analysis.

CISA Question 2158

Question

Which of the following is MOST important for an IS auditor to verify during a disaster recovery audit?

A. Disaster recovery tests are carries out.
B. Regular backups are made and stored offsite.
C. The disaster recovery plan is updated on a regular basis.
D. Media are stored in fireproof cabinets.

Answer

A. Disaster recovery tests are carries out.

CISA Question 2159

Question

Which of the following should be of MOST concern to an IS auditor reviewing an organization’s disaster recovery plan (DRP)?

A. The responsibility for declaring a disaster is not identified.
B. The disaster recovery steps are not detailed.
C. The CIO has not signed off on the DRP.
D. Copies of the DRP are not kept in a secure offsite location.

Answer

B. The disaster recovery steps are not detailed.

CISA Question 2160

Question

Which of the following is MOST influential when defining disaster recovery strategies?

A. Existing server redundancies
B. Maximum tolerable downtime
C. Data classification scheme
D. Annual loss expectancy

Answer

B. Maximum tolerable downtime

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker