The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2161
- Question
- Answer
- CISA Question 2162
- Question
- Answer
- CISA Question 2163
- Question
- Answer
- CISA Question 2164
- Question
- Answer
- CISA Question 2165
- Question
- Answer
- CISA Question 2166
- Question
- Answer
- CISA Question 2167
- Question
- Answer
- CISA Question 2168
- Question
- Answer
- CISA Question 2169
- Question
- Answer
- CISA Question 2170
- Question
- Answer
CISA Question 2161
Question
Which of the following is the BEST indication of a successful information security culture?
A. Penetration testing is done regularly and findings remediated.
B. End users know how to identify and report incidents.
C. Individuals are given access based on job functions.
D. The budget allocated for information security is sufficient.
Answer
B. End users know how to identify and report incidents.
CISA Question 2162
Question
Which of the following should be done FIRST when handling multiple confirmed incidents raised at the same time?
A. Categorize incidents by the value of the affected asset.
B. Inform senior management.
C. Update the business impact assessment.
D. Activate the business continuity plan.
Answer
A. Categorize incidents by the value of the affected asset.
CISA Question 2163
Question
When developing an incident response plan, the information manager should:
A. allow IT to decide which systems can be removed from the infrastructure
B. include response scenarios that have been approved previously by business management
C. require IT to invoke the business continuity plan
D. determine recovery time objectives (RTOs)
Answer
B. include response scenarios that have been approved previously by business management
CISA Question 2164
Question
When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:
A. reduce the costs of future preventive controls
B. provide metrics for reporting to senior management
C. verify compliance with the service level agreement (SLA)
D. learn of potential areas of improvement
Answer
D. learn of potential areas of improvement
CISA Question 2165
Question
An external penetration test identified a serious security vulnerability in a critical business application. Before reporting the vulnerability to senior management, the information security manager’s BEST course of action should be to:
A. determine the potential impact with the business owner
B. initiate the incident response process
C. block access to the vulnerable business application
D. report the vulnerability to IT for remediation
Answer
A. determine the potential impact with the business owner
CISA Question 2166
Question
The effectiveness of an incident response team will be GREATEST when:
A. the incident response process is updated based on lessons learned
B. incidents are identified using a security information and event monitoring (SIEM) system
C. the incident response team members are trained security personnel
D. the incident response team meets on a regular basis to review log files
Answer
A. the incident response process is updated based on lessons learned
CISA Question 2167
Question
An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker.
Which of the following is the MOST important action of the security manager?
A. Follow the outsourcer’s response plan
B. Refer to the organization’s response plan
C. Notify the outsourcer of the privacy breach
D. Alert the appropriate law enforcement authorities
Answer
C. Notify the outsourcer of the privacy breach
CISA Question 2168
Question
An information security manager is preparing an incident response plan. Which of the following is the MOST important consideration when responding to an incident involving sensitive customer data?
A. The assignment of a forensics teams
B. The ability to recover from the incident in a timely manner
C. Following defined post-incident review procedures
D. The ability to obtain incident information in a timely manner
Answer
C. Following defined post-incident review procedures
CISA Question 2169
Question
Which of the following would be MOST useful to an information security manager when conducting a post-incident review of an attack?
A. Details from intrusion detection system logs
B. Method of operation used by the attacker
C. Cost of the attack to the organization
D. Location of the attacker
Answer
B. Method of operation used by the attacker
CISA Question 2170
Question
Which of the following is the MOST important incident management consideration for an organization subscribing to a cloud service?
A. Decision on the classification of cloud-hosted data
B. Expertise of personnel providing incident response
C. Implementation of a SIEM in the organization
D. An agreement on the definition of a security incident
Answer
D. An agreement on the definition of a security incident