Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 20

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2161

Question

Which of the following is the BEST indication of a successful information security culture?

A. Penetration testing is done regularly and findings remediated.
B. End users know how to identify and report incidents.
C. Individuals are given access based on job functions.
D. The budget allocated for information security is sufficient.

Answer

B. End users know how to identify and report incidents.

CISA Question 2162

Question

Which of the following should be done FIRST when handling multiple confirmed incidents raised at the same time?

A. Categorize incidents by the value of the affected asset.
B. Inform senior management.
C. Update the business impact assessment.
D. Activate the business continuity plan.

Answer

A. Categorize incidents by the value of the affected asset.

CISA Question 2163

Question

When developing an incident response plan, the information manager should:

A. allow IT to decide which systems can be removed from the infrastructure
B. include response scenarios that have been approved previously by business management
C. require IT to invoke the business continuity plan
D. determine recovery time objectives (RTOs)

Answer

B. include response scenarios that have been approved previously by business management

CISA Question 2164

Question

When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:

A. reduce the costs of future preventive controls
B. provide metrics for reporting to senior management
C. verify compliance with the service level agreement (SLA)
D. learn of potential areas of improvement

Answer

D. learn of potential areas of improvement

CISA Question 2165

Question

An external penetration test identified a serious security vulnerability in a critical business application. Before reporting the vulnerability to senior management, the information security manager’s BEST course of action should be to:

A. determine the potential impact with the business owner
B. initiate the incident response process
C. block access to the vulnerable business application
D. report the vulnerability to IT for remediation

Answer

A. determine the potential impact with the business owner

CISA Question 2166

Question

The effectiveness of an incident response team will be GREATEST when:

A. the incident response process is updated based on lessons learned
B. incidents are identified using a security information and event monitoring (SIEM) system
C. the incident response team members are trained security personnel
D. the incident response team meets on a regular basis to review log files

Answer

A. the incident response process is updated based on lessons learned

CISA Question 2167

Question

An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker.
Which of the following is the MOST important action of the security manager?

A. Follow the outsourcer’s response plan
B. Refer to the organization’s response plan
C. Notify the outsourcer of the privacy breach
D. Alert the appropriate law enforcement authorities

Answer

C. Notify the outsourcer of the privacy breach

CISA Question 2168

Question

An information security manager is preparing an incident response plan. Which of the following is the MOST important consideration when responding to an incident involving sensitive customer data?

A. The assignment of a forensics teams
B. The ability to recover from the incident in a timely manner
C. Following defined post-incident review procedures
D. The ability to obtain incident information in a timely manner

Answer

C. Following defined post-incident review procedures

CISA Question 2169

Question

Which of the following would be MOST useful to an information security manager when conducting a post-incident review of an attack?

A. Details from intrusion detection system logs
B. Method of operation used by the attacker
C. Cost of the attack to the organization
D. Location of the attacker

Answer

B. Method of operation used by the attacker

CISA Question 2170

Question

Which of the following is the MOST important incident management consideration for an organization subscribing to a cloud service?

A. Decision on the classification of cloud-hosted data
B. Expertise of personnel providing incident response
C. Implementation of a SIEM in the organization
D. An agreement on the definition of a security incident

Answer

D. An agreement on the definition of a security incident

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker