The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2171
- Question
- Answer
- CISA Question 2172
- Question
- Answer
- CISA Question 2173
- Question
- Answer
- CISA Question 2174
- Question
- Answer
- CISA Question 2175
- Question
- Answer
- CISA Question 2176
- Question
- Answer
- CISA Question 2177
- Question
- Answer
- CISA Question 2178
- Question
- Answer
- CISA Question 2179
- Question
- Answer
- CISA Question 2180
- Question
- Answer
CISA Question 2171
Question
There is a concern that a salesperson may download an organization’s full customer list from the Software as a Service (SaaS) when leaving to work for a competitor. Which of the following would BEST help to identify this type of incident?
A. Monitor applications logs
B. Disable remote access to the application
C. Implement a web application firewall
D. Implement an intrusion detection system (IDS)
Answer
A. Monitor applications logs
CISA Question 2172
Question
Which of the following would be an INAPPROPRIATE activity for a network administrator?
A. Analyzing network security incidents
B. Prioritizing traffic between subnets
C. Modifying a router configuration
D. Modifying router log files
Answer
D. Modifying router log files
CISA Question 2173
Question
Which of the following is the MAIN purpose of an information security management system?
A. To enhance the impact of reports used to monitor information security incidents
B. To reduce the frequency and impact of information security incidents
C. To identify and eliminate the root causes of information security incidents
D. To keep information security policies and procedures up-to-date
Answer
B. To reduce the frequency and impact of information security incidents
CISA Question 2174
Question
Which of the following is a passive attack on a network?
A. Message service interruption
B. Message modification
C. Traffic analysis
D. Sequence analysis
Answer
C. Traffic analysis
CISA Question 2175
Question
In the review of a feasibility study for an IS acquisition, the MOST important step is to:
A. determine whether the cost-benefits are achievable.
B. ensure that a contingency plan is in place should the project fail.
C. ensure that the right to audit the vendor has been considered.
D. determine whether security and control requirements have been specified.
Answer
D. determine whether security and control requirements have been specified.
CISA Question 2176
Question
The prioritization of incident response actions should be PRIMARILY based on which of the following?
A. Scope of disaster
B. Business impact
C. Availability of personnel
D. Escalation process
Answer
B. Business impact
CISA Question 2177
Question
Management has decided to include a compliance manager in the approval process for a new business that may require changes to the IT infrastructure. Which of the following is the GREATEST benefit of this approach?
A. Security breach incidents can be identified in early stages.
B. Regulatory risk exposures can be identified before they materialize.
C. Fewer reviews are needed when updating the IT compliance process.
D. Process accountabilities to external stakeholders are improved.
Answer
B. Regulatory risk exposures can be identified before they materialize.
CISA Question 2178
Question
Which of the following backup schemes is the BEST option when storage media is limited?
A. Virtual backup
B. Real-time backup
C. Differential backup
D. Full backup
Answer
C. Differential backup
CISA Question 2179
Question
An organization has suffered a number of incidents in which USB flash drives with sensitive data have been lost. Which of the following would be MOST effective in preventing loss of sensitive data?
A. Modifying the disciplinary policy to be more stringent
B. Implementing a check-in/check-out process for USB flash drives
C. Issuing encrypted USB flash drives to staff
D. Increasing the frequency of security awareness training
Answer
C. Issuing encrypted USB flash drives to staff
CISA Question 2180
Question
Which of the following would be of GREATEST concern to an IS auditor reviewing an organization’s security incident handling procedures?
A. Annual tabletop exercises are performed instead of functional incident response exercises.
B. Roles for computer emergency response team (CERT) members have not been formally documented.
C. Guidelines for prioritizing incidents have not been identified.
D. Workstation antivirus software alerts are not regularly reviewed.
Answer
D. Workstation antivirus software alerts are not regularly reviewed.