Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 20

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2171

Question

There is a concern that a salesperson may download an organization’s full customer list from the Software as a Service (SaaS) when leaving to work for a competitor. Which of the following would BEST help to identify this type of incident?

A. Monitor applications logs
B. Disable remote access to the application
C. Implement a web application firewall
D. Implement an intrusion detection system (IDS)

Answer

A. Monitor applications logs

CISA Question 2172

Question

Which of the following would be an INAPPROPRIATE activity for a network administrator?

A. Analyzing network security incidents
B. Prioritizing traffic between subnets
C. Modifying a router configuration
D. Modifying router log files

Answer

D. Modifying router log files

CISA Question 2173

Question

Which of the following is the MAIN purpose of an information security management system?

A. To enhance the impact of reports used to monitor information security incidents
B. To reduce the frequency and impact of information security incidents
C. To identify and eliminate the root causes of information security incidents
D. To keep information security policies and procedures up-to-date

Answer

B. To reduce the frequency and impact of information security incidents

CISA Question 2174

Question

Which of the following is a passive attack on a network?

A. Message service interruption
B. Message modification
C. Traffic analysis
D. Sequence analysis

Answer

C. Traffic analysis

CISA Question 2175

Question

In the review of a feasibility study for an IS acquisition, the MOST important step is to:

A. determine whether the cost-benefits are achievable.
B. ensure that a contingency plan is in place should the project fail.
C. ensure that the right to audit the vendor has been considered.
D. determine whether security and control requirements have been specified.

Answer

D. determine whether security and control requirements have been specified.

CISA Question 2176

Question

The prioritization of incident response actions should be PRIMARILY based on which of the following?

A. Scope of disaster
B. Business impact
C. Availability of personnel
D. Escalation process

Answer

B. Business impact

CISA Question 2177

Question

Management has decided to include a compliance manager in the approval process for a new business that may require changes to the IT infrastructure. Which of the following is the GREATEST benefit of this approach?

A. Security breach incidents can be identified in early stages.
B. Regulatory risk exposures can be identified before they materialize.
C. Fewer reviews are needed when updating the IT compliance process.
D. Process accountabilities to external stakeholders are improved.

Answer

B. Regulatory risk exposures can be identified before they materialize.

CISA Question 2178

Question

Which of the following backup schemes is the BEST option when storage media is limited?

A. Virtual backup
B. Real-time backup
C. Differential backup
D. Full backup

Answer

C. Differential backup

CISA Question 2179

Question

An organization has suffered a number of incidents in which USB flash drives with sensitive data have been lost. Which of the following would be MOST effective in preventing loss of sensitive data?

A. Modifying the disciplinary policy to be more stringent
B. Implementing a check-in/check-out process for USB flash drives
C. Issuing encrypted USB flash drives to staff
D. Increasing the frequency of security awareness training

Answer

C. Issuing encrypted USB flash drives to staff

CISA Question 2180

Question

Which of the following would be of GREATEST concern to an IS auditor reviewing an organization’s security incident handling procedures?

A. Annual tabletop exercises are performed instead of functional incident response exercises.
B. Roles for computer emergency response team (CERT) members have not been formally documented.
C. Guidelines for prioritizing incidents have not been identified.
D. Workstation antivirus software alerts are not regularly reviewed.

Answer

D. Workstation antivirus software alerts are not regularly reviewed.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker