The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2181
- Question
- Answer
- CISA Question 2182
- Question
- Answer
- CISA Question 2183
- Question
- Answer
- CISA Question 2184
- Question
- Answer
- CISA Question 2185
- Question
- Answer
- CISA Question 2186
- Question
- Answer
- CISA Question 2187
- Question
- Answer
- CISA Question 2188
- Question
- Answer
- CISA Question 2189
- Question
- Answer
- CISA Question 2190
- Question
- Answer
CISA Question 2181
Question
Which of the following is the BEST indication that an information security program is effective?
A. The number of reported and confirmed security incidents has increased after awareness training.
B. The security awareness program was developed following industry best practices.
C. The security team has performed a risk assessment to understand the organization’s risk appetite.
D. The security team is knowledgeable and uses the best available tools.
Answer
A. The number of reported and confirmed security incidents has increased after awareness training.
CISA Question 2182
Question
What should be a security manager’s PRIMARY objective in the event of a security incident?
A. Identify the source of the breach and how it was perpetrated.
B. Contain the threat and restore operations in a timely manner.
C. Ensure that normal operations are not disrupted.
D. Identify lapses in operational control effectiveness.
Answer
B. Contain the threat and restore operations in a timely manner.
CISA Question 2183
Question
Which of the following provides the BEST assurance that security policies are applied across business operations?
A. Organizational standards are required to be formally accepted.
B. Organizational standards are enforced by technical controls.
C. Organizational standards are included in awareness training.
D. Organizational standards are documented in operational procedures.
Answer
D. Organizational standards are documented in operational procedures.
CISA Question 2184
Question
Senior management has allocated funding to each of the organization’s divisions to address information security vulnerabilities. The funding is based on each division’s technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?
A. Redundant controls may be implemented across divisions
B. Information security governance could be decentralized by divisions
C. Areas of highest risk may not be adequately prioritized for treatment
D. Return on investment may be inconsistently reported to senior management
Answer
C. Areas of highest risk may not be adequately prioritized for treatment
CISA Question 2185
Question
Which of the following types of controls would be MOST important to implement when digitizing human resource (HR) records?
A. Change management controls
B. Software development controls
C. Project management controls
D. Access management controls
Answer
A. Change management controls
CISA Question 2186
Question
Which of the following is the BEST evidence of the maturity of an organization’s information security program?
A. The number of reported incidents has increased.
B. The information security department actively monitors security operations.
C. The number of reported incidents has decreased.
D. IT security staff implements strict technical security controls.
Answer
B. The information security department actively monitors security operations.
CISA Question 2187
Question
Which of the following is the BEST way to reduce the risk of vulnerabilities during the rapid deployment of container-based applications to a hybrid cloud?
A. Conduct a post-deployment security audit to identify vulnerabilities.
B. Conduct security auditing during the development life cycle.
C. Review a sample of historical production changes to identify abnormalities.
D. Review development and operations (DevOps) policies and procedures.
Answer
D. Review development and operations (DevOps) policies and procedures.
CISA Question 2188
Question
Which of the following is the BEST sampling method to use when estimating the rate of occurrence of a specific quality in a population?
A. Attribute sampling
B. Stop-or-go sampling
C. Statistical sampling
D. Discovery sampling
Answer
A. Attribute sampling
CISA Question 2189
Question
Which of the following areas are the MOST likely cause of an application producing several erroneous reports?
A. A deficiency in user acceptance testing
B. A deficiency in patch management
C. A deficiency in IT resource allocation
D. A deficiency in database administration
Answer
A. A deficiency in user acceptance testing
CISA Question 2190
Question
The PRIMARY objective of parallel testing an application is to confirm that:
A. the results of calculations in the new system are as accurate as the old system.
B. system response times in the new system are better than the old system.
C. the costs of running the new system are the same as running the old system.
D. new system processing times are similar to those of the old system.
Answer
A. the results of calculations in the new system are as accurate as the old system.