Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 20

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2181

Question

Which of the following is the BEST indication that an information security program is effective?

A. The number of reported and confirmed security incidents has increased after awareness training.
B. The security awareness program was developed following industry best practices.
C. The security team has performed a risk assessment to understand the organization’s risk appetite.
D. The security team is knowledgeable and uses the best available tools.

Answer

A. The number of reported and confirmed security incidents has increased after awareness training.

CISA Question 2182

Question

What should be a security manager’s PRIMARY objective in the event of a security incident?

A. Identify the source of the breach and how it was perpetrated.
B. Contain the threat and restore operations in a timely manner.
C. Ensure that normal operations are not disrupted.
D. Identify lapses in operational control effectiveness.

Answer

B. Contain the threat and restore operations in a timely manner.

CISA Question 2183

Question

Which of the following provides the BEST assurance that security policies are applied across business operations?

A. Organizational standards are required to be formally accepted.
B. Organizational standards are enforced by technical controls.
C. Organizational standards are included in awareness training.
D. Organizational standards are documented in operational procedures.

Answer

D. Organizational standards are documented in operational procedures.

CISA Question 2184

Question

Senior management has allocated funding to each of the organization’s divisions to address information security vulnerabilities. The funding is based on each division’s technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?

A. Redundant controls may be implemented across divisions
B. Information security governance could be decentralized by divisions
C. Areas of highest risk may not be adequately prioritized for treatment
D. Return on investment may be inconsistently reported to senior management

Answer

C. Areas of highest risk may not be adequately prioritized for treatment

CISA Question 2185

Question

Which of the following types of controls would be MOST important to implement when digitizing human resource (HR) records?

A. Change management controls
B. Software development controls
C. Project management controls
D. Access management controls

Answer

A. Change management controls

CISA Question 2186

Question

Which of the following is the BEST evidence of the maturity of an organization’s information security program?

A. The number of reported incidents has increased.
B. The information security department actively monitors security operations.
C. The number of reported incidents has decreased.
D. IT security staff implements strict technical security controls.

Answer

B. The information security department actively monitors security operations.

CISA Question 2187

Question

Which of the following is the BEST way to reduce the risk of vulnerabilities during the rapid deployment of container-based applications to a hybrid cloud?

A. Conduct a post-deployment security audit to identify vulnerabilities.
B. Conduct security auditing during the development life cycle.
C. Review a sample of historical production changes to identify abnormalities.
D. Review development and operations (DevOps) policies and procedures.

Answer

D. Review development and operations (DevOps) policies and procedures.

CISA Question 2188

Question

Which of the following is the BEST sampling method to use when estimating the rate of occurrence of a specific quality in a population?

A. Attribute sampling
B. Stop-or-go sampling
C. Statistical sampling
D. Discovery sampling

Answer

A. Attribute sampling

CISA Question 2189

Question

Which of the following areas are the MOST likely cause of an application producing several erroneous reports?

A. A deficiency in user acceptance testing
B. A deficiency in patch management
C. A deficiency in IT resource allocation
D. A deficiency in database administration

Answer

A. A deficiency in user acceptance testing

CISA Question 2190

Question

The PRIMARY objective of parallel testing an application is to confirm that:

A. the results of calculations in the new system are as accurate as the old system.
B. system response times in the new system are better than the old system.
C. the costs of running the new system are the same as running the old system.
D. new system processing times are similar to those of the old system.

Answer

A. the results of calculations in the new system are as accurate as the old system.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker