The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2251
- Question
- Answer
- CISA Question 2252
- Question
- Answer
- CISA Question 2253
- Question
- Answer
- CISA Question 2254
- Question
- Answer
- CISA Question 2255
- Question
- Answer
- CISA Question 2256
- Question
- Answer
- CISA Question 2257
- Question
- Answer
- CISA Question 2258
- Question
- Answer
- CISA Question 2259
- Question
- Answer
- CISA Question 2260
- Question
- Answer
CISA Question 2251
Question
An audit report notes that terminated employees have been retaining their access rights after their departure. Which of the following strategies would BEST ensure that obsolete access rights are identified in a timely manner?
A. Delete user IDs at a predetermined date after their creation.
B. Automatically delete user IDs after they are unused for a predetermined time.
C. Implement an automated interface with the organization’s human resources system.
D. Require local supervisors to initiate connection.
Answer
C. Implement an automated interface with the organization’s human resources system.
CISA Question 2252
Question
Which of the following mechanisms for process improvement involves examination of industry best practice?
A. Continuous improvement
B. Knowledge management
C. Business process reengineering (BPR)
D. Benchmarking
Answer
D. Benchmarking
CISA Question 2253
Question
Which of the following is the BEST indication that an organization’s vulnerability identification capability has achieved a high level of maturity?
A. The organization collaborates with relevant partners to correlate vulnerability data.
B. Known application vulnerabilities are manually categorized and prioritized.
C. Vulnerability management tools are tailored for specific operating systems.
D. Tools are in place to periodically identity new and updated vulnerabilities.
Answer
D. Tools are in place to periodically identity new and updated vulnerabilities.
CISA Question 2254
Question
Which of the following ensures components of an IT system are identified and baselined, and that changes to them are implemented in a controlled manner?
A. Restricted production access
B. Configuration management process
C. Change management process
D. Software versioning control
Answer
B. Configuration management process
CISA Question 2255
Question
Which of the following activities provides an IS auditor with the MOST insight regarding potential single person dependencies that might exist withing the organization?
A. Reviewing user activity logs
B. Mapping IT processes to roles
C. Reviewing vacation patterns
D. Interviewing senior IT management
Answer
C. Reviewing vacation patterns
CISA Question 2256
Question
Which of the following is an effective way to ensure the integrity of file transfers in a peer-to-peer (P2P) computing environment?
A. Connect the client computers in the environment to a jump server.
B. Ensure the files transferred through an intrusion detection system (IDS).
C. Encrypt the packets shared between peers within the environment.
D. Associate a message authentication code with each file transferred.
Answer
D. Associate a message authentication code with each file transferred.
CISA Question 2257
Question
What is the PRIMARY objective of performing a vulnerability assessment following a business system update?
A. Update the threat landscape
B. Review the effectiveness of controls
C. Determine operational losses
D. Improve the change control process
Answer
D. Improve the change control process
CISA Question 2258
Question
A reduction in which of the following would indicate improved performance in the administration of information security?
A. IT security awareness training days
B. Number of staff involved in security administration
C. Systems subject to an intrusion detection process
D. Turnaround time for requests for new user access
Answer
C. Systems subject to an intrusion detection process
CISA Question 2259
Question
Adding security requirements late in the software development life cycle would MOST likely result in:
A. cost savings
B. clearer understanding of requirements
C. operational efficiency
D. compensating controls
Answer
D. compensating controls
CISA Question 2260
Question
An IS auditor is reviewing database log settings and notices that only INSERT and DELETE operations are being monitored in the database. What is the MOST significant risk?
A. Metadata may not be logged
B. Newly added records may not be logged
C. Purged records may not be logged
D. Changes to existing records may not be logged
Answer
B. Newly added records may not be logged