ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 23

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 2421

Question

Which of the following BEST reduces the likelihood of leakage of private information via email?

A. Strong user authentication protocols
B. Email encryption
C. Prohibition on the personal use of email
D. User awareness training

Answer

D. User awareness training

CISA Question 2422

Question

Which of the following is the BEST method to defend against social engineering attacks?

A. Periodically perform antivirus scans to identify malware.
B. Communicate guidelines to limit information posted to public sites.
C. Monitor for unauthorized access attempts and failed logins.
D. Employ the use of a web-content filtering solution.

Answer

D. Employ the use of a web-content filtering solution.

CISA Question 2423

Question

What should the information security manager do FISRT when end users express that new security controls are too restrictive?

A. Perform a risk assessment on modifying the control environment.
B. Perform a cost-benefit analysis on modifying the control environment.
C. Conduct a business impact analysis (BIA).
D. Obtain process owner buy-in to remove the controls.

Answer

A. Perform a risk assessment on modifying the control environment.

CISA Question 2424

Question

When information security management is receiving an increased number of false positive incident reports, which of the following is MOST important to review?

A. The security awareness programs
B. Post-incident analysis results
C. The risk management processes
D. Firewall logs

Answer

C. The risk management processes

CISA Question 2425

Question

Which of the following would present the GREATEST need to revise information security policies?

A. An increase in reported incidents
B. A merger with a competing company
C. Implementation of a new firewall
D. Changes in standards and procedures

Answer

B. A merger with a competing company

CISA Question 2426

Question

Which of the following is the PRIMARY benefit to an organization using an automated event monitoring solution?

A. Enhanced forensic analysis
B. Improved response time to incidents
C. Improved network protection
D. Reduced need for manual analysis

Answer

B. Improved response time to incidents

CISA Question 2427

Question

Which of the following MOST effectively prevents internal users from modifying sensitive data?

A. Network segmentation
B. Multi-factor authentication
C. Acceptable use policies
D. Role-based access controls

Answer

D. Role-based access controls

CISA Question 2428

Question

Labeling information according to its security classification:

A. reduces the need to identify baseline controls for each classification.
B. reduces the number and type of countermeasures required.
C. enhances the likelihood of people handling information securely.
D. affects the consequences if information is handled insecurely.

Answer

D. affects the consequences if information is handled insecurely.

CISA Question 2429

Question

Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?

A. Legal
B. Help desk
C. Human resources
D. Information security

Answer

D. Information security

CISA Question 2430

Question

A contract bid is digitally signed and electronically mailed. The PRIMARY advantage to using a digital signature is that:

A. the bid cannot be forged even if the keys are compromised.
B. the bid and the signature can be copied from one document to another.
C. the signature can be authenticated even if no encryption is used.
D. any alteration of the bid will invalidate the signature.

Answer

C. the signature can be authenticated even if no encryption is used.