The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2431
- Question
- Answer
- CISA Question 2432
- Question
- Answer
- CISA Question 2433
- Question
- Answer
- CISA Question 2434
- Question
- Answer
- CISA Question 2435
- Question
- Answer
- CISA Question 2436
- Question
- Answer
- CISA Question 2437
- Question
- Answer
- CISA Question 2438
- Question
- Answer
- CISA Question 2439
- Question
- Answer
- CISA Question 2440
- Question
- Answer
CISA Question 2431
Question
Which of the following is the MOST effective mitigation strategy to protect confidential information from insider threats?
A. Implementing authentication mechanisms
B. Performing an entitlement review process
C. Defining segregation of duties
D. Establishing authorization controls.
Answer
D. Establishing authorization controls.
CISA Question 2432
Question
A payroll application system accepts individual user sign-on IDs and then connects to its database using a single application ID. The GREATEST weakness under this system architecture is that:
A. an incident involving unauthorized access to data cannot be tied to a specific user.
B. when multiple sessions with the same application ID collide, the database locks up.
C. users can gain direct access to the application ID and circumvent data controls.
D. the database becomes unavailable if the password of the application ID expires.
Answer
C. users can gain direct access to the application ID and circumvent data controls.
CISA Question 2433
Question
Which of the following is the MOST effective data loss control when connecting a personally owned mobile device to the corporate email system?
A. A senior manager must approve each new connection.
B. Email synchronization must be prevented when connected to a public Wi-Fi hotspot.
C. Email must be stored in an encrypted format on the mobile device.
D. Users must agree to allow the mobile device to be wiped if it is lost.
Answer
C. Email must be stored in an encrypted format on the mobile device.
CISA Question 2434
Question
A message is being sent with a hash. The risk of an attacker changing the message and generating an authentic hash value can be mitigated by:
A. requiring the recipient to use a different hash algorithm.
B. generating hash output that is the same size as the original message.
C. using a secret key in conjunction with the hash algorithm.
D. using the sender’s public key to encrypt the message.
Answer
C. using a secret key in conjunction with the hash algorithm.
CISA Question 2435
Question
Which of the following is the MOST important reason to document information security incidents that are reported across the organization?
A. Prevent incident recurrence.
B. Support business investments in security.
C. Identify unmitigated risk.
D. Evaluate the security posture of the organization.
Answer
A. Prevent incident recurrence.
CISA Question 2436
Question
Which of the following is the BEST reason for delaying the application of a critical security patch?
A. Lack of vulnerability management
B. Conflicts with software development life cycle
C. Technology interdependencies
D. Resource limitations
Answer
C. Technology interdependencies
CISA Question 2437
Question
An organization’s marketing department has requested access to cloud-based collaboration sites for exchanging media files with external marketing companies.
As a result, the information security manager has been asked to perform a risk assessment. Which of the following should be the MOST important consideration?
A. The information to be exchanged
B. Methods for transferring the information
C. Reputations of the external marketing companies
D. The security of the third-party cloud provider
Answer
A. The information to be exchanged
CISA Question 2438
Question
Which of the following methods BEST ensures that a comprehensive approach is used to direct information security activities?
A. Creating communication channels
B. Promoting security training
C. Establishing a steering committee
D. Holding periodic meetings with business owners
Answer
B. Promoting security training
CISA Question 2439
Question
To ensure confidentiality through the use of asymmetric encryption, a message is encrypted with which of the following?
A. Sender’s private key
B. Recipient’s private key
C. Sender’s public key
D. Recipient’s public key
Answer
D. Recipient’s public key
CISA Question 2440
Question
What is the PRIMARY benefit of prototyping as a method of system development?
A. Reduces the need for testing.
B. Minimizes the time the IS auditor has to review the system.
C. Increases the likelihood of user satisfaction.
D. Eliminates the need for documentation.
Answer
C. Increases the likelihood of user satisfaction.