The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2471
- Question
- Answer
- CISA Question 2472
- Question
- Answer
- CISA Question 2473
- Question
- Answer
- CISA Question 2474
- Question
- Answer
- CISA Question 2475
- Question
- Answer
- CISA Question 2476
- Question
- Answer
- CISA Question 2477
- Question
- Answer
- CISA Question 2478
- Question
- Answer
- CISA Question 2479
- Question
- Answer
- CISA Question 2480
- Question
- Answer
CISA Question 2471
Question
Which of the following would BEST provide an information security manager with sufficient assurance that a service provider complies with organization’s information security requirements?
A. A live demonstration of the third-party supplier’s security capabilities
B. Third-party security control self-assessment results
C. An independent review report indicating compliance with industry standards
D. The ability to audit the third-party supplier’s IT systems and processes
Answer
C. An independent review report indicating compliance with industry standards
CISA Question 2472
Question
Which of the following is the GREATEST risk associated with the lack of an effective data privacy program?
A. Failure to prevent fraudulent transactions
B. Inability to manage access to private or sensitive data
C. Inability to obtain customer confidence
D. Failure to comply with data-related regulations
Answer
D. Failure to comply with data-related regulations
CISA Question 2473
Question
Which of the following would provide the STRONGEST indication that senior management commitment to information security is lacking within an organization?
A. Inconsistent enforcement of information security policies
B. A reduction in information security investment
C. A high of information security risk acceptance
D. The information security manager reports to the chief risk officer
Answer
A. Inconsistent enforcement of information security policies
CISA Question 2474
Question
Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?
A. Mobile
B. Redundant
C. Shared
D. Warm
Answer
B. Redundant
CISA Question 2475
Question
Which of the following is the MOST important security consideration when using infrastructure as a Service (IaaS)?
A. User access management
B. Compliance with internal standards
C. Segmentation among guests
D. Backup and recovery strategy
Answer
A. User access management
CISA Question 2476
Question
A risk analysis for a new system is being performed. For which of the following is business knowledge MORE important than IT knowledge?
A. Vulnerability analysis
B. Cost-benefit analysis
C. Impact analysis
D. Balanced scorecard
Answer
B. Cost-benefit analysis
CISA Question 2477
Question
Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?
A. Integrating of assurance efforts
B. Automation of controls
C. Standardization of compliance requirements
D. Documentation of control procedures
Answer
C. Standardization of compliance requirements
CISA Question 2478
Question
Which of the following is the MOST likely reason an organization would use Platform as a Service (PaaS)?
A. To operate third-party hosted applications
B. To install and manage operating systems
C. To establish a network and security architecture
D. To develop and integrate its applications
Answer
D. To develop and integrate its applications
CISA Question 2479
Question
When implementing a new risk assessment methodology, which of the following is the MOST important requirement?
A. The methodology must be approved by the chief executive officer.
B. Risk assessments must be reviewed annually.
C. Risk assessments must be conducted by certified staff.
D. The methodology used must be consistent across the organization.
Answer
D. The methodology used must be consistent across the organization.
CISA Question 2480
Question
Which of the following is the MOST important control to implement when senior managers use smartphones to access sensitive company information?
A. Mandatory virtual private network (VPN) connectivity
B. Centralized device administration
C. Strong passwords
D. Anti-malware on the devices
Answer
D. Anti-malware on the devices