The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2591
- Question
- Answer
- CISA Question 2592
- Question
- Answer
- CISA Question 2593
- Question
- Answer
- CISA Question 2594
- Question
- Answer
- CISA Question 2595
- Question
- Answer
- CISA Question 2596
- Question
- Answer
- CISA Question 2597
- Question
- Answer
- CISA Question 2598
- Question
- Answer
- CISA Question 2599
- Question
- Answer
- CISA Question 2600
- Question
- Answer
CISA Question 2591
Question
An IT strategic plan that BEST leverages IT in achieving organizational goals will include:
A. a risk-based ranking of projects.
B. a comparison of future needs against current capabilities.
C. IT budgets linked to the organization’s budget.
D. enterprise architecture impacts.
Answer
B. a comparison of future needs against current capabilities.
CISA Question 2592
Question
Which of the following would BEST enable an organization to address the security risks associated with a recently implemented bring your own device (BYOD) strategy?
A. Mobile device upgrade program
B. Mobile device tracking program
C. Mobile device awareness program
D. Mobile device testing program
Answer
C. Mobile device awareness program
CISA Question 2593
Question
A request for proposal (RFP) for the acquisition of computer hardware should include:
A. the requirement that the supplier allow a right of audit.
B. maximum cost restriction.
C. support and maintenance requirements.
D. detailed specification of the current hardware infrastructure.
Answer
C. support and maintenance requirements.
CISA Question 2594
Question
An IS auditor previously worked in an organization’s IT department and was involved with the design of the business continuity plan (BCP). The IS auditor has now been asked to review this same BCP. The auditor should FIRST:
A. document the conflict in the audit report.
B. decline the audit assignment.
C. communicate the conflict of interest to the audit manager prior to starting the assignment.
D. communicate the conflict of interest to the audit committee prior to starting the assignment.
Answer
D. communicate the conflict of interest to the audit committee prior to starting the assignment.
CISA Question 2595
Question
An organization recently decided to send the backup of its customer relationship management (CRM) system to its cloud provider for recovery.
Which of the following should be of GREATEST concern to an IS auditor reviewing this process?
A. Backups are sent and stored in unencrypted format.
B. Validation of backup data has not been performed.
C. The cloud provider is located in a different country.
D. Testing of restore data has not been performed.
Answer
B. Validation of backup data has not been performed.
CISA Question 2596
Question
Which of the following is MOST important for an organization to review before sharing data with an external business partner via an application programming interface (API)?
A. The business partner’s web application log files
B. The business partner’s help desk incident tickets
C. The business partner’s security practices
D. The business partner’s data center access logs
Answer
C. The business partner’s security practices
CISA Question 2597
Question
Which of the following is the MOST important consideration when establishing vulnerability scanning on critical IT infrastructure?
A. The scanning will not degrade system performance.
B. The scanning will be followed by penetration testing.
C. The scanning will be cost-effective.
D. The scanning will be performed during non-peak hours.
Answer
D. The scanning will be performed during non-peak hours.
CISA Question 2598
Question
Which of the following factors constitutes a strength in regard to the use of a disaster recovery planning reciprocal agreement?
A. Changes to the hardware or software environment by one company could make the agreement ineffective or obsolete.
B. Reciprocal agreements may not be formally established in a contract.
C. The two companies might share a need for a specialized piece of equipment.
D. A disaster could occur that would affect both companies.
Answer
C. The two companies might share a need for a specialized piece of equipment.
CISA Question 2599
Question
Audit software designed to detect invalid data, extreme values, or linear correlations between data elements can be classified as which type of data analytics tool?
A. Descriptive
B. Diagnostic
C. Predictive
D. Prescriptive
Answer
B. Diagnostic
CISA Question 2600
Question
Which of the following should be a PRIMARY control objective when designing controls for system interfaces?
A. Ensure peer-to-peer data transfers are minimized.
B. Ensure all data transferred through system interfaces is encrypted.
C. Ensure managed file transfer (MFT) systems have restart capability for interruptions.
D. Ensure data on the sending system is identical to the data on the receiving system.
Answer
B. Ensure all data transferred through system interfaces is encrypted.