The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2641
- Question
- Answer
- CISA Question 2642
- Question
- Answer
- CISA Question 2643
- Question
- Answer
- CISA Question 2644
- Question
- Answer
- CISA Question 2645
- Question
- Answer
- CISA Question 2646
- Question
- Answer
- CISA Question 2647
- Question
- Answer
- CISA Question 2648
- Question
- Answer
- CISA Question 2649
- Question
- Answer
- CISA Question 2650
- Question
- Answer
CISA Question 2641
Question
A risk analysis is MOST useful when applied during which phase of the system development process?
A. Pre-implementation
B. Testing
C. Design
D. Feasibility
Answer
C. Design
CISA Question 2642
Question
Which of the following is MOST important with regard to an application development acceptance test?
A. The quality assurance (QA) team is in charge of the testing process.
B. User management approves the test design before the test is started.
C. The programming team is involved in the testing process.
D. All data files are tested for valid information before conversion
Answer
D. All data files are tested for valid information before conversion
CISA Question 2643
Question
An IS auditor determines that a business impact analysis (BIA) was not conducted during the development of a business continuity plan (BCP).
What is the MOST significant risk that could result from this situation?
A. Responsibilities are not property defined.
B. Recovery time objectives (RTOs) are not correctly determined.
C. Key performance indicators (KPIs) are not aligned.
D. Critical business applications are not covered.
Answer
D. Critical business applications are not covered.
CISA Question 2644
Question
At which stage of the software development life cycle should an organization identity privacy considerations?
A. Design
B. Testing
C. Development
D. Requirements
Answer
D. Requirements
CISA Question 2645
Question
A review of an organization’s IT portfolio revealed several applications that are not in use. The BEST way to prevent this situation from recurring would be to implement:
A. a formal request for proposal (RFP) process
B. an information asset acquisition policy
C. asset life cycle management
D. business case development procedures
Answer
D. business case development procedures
CISA Question 2646
Question
An organization is in the process of acquiring a competitor. The information security manager has been asked to report on the security posture of the target acquisition. Which of the following should be the security manager’s FIRST course of action?
A. Implement a security dashboard
B. Quantity the potential risk
C. Perform a gap analysis
D. Perform a vulnerability assessment
Answer
A. Implement a security dashboard
CISA Question 2647
Question
When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:
A. each party’s security responsibilities
B. details of expected security metrics
C. penalties for noncompliance with security policy
D. recovery time objectives (RTOs)
Answer
A. each party’s security responsibilities
CISA Question 2648
Question
During the due diligence phase of an acquisition, the MOST important course of action for an information security manager would be to:
A. review the state of security awareness
B. perform a gap analysis
C. perform a risk assessment
D. review information security policies
Answer
C. perform a risk assessment
CISA Question 2649
Question
Following a recent acquisition, an information security manager has been requested the outstanding risk reported early in the acquisition process.
Which of the following would be the manager’s BEST course of action?
A. Perform a vulnerability assessment of the acquired company’s infrastructure.
B. Re-evaluate the risk treatment plan for the outstanding risk.
C. Re-assess the outstanding risk of the acquired company.
D. Add the outstanding risk to the acquiring organization’s risk registry
Answer
C. Re-assess the outstanding risk of the acquired company.
CISA Question 2650
Question
Following request for proposal (RFP) responses, a project seeking to acquire a new application system has identified a short list of vendors. At this point, the IS auditor should:
A. encourage contact with current users of the vendor’s products
B. perform a detailed cost-benefit exercise on the proposed application
C. require that contract terms include a right-to-audit clause
D. recommend performing system integration tests
Answer
C. require that contract terms include a right-to-audit clause