Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 26

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2791

Question

An organization implemented a mandatory information security awareness training program a year ago. What is the BEST way to determine its effectiveness?

A. Analyze responses from an employee survey on training satisfaction.
B. Analyze results from training completion reports.
C. Analyze results of a social engineering test.
D. Analyze findings from previous audit reports.

Answer

C. Analyze results of a social engineering test.

CISA Question 2792

Question

Which of the following would contribute MOST to employees’ understanding of data handling responsibilities?

A. Requiring staff acknowledgement of security policies
B. Labeling documents according to appropriate security classification
C. Implementing a tailored security awareness training program
D. Demonstrating support by senior management of the security program

Answer

C. Implementing a tailored security awareness training program

CISA Question 2793

Question

Which of the following is MOST critical to the successful implementation of information security within an organization?

A. Strong risk management skills exist within the information security group.
B. Budget is allocated for information security tools.
C. The information security manager is responsible for setting information security policy.
D. Security is effectively marketed to all managers and employees.

Answer

D. Security is effectively marketed to all managers and employees.

CISA Question 2794

Question

An emergency change was made to an IT system as a result of a failure. Which of the following should be of GREATEST concern to the organization’s information security manager?

A. The operations team implemented the change without regression testing.
B. The change did not include a proper assessment of risk.
C. Documentation of the change was made after implementation.
D. The information security manager did not review the change prior to implementation.

Answer

B. The change did not include a proper assessment of risk.

CISA Question 2795

Question

During which phase of an incident response process should corrective actions to the response procedure be considered and implemented?

A. Eradication
B. Identification
C. Review
D. Containment

Answer

A. Eradication

CISA Question 2796

Question

An organization’s HR department would like to outsource its employee management system to a cloud-hosted solution due to features and cost savings offered.
Management has identified this solution as a business need and wants to move forward. What should be the PRIMARY role of information security in this effort?

A. Ensure a security audit is performed of the service provider.
B. Ensure the service provider has the appropriate certifications.
C. Determine how to securely implement the solution.
D. Explain security issues associated with the solution to management.

Answer

C. Determine how to securely implement the solution.

CISA Question 2797

Question

An organization has an approved bring your own device (BYOD) program. Which of the following is the MOST effective method to enforce application control on personal devices?

A. Implement a mobile device management solution.
B. Establish a mobile device acceptable use policy.
C. Implement a web application firewall.
D. Educate users regarding the use of approved applications.

Answer

A. Implement a mobile device management solution.

CISA Question 2798

Question

When using a newly implemented security information and event management (SIEM) infrastructure, which of the following should be considered FIRST?

A. Report distribution
B. Encryption
C. Tuning
D. Retention

Answer

C. Tuning

CISA Question 2799

Question

An organization has implemented an enhanced password policy for business applications which requires significantly more business unit resources to support clients. The BEST approach to obtain the support of business unit management would be to:

A. elaborate on the positive impact to information security.
B. present industry benchmarking results to business units.
C. discuss the risk and impact of security incidents if not implemented.
D. present an analysis of the cost and benefit of the changes.

Answer

C. discuss the risk and impact of security incidents if not implemented.

CISA Question 2800

Question

An organization is using a single account shared by personnel for its social networking marketing page. Which of the following is the BEST method to maintain accountability over the account?

A. Reviewing access rights on a periodic basis
B. Integrating the account with a single sign-on
C. Regular monitoring of proxy server logs
D. Implementing an account password check-out process

Answer

D. Implementing an account password check-out process

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker