Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 26

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2761

Question

When considering whether to adopt bring your own device (BYOD), it is MOST important for the information security manager to ensure that:

A. security controls are applied to each device when joining the network
B. business leaders have an understanding of security risks
C. users have read and signed acceptable use agreements
D. the applications are tested prior to implementation

Answer

A. security controls are applied to each device when joining the network

CISA Question 2762

Question

A finance department director has decided to outsource the organization’s budget application and has identified potential providers. Which of the following actions should be initiated FIRST by the information security manager?

A. Validate that connectivity to the service provider can be made securely.
B. Obtain audit reports on the service providers hosting environment.
C. Review the disaster recovery plans (DRP) of the providers.
D. Align the roles of the organization’s and the service providers’ staffs.

Answer

B. Obtain audit reports on the service providers hosting environment.

CISA Question 2763

Question

In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?

A. Data encryption
B. Access to the hardware
C. Compressed customer data
D. Non-standard event logs

Answer

B. Access to the hardware

CISA Question 2764

Question

The BEST way to obtain funding from senior management for a security awareness program is to:

A. meet regulatory requirements
B. produce an impact analysis report of potential breaches
C. demonstrate that the program will adequately reduce risk
D. produce a report of organizational risks

Answer

B. produce an impact analysis report of potential breaches

CISA Question 2765

Question

Which of the following BEST enables effective closure of noncompliance issues?

A. Insuring against the risk
B. Performing control self-assessments
C. Capturing issues in a risk register
D. Executing an approved mitigation plan

Answer

C. Capturing issues in a risk register

CISA Question 2766

Question

During a post-incident review. the sequence and correlation of actions must be analyzed PRIMARLY based on:

A. interviews with personnel
B. a consolidated event time line
C. logs from systems involved
D. documents created during the incident

Answer

C. logs from systems involved

CISA Question 2767

Question

Which of the following is MOST important for an information security manager to ensure is included in a business case for a new system?

A. Intangible benefits of the system
B. Risk associated with the system
C. Effectiveness of controls
D. Audit-logging capabilities

Answer

A. Intangible benefits of the system

CISA Question 2768

Question

An organization is MOST at risk from a new worm being introduced through the intranet when:

A. executable code is run from inside the firewall
B. system software does not undergo integrity checks
C. hosts have static IP addresses
D. desktop virus definition files are not up to date

Answer

D. desktop virus definition files are not up to date

CISA Question 2769

Question

An organization is deciding whether to outsource its customer relationship management systems to a provider located in another country. Which of the following should be the PRIMARY influence in the outsourcing decision?

A. Time zone differences
B. The service provider’s disaster recovery plan
C. Cross-border privacy laws
D. Current geopolitical conditions

Answer

C. Cross-border privacy laws

CISA Question 2770

Question

The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

A. translates information security policies and standards into business requirements.
B. articulates management’s intent and information security directives in clear language.
C. relates the investment to the organization’s strategic plan.
D. realigns information security objectives to organizational strategy.

Answer

A. translates information security policies and standards into business requirements.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.