The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2781
- Question
- Answer
- CISA Question 2782
- Question
- Answer
- CISA Question 2783
- Question
- Answer
- CISA Question 2784
- Question
- Answer
- CISA Question 2785
- Question
- Answer
- CISA Question 2786
- Question
- Answer
- CISA Question 2787
- Question
- Answer
- CISA Question 2788
- Question
- Answer
- CISA Question 2789
- Question
- Answer
- CISA Question 2790
- Question
- Answer
CISA Question 2781
Question
Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?
A. Execute access to development program libraries
B. Write access to development data libraries
C. Execute access to production program libraries
D. Write access to production program libraries
Answer
D. Write access to production program libraries
CISA Question 2782
Question
Which of the following is the BEST methodology to use for estimating the complexity of developing a large business application?
A. Function point analysis
B. Software cost estimation
C. Work breakdown structure
D. Critical path analysis
Answer
A. Function point analysis
CISA Question 2783
Question
Which of the following is MOST critical to include when developing a data loss prevention (DLP) policy?
A. Identification of the relevant network channels requiring protection
B. Identification of the users, groups and roles to whom the policy will apply
C. Identification of enforcement actions
D. Identification of the content to protect
Answer
D. Identification of the content to protect
CISA Question 2784
Question
An organization is in the process of rolling out a new inventory software tool to replace a suite of verified individual spreadsheet-based inventory solutions. Which of the following is MOST important to help ensure ongoing data integrity within the new inventory tool?
A. Restricting edit access for the new tool to data owners only
B. Ensuring data quality at the point of data entry
C. Requiring key inventory data points to be mandatory fields in the new tool
D. Conducting a post-migration quality assurance review
Answer
B. Ensuring data quality at the point of data entry
CISA Question 2785
Question
A start-up organization wants to develop a data loss prevention program (DLP). The FIRST step should be to implement:
A. data encryption.
B. access controls.
C. data classification.
D. security awareness training.
Answer
C. data classification.
CISA Question 2786
Question
An application development team is also promoting changes to production for a critical financial application. Which of the following would be the BEST control to reduce the associated risk?
A. Implementing a change management code review
B. Implementing a peer review process
C. Performing periodic audits
D. Submitting change logs to the business manager for review
Answer
A. Implementing a change management code review
CISA Question 2787
Question
Which of the following is MOST important for an organization to complete prior to developing its disaster recovery plan (DRP)?
A. Support staff skill gap analysis
B. Comprehensive IT inventory
C. Business impact analysis (BIA)
D. Risk assessment
Answer
C. Business impact analysis (BIA)
CISA Question 2788
Question
Which of the following will identify a deviation in the information security management process from generally accepted standards of good practices?
A. Gap analysis
B. Risk assessment
C. Business impact analysis (BIA)
D. Penetration testing
Answer
A. Gap analysis
CISA Question 2789
Question
The MOST important factors in determining the scope and timing for testing a business continuity plan are:
A. manual processing capabilities and the test location.
B. the importance of the function to be tested and the cost of testing.
C. the experience level of personnel and the function location.
D. prior testing results and the degree of detail of the business continuity plan.
Answer
B. the importance of the function to be tested and the cost of testing.
CISA Question 2790
Question
Planning for the implementation of an information security program is MOST effective when it:
A. uses risk-based analysis for security projects.
B. applies technology-driven solutions to identified needs.
C. uses decision trees to prioritize security projects.
D. applies gap analysis to current and future business plans.
Answer
D. applies gap analysis to current and future business plans.