Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 26

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2781

Question

Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?

A. Execute access to development program libraries
B. Write access to development data libraries
C. Execute access to production program libraries
D. Write access to production program libraries

Answer

D. Write access to production program libraries

CISA Question 2782

Question

Which of the following is the BEST methodology to use for estimating the complexity of developing a large business application?

A. Function point analysis
B. Software cost estimation
C. Work breakdown structure
D. Critical path analysis

Answer

A. Function point analysis

CISA Question 2783

Question

Which of the following is MOST critical to include when developing a data loss prevention (DLP) policy?

A. Identification of the relevant network channels requiring protection
B. Identification of the users, groups and roles to whom the policy will apply
C. Identification of enforcement actions
D. Identification of the content to protect

Answer

D. Identification of the content to protect

CISA Question 2784

Question

An organization is in the process of rolling out a new inventory software tool to replace a suite of verified individual spreadsheet-based inventory solutions. Which of the following is MOST important to help ensure ongoing data integrity within the new inventory tool?

A. Restricting edit access for the new tool to data owners only
B. Ensuring data quality at the point of data entry
C. Requiring key inventory data points to be mandatory fields in the new tool
D. Conducting a post-migration quality assurance review

Answer

B. Ensuring data quality at the point of data entry

CISA Question 2785

Question

A start-up organization wants to develop a data loss prevention program (DLP). The FIRST step should be to implement:

A. data encryption.
B. access controls.
C. data classification.
D. security awareness training.

Answer

C. data classification.

CISA Question 2786

Question

An application development team is also promoting changes to production for a critical financial application. Which of the following would be the BEST control to reduce the associated risk?

A. Implementing a change management code review
B. Implementing a peer review process
C. Performing periodic audits
D. Submitting change logs to the business manager for review

Answer

A. Implementing a change management code review

CISA Question 2787

Question

Which of the following is MOST important for an organization to complete prior to developing its disaster recovery plan (DRP)?

A. Support staff skill gap analysis
B. Comprehensive IT inventory
C. Business impact analysis (BIA)
D. Risk assessment

Answer

C. Business impact analysis (BIA)

CISA Question 2788

Question

Which of the following will identify a deviation in the information security management process from generally accepted standards of good practices?

A. Gap analysis
B. Risk assessment
C. Business impact analysis (BIA)
D. Penetration testing

Answer

A. Gap analysis

CISA Question 2789

Question

The MOST important factors in determining the scope and timing for testing a business continuity plan are:

A. manual processing capabilities and the test location.
B. the importance of the function to be tested and the cost of testing.
C. the experience level of personnel and the function location.
D. prior testing results and the degree of detail of the business continuity plan.

Answer

B. the importance of the function to be tested and the cost of testing.

CISA Question 2790

Question

Planning for the implementation of an information security program is MOST effective when it:

A. uses risk-based analysis for security projects.
B. applies technology-driven solutions to identified needs.
C. uses decision trees to prioritize security projects.
D. applies gap analysis to current and future business plans.

Answer

D. applies gap analysis to current and future business plans.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.