The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
CISA Question 2801
Question
Which of the following is the BEST way to control scope creep during application system development?
A. Involve key stakeholders.
B. Implement project steering committee review.
C. Implement a quality management system.
D. Establish key performance indicators (KPIs).
Answer
B. Implement project steering committee review.
CISA Question 2802
Question
Which of the following control checks would utilize data analytics?
A. Evaluating configuration settings for the credit card application system
B. Reviewing credit card applications submitted in the past month for blank data fields
C. Attempting to submit credit card applications with blank data fields
D. Reviewing the business requirements document for the credit card application system
Answer
D. Reviewing the business requirements document for the credit card application system
CISA Question 2803
Question
Which of the following is a detective control that can be used to uncover unauthorized access to information systems?
A. Requiring long and complex passwords for system access
B. Implementing a security information and event management (SIEM) system
C. Requiring internal audit to perform periodic reviews of system access logs
D. Protecting access to the data center with multifactor authentication
Answer
B. Implementing a security information and event management (SIEM) system
CISA Question 2804
Question
An organization is choosing key performance indicators (KPIs) for its information security management. Which of the following KPIs would provide stakeholders with the MOST useful information about whether information security risk is being managed?
A. Time from initial reporting of an incident to appropriate escalation
B. Time from identifying a security threat to implementing a solution
C. The number of security controls implemented
D. The number of security incidents during the past quarter
Answer
B. Time from identifying a security threat to implementing a solution
CISA Question 2805
Question
In a typical network architecture used for e-commerce, a load balancer is normally found between the:
A. routers and the web servers.
B. mail servers and the mail repositories.
C. users and the external gateways.
D. databases and the external gateways.
Answer
A. routers and the web servers.
CISA Question 2806
Question
When planning for the implementation of a new system, an organization will opt for a parallel run PRIMARILY to:
A. ensure that the system meets required user response time.
B. validate system processing.
C. facilitate the training of new personnel.
D. verify that system interfaces were implemented.
Answer
C. facilitate the training of new personnel.
CISA Question 2807
Question
To preserve chain of custody following an internal server compromise, which of the following should be the FIRST step?
A. Take a system image including memory dump
B. Safely shut down the server
C. Replicate the attack using the remaining evidence
D. Trace the attacking route
Answer
A. Take a system image including memory dump
CISA Question 2808
Question
The maturity level of an organization’s problem management support function is optimized when the function:
A. proactively provides solutions
B. has formally documented the escalation process
C. analyzes critical incidents to identify root cause
D. resolves requests in a timely manner
Answer
A. proactively provides solutions
CISA Question 2809
Question
Which of the following is the MOST important advantage of participating in beta testing of software products?
A. It improves vendor support and training.
B. It enables an organization to gain familiarity with new products and their functionality.
C. It increases an organization’s ability to retain staff who prefer to work with new technology.
D. It enhances security and confidentiality.
Answer
B. It enables an organization to gain familiarity with new products and their functionality.
CISA Question 2810
Question
Which of the following is the MOST important factor when an organization is developing information security policies and procedures?
A. Cross-references between policies and procedures
B. Inclusion of mission and objectives
C. Compliance with relevant regulations
D. Consultation with management
Answer
C. Compliance with relevant regulations
