Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 27

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2801

Question

Which of the following is the BEST way to control scope creep during application system development?

A. Involve key stakeholders.
B. Implement project steering committee review.
C. Implement a quality management system.
D. Establish key performance indicators (KPIs).

Answer

B. Implement project steering committee review.

CISA Question 2802

Question

Which of the following control checks would utilize data analytics?

A. Evaluating configuration settings for the credit card application system
B. Reviewing credit card applications submitted in the past month for blank data fields
C. Attempting to submit credit card applications with blank data fields
D. Reviewing the business requirements document for the credit card application system

Answer

D. Reviewing the business requirements document for the credit card application system

CISA Question 2803

Question

Which of the following is a detective control that can be used to uncover unauthorized access to information systems?

A. Requiring long and complex passwords for system access
B. Implementing a security information and event management (SIEM) system
C. Requiring internal audit to perform periodic reviews of system access logs
D. Protecting access to the data center with multifactor authentication

Answer

B. Implementing a security information and event management (SIEM) system

CISA Question 2804

Question

An organization is choosing key performance indicators (KPIs) for its information security management. Which of the following KPIs would provide stakeholders with the MOST useful information about whether information security risk is being managed?

A. Time from initial reporting of an incident to appropriate escalation
B. Time from identifying a security threat to implementing a solution
C. The number of security controls implemented
D. The number of security incidents during the past quarter

Answer

B. Time from identifying a security threat to implementing a solution

CISA Question 2805

Question

In a typical network architecture used for e-commerce, a load balancer is normally found between the:

A. routers and the web servers.
B. mail servers and the mail repositories.
C. users and the external gateways.
D. databases and the external gateways.

Answer

A. routers and the web servers.

CISA Question 2806

Question

When planning for the implementation of a new system, an organization will opt for a parallel run PRIMARILY to:

A. ensure that the system meets required user response time.
B. validate system processing.
C. facilitate the training of new personnel.
D. verify that system interfaces were implemented.

Answer

C. facilitate the training of new personnel.

CISA Question 2807

Question

To preserve chain of custody following an internal server compromise, which of the following should be the FIRST step?

A. Take a system image including memory dump
B. Safely shut down the server
C. Replicate the attack using the remaining evidence
D. Trace the attacking route

Answer

A. Take a system image including memory dump

CISA Question 2808

Question

The maturity level of an organization’s problem management support function is optimized when the function:

A. proactively provides solutions
B. has formally documented the escalation process
C. analyzes critical incidents to identify root cause
D. resolves requests in a timely manner

Answer

A. proactively provides solutions

CISA Question 2809

Question

Which of the following is the MOST important advantage of participating in beta testing of software products?

A. It improves vendor support and training.
B. It enables an organization to gain familiarity with new products and their functionality.
C. It increases an organization’s ability to retain staff who prefer to work with new technology.
D. It enhances security and confidentiality.

Answer

B. It enables an organization to gain familiarity with new products and their functionality.

CISA Question 2810

Question

Which of the following is the MOST important factor when an organization is developing information security policies and procedures?

A. Cross-references between policies and procedures
B. Inclusion of mission and objectives
C. Compliance with relevant regulations
D. Consultation with management

Answer

C. Compliance with relevant regulations

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.