The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2811
- Question
- Answer
- CISA Question 2812
- Question
- Answer
- CISA Question 2813
- Question
- Answer
- CISA Question 2814
- Question
- Answer
- CISA Question 2815
- Question
- Answer
- CISA Question 2816
- Question
- Answer
- CISA Question 2817
- Question
- Answer
- CISA Question 2818
- Question
- Answer
- CISA Question 2819
- Question
- Answer
- CISA Question 2820
- Question
- Answer
CISA Question 2811
Question
An organization developed a comprehensive three-year IT strategic plan. Halfway into the plan, a major legislative change impacting the organization is enacted.
Which of the following should be management’s NEXT course of action?
A. Develop specific procedural documentation related to the changed legislation.
B. Assess the legislation to determine whether changes are required to the strategic IT plan.
C. Perform a risk assessment of the legislative changes.
D. Develop a new IT strategic plan that encompasses the new legislation.
Answer
B. Assess the legislation to determine whether changes are required to the strategic IT plan.
CISA Question 2812
Question
The MOST useful technique for maintaining management support for the information security program is:
A. identifying the risks and consequences of failure to comply with standards
B. benchmarking the security programs of comparable organizations
C. implementing a comprehensive security awareness and training program
D. informing management about the security of business operations
Answer
A. identifying the risks and consequences of failure to comply with standards
CISA Question 2813
Question
An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:
A. security requirements for the process being outsourced
B. security metrics
C. service level agreements (SLAs)
D. risk-reporting methodologies
Answer
C. service level agreements (SLAs)
CISA Question 2814
Question
What is the FIRST line of defense against criminal insider activities?
A. Validating the integrity of personnel
B. Monitoring employee activities
C. Signing security agreements by critical personnel
D. Stringent and enforced access controls
Answer
D. Stringent and enforced access controls
CISA Question 2815
Question
When choosing the best controls to mitigate risk to acceptable levels, the information security manager’s decision should be MAINLY driven by:
A. cost-benefit analysis
B. regulatory requirements
C. best practices
D. control framework
Answer
B. regulatory requirements
CISA Question 2816
Question
An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party’s contract programmers comply with the organization’s security policies?
A. Perform periodic security assessments of the contractors’ activities.
B. Conduct periodic vulnerability scans of the application.
C. Include penalties for noncompliance in the contracting agreement.
D. Require annual signed agreements of adherence to security policies.
Answer
A. Perform periodic security assessments of the contractors’ activities.
CISA Question 2817
Question
Which of the following is the MOST important element when developing an information security strategy?
A. Identifying applicable laws and regulations
B. Identifying information assets
C. Determining the risk management methodology
D. Aligning security activities with organizational goals
Answer
D. Aligning security activities with organizational goals
CISA Question 2818
Question
Which of the following BEST enables staff acceptance of information security policies?
A. Strong senior management support
B. Adequate security funding
C. Computer-based training
D. A robust incident response program
Answer
A. Strong senior management support
CISA Question 2819
Question
Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?
A. Understanding the impact on existing resources
B. Assessing how peer organizations using the same technologies have been impacted
C. Developing training for end users to familiarize them with the new technology
D. Reviewing vendor documentation and service levels agreements
Answer
A. Understanding the impact on existing resources
CISA Question 2820
Question
Reevaluation of risk is MOST critical when there is:
A. resistance to the implementation of mitigating controls
B. a change in security policy
C. a management request for updated security reports
D. a change in the threat landscape
Answer
D. a change in the threat landscape