Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 27

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2811

Question

An organization developed a comprehensive three-year IT strategic plan. Halfway into the plan, a major legislative change impacting the organization is enacted.
Which of the following should be management’s NEXT course of action?

A. Develop specific procedural documentation related to the changed legislation.
B. Assess the legislation to determine whether changes are required to the strategic IT plan.
C. Perform a risk assessment of the legislative changes.
D. Develop a new IT strategic plan that encompasses the new legislation.

Answer

B. Assess the legislation to determine whether changes are required to the strategic IT plan.

CISA Question 2812

Question

The MOST useful technique for maintaining management support for the information security program is:

A. identifying the risks and consequences of failure to comply with standards
B. benchmarking the security programs of comparable organizations
C. implementing a comprehensive security awareness and training program
D. informing management about the security of business operations

Answer

A. identifying the risks and consequences of failure to comply with standards

CISA Question 2813

Question

An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:

A. security requirements for the process being outsourced
B. security metrics
C. service level agreements (SLAs)
D. risk-reporting methodologies

Answer

C. service level agreements (SLAs)

CISA Question 2814

Question

What is the FIRST line of defense against criminal insider activities?

A. Validating the integrity of personnel
B. Monitoring employee activities
C. Signing security agreements by critical personnel
D. Stringent and enforced access controls

Answer

D. Stringent and enforced access controls

CISA Question 2815

Question

When choosing the best controls to mitigate risk to acceptable levels, the information security manager’s decision should be MAINLY driven by:

A. cost-benefit analysis
B. regulatory requirements
C. best practices
D. control framework

Answer

B. regulatory requirements

CISA Question 2816

Question

An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party’s contract programmers comply with the organization’s security policies?

A. Perform periodic security assessments of the contractors’ activities.
B. Conduct periodic vulnerability scans of the application.
C. Include penalties for noncompliance in the contracting agreement.
D. Require annual signed agreements of adherence to security policies.

Answer

A. Perform periodic security assessments of the contractors’ activities.

CISA Question 2817

Question

Which of the following is the MOST important element when developing an information security strategy?

A. Identifying applicable laws and regulations
B. Identifying information assets
C. Determining the risk management methodology
D. Aligning security activities with organizational goals

Answer

D. Aligning security activities with organizational goals

CISA Question 2818

Question

Which of the following BEST enables staff acceptance of information security policies?

A. Strong senior management support
B. Adequate security funding
C. Computer-based training
D. A robust incident response program

Answer

A. Strong senior management support

CISA Question 2819

Question

Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?

A. Understanding the impact on existing resources
B. Assessing how peer organizations using the same technologies have been impacted
C. Developing training for end users to familiarize them with the new technology
D. Reviewing vendor documentation and service levels agreements

Answer

A. Understanding the impact on existing resources

CISA Question 2820

Question

Reevaluation of risk is MOST critical when there is:

A. resistance to the implementation of mitigating controls
B. a change in security policy
C. a management request for updated security reports
D. a change in the threat landscape

Answer

D. a change in the threat landscape

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.