The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2831
- Question
- Answer
- CISA Question 2832
- Question
- Answer
- CISA Question 2833
- Question
- Answer
- CISA Question 2834
- Question
- Answer
- CISA Question 2835
- Question
- Answer
- CISA Question 2836
- Question
- Answer
- CISA Question 2837
- Question
- Answer
- CISA Question 2838
- Question
- Answer
- CISA Question 2839
- Question
- Answer
- CISA Question 2840
- Question
- Answer
CISA Question 2831
Question
Which of the following is the PRIMARY benefit of performing a maturity model assessment?
A. It identifies and fixes attribute weaknesses.
B. It ensures organizational consistency and improvement.
C. It facilitates the execution of an improvement plan.
D. It acts as a measuring tool and progress indicator.
Answer
D. It acts as a measuring tool and progress indicator.
CISA Question 2832
Question
IS management has recently disabled certain referential integrity controls in the database management system (DBMS) software to provide users increased query performance. Which of the following controls will MOST effectively compensate for the lack of referential integrity?
A. Performance monitoring tools
B. More frequent data backups
C. Periodic table link checks
D. Concurrent access controls
Answer
C. Periodic table link checks
CISA Question 2833
Question
Which of the following would be the MOST useful metric for management to consider when reviewing a project portfolio?
A. Total cost of each project
B. Expected return divided by total project cost
C. Net present value (NPV) of the portfolio
D. Cost of projects divided by total IT cost
Answer
B. Expected return divided by total project cost
CISA Question 2834
Question
When classifying information, it is MOST important to align the classification to:
A. industry standards
B. security policy
C. business risk
D. data retention requirements
Answer
B. security policy
CISA Question 2835
Question
End users have been demanding the ability to use their own devices for work, but want to keep personal information out of corporate control.
Which of the following would be MOST effective at reducing the risk of security incidents while satisfying and user requirements?
A. Require complex passwords
B. Implement an acceptable use policy
C. Enable remote wipe capabilities for the devices
D. Encrypt corporate data on the devices
Answer
B. Implement an acceptable use policy
CISA Question 2836
Question
Which of the following information security requirements BEST enables the tracking of organizational data in a bring your own device (BYOD) environment?
A. Employees must sign acknowledgement of the organization’s mobile device acceptable use policy.
B. Employees must use auto-lock features and complex passwords on personal devices.
C. Employees must immediately report lost or stolen mobile devices containing organizational data.
D. Employees must enroll their personal devices in the organization’s mobile device management program.
Answer
D. Employees must enroll their personal devices in the organization’s mobile device management program.
CISA Question 2837
Question
Which of the following is the BEST use of a maturity model in a small organization?
A. To develop a roadmap for the organization to achieve the highest maturity level
B. To identify required actions to close the gap between current and desired maturity levels
C. To benchmark against peer organizations that have attained the highest maturity level
D. To assess the current maturity level and the level of compliance with key controls
Answer
B. To identify required actions to close the gap between current and desired maturity levels
CISA Question 2838
Question
When reviewing an organization’s information security policies, an IS auditor should verify that the policies have been defined PRIMARILY on the basis of:
A. industry best practices.
B. an information security framework.
C. past information security incidents.
D. a risk management process.
Answer
B. an information security framework.
CISA Question 2839
Question
An organization implemented a cybersecurity policy last year. Which of the following is the GREATEST indicator that the policy may need to be revised?
A. A significant increase in external attack attempts
B. A significant increase in approved exceptions
C. A significant increase in cybersecurity audit findings
D. A significant increase in authorized connections to third parties
Answer
C. A significant increase in cybersecurity audit findings
CISA Question 2840
Question
Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization’s information security policy?
A. Business objectives
B. Alignment with the IT tactical plan
C. Compliance with industry best practice
D. IT steering committee minutes
Answer
A. Business objectives