Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 27

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2831

Question

Which of the following is the PRIMARY benefit of performing a maturity model assessment?

A. It identifies and fixes attribute weaknesses.
B. It ensures organizational consistency and improvement.
C. It facilitates the execution of an improvement plan.
D. It acts as a measuring tool and progress indicator.

Answer

D. It acts as a measuring tool and progress indicator.

CISA Question 2832

Question

IS management has recently disabled certain referential integrity controls in the database management system (DBMS) software to provide users increased query performance. Which of the following controls will MOST effectively compensate for the lack of referential integrity?

A. Performance monitoring tools
B. More frequent data backups
C. Periodic table link checks
D. Concurrent access controls

Answer

C. Periodic table link checks

CISA Question 2833

Question

Which of the following would be the MOST useful metric for management to consider when reviewing a project portfolio?

A. Total cost of each project
B. Expected return divided by total project cost
C. Net present value (NPV) of the portfolio
D. Cost of projects divided by total IT cost

Answer

B. Expected return divided by total project cost

CISA Question 2834

Question

When classifying information, it is MOST important to align the classification to:

A. industry standards
B. security policy
C. business risk
D. data retention requirements

Answer

B. security policy

CISA Question 2835

Question

End users have been demanding the ability to use their own devices for work, but want to keep personal information out of corporate control.
Which of the following would be MOST effective at reducing the risk of security incidents while satisfying and user requirements?

A. Require complex passwords
B. Implement an acceptable use policy
C. Enable remote wipe capabilities for the devices
D. Encrypt corporate data on the devices

Answer

B. Implement an acceptable use policy

CISA Question 2836

Question

Which of the following information security requirements BEST enables the tracking of organizational data in a bring your own device (BYOD) environment?

A. Employees must sign acknowledgement of the organization’s mobile device acceptable use policy.
B. Employees must use auto-lock features and complex passwords on personal devices.
C. Employees must immediately report lost or stolen mobile devices containing organizational data.
D. Employees must enroll their personal devices in the organization’s mobile device management program.

Answer

D. Employees must enroll their personal devices in the organization’s mobile device management program.

CISA Question 2837

Question

Which of the following is the BEST use of a maturity model in a small organization?

A. To develop a roadmap for the organization to achieve the highest maturity level
B. To identify required actions to close the gap between current and desired maturity levels
C. To benchmark against peer organizations that have attained the highest maturity level
D. To assess the current maturity level and the level of compliance with key controls

Answer

B. To identify required actions to close the gap between current and desired maturity levels

CISA Question 2838

Question

When reviewing an organization’s information security policies, an IS auditor should verify that the policies have been defined PRIMARILY on the basis of:

A. industry best practices.
B. an information security framework.
C. past information security incidents.
D. a risk management process.

Answer

B. an information security framework.

CISA Question 2839

Question

An organization implemented a cybersecurity policy last year. Which of the following is the GREATEST indicator that the policy may need to be revised?

A. A significant increase in external attack attempts
B. A significant increase in approved exceptions
C. A significant increase in cybersecurity audit findings
D. A significant increase in authorized connections to third parties

Answer

C. A significant increase in cybersecurity audit findings

CISA Question 2840

Question

Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization’s information security policy?

A. Business objectives
B. Alignment with the IT tactical plan
C. Compliance with industry best practice
D. IT steering committee minutes

Answer

A. Business objectives

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.