The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2851
- Question
- Answer
- CISA Question 2852
- Question
- Answer
- CISA Question 2853
- Question
- Answer
- CISA Question 2854
- Question
- Answer
- CISA Question 2855
- Question
- Answer
- CISA Question 2856
- Question
- Answer
- CISA Question 2857
- Question
- Answer
- CISA Question 2858
- Question
- Answer
- CISA Question 2859
- Question
- Answer
- CISA Question 2860
- Question
- Answer
CISA Question 2851
Question
When deciding whether a third party can be used in resolving a suspected security breach, which of the following should be the MOST important consideration for IT management?
A. Audit approval
B. Third-party cost
C. Incident priority rating
D. Data sensitivity
Answer
D. Data sensitivity
CISA Question 2852
Question
An organization’s audit charter PRIMARILY:
A. describes the auditors’ authority to conduct audits.
B. documents the audit process and reporting standards.
C. formally records the annual and quarterly audit plans.
D. defines the auditors’ code of conduct.
Answer
A. describes the auditors’ authority to conduct audits.
CISA Question 2853
Question
Which of the following BEST demonstrates that IT strategy is aligned with organizational goals and objectives?
A. Organizational strategies are communicated to the chief information officer (CIO).
B. Business stakeholders are involved in approving the IT strategy.
C. The chief information officer (CIO) is involved in approving the organizational strategies.
D. IT strategies are communicated to all business stakeholders.
Answer
B. Business stakeholders are involved in approving the IT strategy.
CISA Question 2854
Question
Which of the following BEST indicates that an organization has effective governance in place?
A. The organization is compliant with local government regulations.
B. The organization’s board of directors executes on the management strategy.
C. The organization’s board of directors reviews metrics for strategic initiatives.
D. The organization regularly updates governance-related policies and procedures.
Answer
D. The organization regularly updates governance-related policies and procedures.
CISA Question 2855
Question
Which of the following falls within the scope of an information security governance committee?
A. Approving access to critical financial systems
B. Prioritizing information security technology initiatives
C. Reviewing content for information security awareness programs
D. Selecting the organization’s external security auditors
Answer
B. Prioritizing information security technology initiatives
CISA Question 2856
Question
During an IT governance audit, an IS auditor notes that IT policies and procedures are not regularly reviewed and updated. The GREATEST concern to the IS auditor is that policies and procedures might not:
A. reflect current practices.
B. incorporate changes to relevant laws.
C. be subject to adequate quality assurance (QA).
D. include new systems and corresponding process changes.
Answer
D. include new systems and corresponding process changes.
CISA Question 2857
Question
Which of the following focus areas is a responsibility of IT management rather than IT governance?
A. Risk optimization
B. IT resource optimization
C. IT controls implementation
D. Benefits realization
Answer
C. IT controls implementation
CISA Question 2858
Question
What is the MOST effective way for an IS auditor to determine whether employees understand the organization’s information security policy?
A. Ensure the policy is current.
B. Survey employees.
C. Review the organization’s employee training log
D. Ensure the policy is communicated throughout the organization.
Answer
B. Survey employees.
CISA Question 2859
Question
Which of the following is the BEST audit procedure to determine whether a firewall is configured in compliance with the organization’s security policy?
A. Reviewing the system log
B. Reviewing the parameter settings
C. Interviewing the firewall administrator
D. Reviewing the actual procedures
Answer
B. Reviewing the parameter settings
CISA Question 2860
Question
Which of the following is MOST important for an IS auditor to review when evaluating the completeness of an organization’s personally identifiable information (PII) inventory?
A. Data flows
B. Data retention
C. Data ownership
D. Data policy
Answer
B. Data retention