The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2881
- Question
- Answer
- CISA Question 2882
- Question
- Answer
- CISA Question 2883
- Question
- Answer
- CISA Question 2884
- Question
- Answer
- CISA Question 2885
- Question
- Answer
- CISA Question 2886
- Question
- Answer
- CISA Question 2887
- Question
- Answer
- CISA Question 2888
- Question
- Answer
- CISA Question 2889
- Question
- Answer
- CISA Question 2890
- Question
- Answer
CISA Question 2881
Question
An organization that has suffered a cyber attack is performing a forensic analysis of the affected users’ computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?
A. The chain of custody has not been documented.
B. The legal department has not been engaged.
C. An imagining process was used to obtain a copy of the data from each computer.
D. Audit was only involved during extraction of the information.
Answer
A. The chain of custody has not been documented.
CISA Question 2882
Question
Which of the following is MOST important to include in forensic data collection and preservation procedures?
A. Maintaining chain of custody
B. Preserving data integrity
C. Determining tools to be used
D. Assuring the physical security of devices
Answer
B. Preserving data integrity
CISA Question 2883
Question
Which of the following is the BEST method for converting a file into a format suitable for data analysis in a forensic investigation?
A. Extraction
B. Normalization
C. Data acquisition
D. Imaging
Answer
B. Normalization
CISA Question 2884
Question
During an audit of identity and access management, an IS auditor finds that the engagement audit plan does not include the testing of controls that regulate access by third parties. Which of the following would be the auditor’s BEST course of action?
A. Plan to test these controls in another audit.
B. Escalate the deficiency to audit management.
C. Add testing of third-party access controls to the scope of the audit.
D. Determine whether the risk has been identified in the planning documents.
Answer
D. Determine whether the risk has been identified in the planning documents.
CISA Question 2885
Question
A security regulation requires the disabling of direct administrator access. Such access must occur through an intermediate server that holds administrator passwords for all systems and records all actions. An IS auditor’s PRIMARY concern with this solution would be that:
A. it is not feasible to implement.
B. it represents a single point of failure.
C. segregation of duties is not observed.
D. access logs may not be maintained.
Answer
B. it represents a single point of failure.
CISA Question 2886
Question
An IS auditor identifies key controls that have been overridden by management. The NEXT step the IS auditor should take is to:
A. perform procedures to quantify the irregularities.
B. report the absence of key controls to regulators.
C. recommend compensating controls.
D. withdraw from the engagement.
Answer
B. report the absence of key controls to regulators.
CISA Question 2887
Question
Following a breach, what is the BEST source to determine the maximum amount of time before customers must be notified that their personal information may have been compromised?
A. Industry standards
B. Information security policy
C. Incident response plan
D. Industry regulations
Answer
D. Industry regulations
CISA Question 2888
Question
What is the BEST way for an IS auditor to address the risk associated with over-retention of personal data after identifying a large number of customer records retained beyond the retention period defined by law?
A. Recommend automating deletion of records beyond the retention period.
B. Schedule regular internal audits to identify records for deletion.
C. Report the retention period noncompliance to the regulatory authority.
D. Escalate the over-retention issue to the data privacy officer for follow-up.
Answer
A. Recommend automating deletion of records beyond the retention period.
CISA Question 2889
Question
An organization has decided to migrate payroll processing to a new platform hosted by a third party in a different country. Which of the following is MOST important for the IS auditor to consider?
A. The service provider’s compliance with privacy regulations
B. Whether the contract contains a right-to-terminate clause
C. The service provider’s compliance with financial regulations
D. Storage costs charged by the service provider
Answer
C. The service provider’s compliance with financial regulations
CISA Question 2890
Question
Which of the following data would be used when performing a business impact analysis (BIA)?
A. Projected impact of current business on future business
B. Cost of regulatory compliance
C. Cost benefit analysis of running the current business
D. Expected costs for recovering the business.
Answer
A. Projected impact of current business on future business