Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 27

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2881

Question

An organization that has suffered a cyber attack is performing a forensic analysis of the affected users’ computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?

A. The chain of custody has not been documented.
B. The legal department has not been engaged.
C. An imagining process was used to obtain a copy of the data from each computer.
D. Audit was only involved during extraction of the information.

Answer

A. The chain of custody has not been documented.

CISA Question 2882

Question

Which of the following is MOST important to include in forensic data collection and preservation procedures?

A. Maintaining chain of custody
B. Preserving data integrity
C. Determining tools to be used
D. Assuring the physical security of devices

Answer

B. Preserving data integrity

CISA Question 2883

Question

Which of the following is the BEST method for converting a file into a format suitable for data analysis in a forensic investigation?

A. Extraction
B. Normalization
C. Data acquisition
D. Imaging

Answer

B. Normalization

CISA Question 2884

Question

During an audit of identity and access management, an IS auditor finds that the engagement audit plan does not include the testing of controls that regulate access by third parties. Which of the following would be the auditor’s BEST course of action?

A. Plan to test these controls in another audit.
B. Escalate the deficiency to audit management.
C. Add testing of third-party access controls to the scope of the audit.
D. Determine whether the risk has been identified in the planning documents.

Answer

D. Determine whether the risk has been identified in the planning documents.

CISA Question 2885

Question

A security regulation requires the disabling of direct administrator access. Such access must occur through an intermediate server that holds administrator passwords for all systems and records all actions. An IS auditor’s PRIMARY concern with this solution would be that:

A. it is not feasible to implement.
B. it represents a single point of failure.
C. segregation of duties is not observed.
D. access logs may not be maintained.

Answer

B. it represents a single point of failure.

CISA Question 2886

Question

An IS auditor identifies key controls that have been overridden by management. The NEXT step the IS auditor should take is to:

A. perform procedures to quantify the irregularities.
B. report the absence of key controls to regulators.
C. recommend compensating controls.
D. withdraw from the engagement.

Answer

B. report the absence of key controls to regulators.

CISA Question 2887

Question

Following a breach, what is the BEST source to determine the maximum amount of time before customers must be notified that their personal information may have been compromised?

A. Industry standards
B. Information security policy
C. Incident response plan
D. Industry regulations

Answer

D. Industry regulations

CISA Question 2888

Question

What is the BEST way for an IS auditor to address the risk associated with over-retention of personal data after identifying a large number of customer records retained beyond the retention period defined by law?

A. Recommend automating deletion of records beyond the retention period.
B. Schedule regular internal audits to identify records for deletion.
C. Report the retention period noncompliance to the regulatory authority.
D. Escalate the over-retention issue to the data privacy officer for follow-up.

Answer

A. Recommend automating deletion of records beyond the retention period.

CISA Question 2889

Question

An organization has decided to migrate payroll processing to a new platform hosted by a third party in a different country. Which of the following is MOST important for the IS auditor to consider?

A. The service provider’s compliance with privacy regulations
B. Whether the contract contains a right-to-terminate clause
C. The service provider’s compliance with financial regulations
D. Storage costs charged by the service provider

Answer

C. The service provider’s compliance with financial regulations

CISA Question 2890

Question

Which of the following data would be used when performing a business impact analysis (BIA)?

A. Projected impact of current business on future business
B. Cost of regulatory compliance
C. Cost benefit analysis of running the current business
D. Expected costs for recovering the business.

Answer

A. Projected impact of current business on future business

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.