ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 28

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 2991

Question

Which of the following is MOST likely to result from compliance testing?

A. Comparison of data with physical counts
B. Confirmation of data with outside sources
C. Identification of errors due to processing mistakes
D. Discovery of controls that have not been applied

Answer

D. Discovery of controls that have not been applied

CISA Question 2992

Question

A cloud service provider is unable to provide an independent assessment of controls. Which of the following is the BEST way to obtain assurance that the provider can adequately protect the organization’s information?

A. Check references supplied by the provider’s other customers.
B. Invoke the right to audit per the contract.
C. Review the provider’s information security policy.
D. Review the provider’s self-assessment.

Answer

B. Invoke the right to audit per the contract.

CISA Question 2993

Question

The GREATEST benefit of using a maturity model when providing security reports to management is that it presents the:

A. current and target security state for the business.
B. security program priorities to achieve an accepted risk level.
C. assessed level of security risk at a particular point in time.
D. level of compliance with internal policy.

Answer

A. current and target security state for the business.

CISA Question 2994

Question

A business unit uses an e-commerce application with a strong password policy. Many customers complain that they cannot remember their passwords because they are too long and complex. The business unit states it is imperative to improve the customer experience. The information security manager should FIRST:

A. change the password policy to improve the customer experience.
B. recommend implementing two-factor authentication.
C. research alternative secure methods of identity verification.
D. evaluate the impact of the customer’s experience on business revenue.

Answer

C. research alternative secure methods of identity verification.

CISA Question 2995

Question

Which of the following processes is the FIRST step in establishing an information security policy?

A. Security controls evaluation
B. Business risk assessment
C. Review of current global standards
D. Information security audit

Answer

B. Business risk assessment

CISA Question 2996

Question

Which of the following is MOST likely to be included in an enterprise information security policy?

A. Password composition requirements
B. Consequences of noncompliance
C. Audit trail review requirements
D. Security monitoring strategy

Answer

B. Consequences of noncompliance

CISA Question 2997

Question

Which of the following will BEST protect an organization against spear phishing?

A. Email content filtering
B. Acceptable use policy
C. End-user training
D. Antivirus software

Answer

C. End-user training

CISA Question 2998

Question

Which of the following is the MOST effective control to mitigate unintentional misuse of authorized access?

A. Regular monitoring of user access logs
B. Annual sign-off of acceptable use policy
C. Security awareness training
D. Formalized disciplinary action

Answer

C. Security awareness training

CISA Question 2999

Question

Which type of risk would MOST influence the selection of a sampling methodology?

A. Control
B. Inherent
C. Residual
D. Detection

Answer

D. Detection

CISA Question 3000

Question

An organization’s IT security policy requires annual security awareness training for all employees. Which of the following would provide the BEST evidence of the training’s effectiveness?

A. Results of a social engineering test
B. Interviews with employees
C. Decreased calls to the incident response team
D. Surveys completed by randomly selected employees

Answer

A. Results of a social engineering test