The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2921
- Question
- Answer
- CISA Question 2922
- Question
- Answer
- CISA Question 2923
- Question
- Answer
- CISA Question 2924
- Question
- Answer
- CISA Question 2925
- Question
- Answer
- CISA Question 2926
- Question
- Answer
- CISA Question 2927
- Question
- Answer
- CISA Question 2928
- Question
- Answer
- CISA Question 2929
- Question
- Answer
- CISA Question 2930
- Question
- Answer
CISA Question 2921
Question
When creating a new risk management program, it is CRITICAL to consider:
A. the risk appetite.
B. compliance measures.
C. risk mitigation techniques.
D. resource utilization.
Answer
B. compliance measures.
CISA Question 2922
Question
Which of the following is the MOST effective way for an IS auditor to identify unauthorized changes to the production state of a critical business application?
A. Run an automated scan of the production environment to detect missing software patches.
B. Compare a list of production system changes with the configuration management database (CMDB).
C. Review recently approved changes to application programming interfaces (API) in the production environment.
D. Review recent updates in the configuration management database (CMDB) for compliance with IT policies.
Answer
D. Review recent updates in the configuration management database (CMDB) for compliance with IT policies.
CISA Question 2923
Question
A region where an organization conducts business has announced changes in privacy legislation. Which of the following should an IS auditor do FIRST to prepare for the changes?
A. Perform a gap analysis with current privacy procedures.
B. Provide suggested updates to the organization’s privacy procedures.
C. Communicate the changes in privacy legislation to the legal department.
D. Design compensating controls to be in compliance with new privacy legislation.
Answer
A. Perform a gap analysis with current privacy procedures.
CISA Question 2924
Question
Following an acquisition, it was decided that legacy applications subject to compliance requirements will continue to be used until they can be phased out. The IS auditor needs to determine where there are control redundancies and where gaps may exist. Which of the following activities would be MOST helpful in making this determination?
A. Control self-assessments
B. Risk assessment
C. Control testing
D. Control mapping
Answer
A. Control self-assessments
CISA Question 2925
Question
A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor’s BEST recommendation to facilitate compliance with the regulation?
A. Include the requirement in the incident management response plan.
B. Establish key performance indicators (KPIs) for timely identification of security incidents.
C. Enhance the alert functionality of the intrusion detection system (IDS).
D. Engage an external security incident response expert for incident handling.
Answer
A. Include the requirement in the incident management response plan.
CISA Question 2926
Question
An IS auditor is reviewing standards and compliance requirements related to an upcoming systems audit. The auditor notes that the industry standards are less stringent than local regulatory standards. How should the auditor proceed?
A. Audit to the standards with the highest requirements.
B. Audit exclusively to the industry standards.
C. Coordinate with regulatory officers to determine necessary requirements.
D. Audit to the policies and procedures of the organization.
Answer
C. Coordinate with regulatory officers to determine necessary requirements.
CISA Question 2927
Question
Which of the following is the BEST source of information for an IS auditor to use as a baseline to assess the adequacy of an organization’s privacy policy?
A. Benchmark studies of similar organizations
B. Local privacy standards and regulations
C. Historical privacy breaches and related root causes
D. Globally accepted privacy best practices
Answer
B. Local privacy standards and regulations
CISA Question 2928
Question
Which of the following tests would provide the BEST assurance that a health care organization is handling patient data appropriately?
A. Compliance with local laws and regulations
B. Compliance with the organization’s policies and procedures
C. Compliance with action plans resulting from recent audits
D. Compliance with industry standards and best practice
Answer
C. Compliance with action plans resulting from recent audits
CISA Question 2929
Question
A new regulatory standard for data privacy requires an organization to protect personally identifiable information (PII). Which of the following is MOST important to include in the audit engagement plan to access compliance with the new standard?
A. Identification of IT systems that host PII
B. Review of data loss risk scenarios
C. Identification of unencrypted PII
D. Review of data protection procedures
Answer
D. Review of data protection procedures
CISA Question 2930
Question
A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization’s level of exposure in the affected country. Which of the following would be MOST helpful in making this assessment?
A. Identifying data security threats in the affected jurisdiction
B. Reviewing data classification procedures associated with the affected jurisdiction
C. Identifying business processes associated with personal data exchange with the affected jurisdiction
D. Developing an inventory of all business entities that exchange personal data with the affected jurisdiction
Answer
C. Identifying business processes associated with personal data exchange with the affected jurisdiction