Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 28

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2921

Question

When creating a new risk management program, it is CRITICAL to consider:

A. the risk appetite.
B. compliance measures.
C. risk mitigation techniques.
D. resource utilization.

Answer

B. compliance measures.

CISA Question 2922

Question

Which of the following is the MOST effective way for an IS auditor to identify unauthorized changes to the production state of a critical business application?

A. Run an automated scan of the production environment to detect missing software patches.
B. Compare a list of production system changes with the configuration management database (CMDB).
C. Review recently approved changes to application programming interfaces (API) in the production environment.
D. Review recent updates in the configuration management database (CMDB) for compliance with IT policies.

Answer

D. Review recent updates in the configuration management database (CMDB) for compliance with IT policies.

CISA Question 2923

Question

A region where an organization conducts business has announced changes in privacy legislation. Which of the following should an IS auditor do FIRST to prepare for the changes?

A. Perform a gap analysis with current privacy procedures.
B. Provide suggested updates to the organization’s privacy procedures.
C. Communicate the changes in privacy legislation to the legal department.
D. Design compensating controls to be in compliance with new privacy legislation.

Answer

A. Perform a gap analysis with current privacy procedures.

CISA Question 2924

Question

Following an acquisition, it was decided that legacy applications subject to compliance requirements will continue to be used until they can be phased out. The IS auditor needs to determine where there are control redundancies and where gaps may exist. Which of the following activities would be MOST helpful in making this determination?

A. Control self-assessments
B. Risk assessment
C. Control testing
D. Control mapping

Answer

A. Control self-assessments

CISA Question 2925

Question

A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor’s BEST recommendation to facilitate compliance with the regulation?

A. Include the requirement in the incident management response plan.
B. Establish key performance indicators (KPIs) for timely identification of security incidents.
C. Enhance the alert functionality of the intrusion detection system (IDS).
D. Engage an external security incident response expert for incident handling.

Answer

A. Include the requirement in the incident management response plan.

CISA Question 2926

Question

An IS auditor is reviewing standards and compliance requirements related to an upcoming systems audit. The auditor notes that the industry standards are less stringent than local regulatory standards. How should the auditor proceed?

A. Audit to the standards with the highest requirements.
B. Audit exclusively to the industry standards.
C. Coordinate with regulatory officers to determine necessary requirements.
D. Audit to the policies and procedures of the organization.

Answer

C. Coordinate with regulatory officers to determine necessary requirements.

CISA Question 2927

Question

Which of the following is the BEST source of information for an IS auditor to use as a baseline to assess the adequacy of an organization’s privacy policy?

A. Benchmark studies of similar organizations
B. Local privacy standards and regulations
C. Historical privacy breaches and related root causes
D. Globally accepted privacy best practices

Answer

B. Local privacy standards and regulations

CISA Question 2928

Question

Which of the following tests would provide the BEST assurance that a health care organization is handling patient data appropriately?

A. Compliance with local laws and regulations
B. Compliance with the organization’s policies and procedures
C. Compliance with action plans resulting from recent audits
D. Compliance with industry standards and best practice

Answer

C. Compliance with action plans resulting from recent audits

CISA Question 2929

Question

A new regulatory standard for data privacy requires an organization to protect personally identifiable information (PII). Which of the following is MOST important to include in the audit engagement plan to access compliance with the new standard?

A. Identification of IT systems that host PII
B. Review of data loss risk scenarios
C. Identification of unencrypted PII
D. Review of data protection procedures

Answer

D. Review of data protection procedures

CISA Question 2930

Question

A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization’s level of exposure in the affected country. Which of the following would be MOST helpful in making this assessment?

A. Identifying data security threats in the affected jurisdiction
B. Reviewing data classification procedures associated with the affected jurisdiction
C. Identifying business processes associated with personal data exchange with the affected jurisdiction
D. Developing an inventory of all business entities that exchange personal data with the affected jurisdiction

Answer

C. Identifying business processes associated with personal data exchange with the affected jurisdiction

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.