The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2931
- Question
- Answer
- CISA Question 2932
- Question
- Answer
- CISA Question 2933
- Question
- Answer
- CISA Question 2934
- Question
- Answer
- CISA Question 2935
- Question
- Answer
- CISA Question 2936
- Question
- Answer
- CISA Question 2937
- Question
- Answer
- CISA Question 2938
- Question
- Answer
- CISA Question 2939
- Question
- Answer
- CISA Question 2940
- Question
- Answer
CISA Question 2931
Question
Which of the following is MOST important to consider when reviewing a third-party service agreement for disaster recovery services?
A. Recovery point objectives (RPOs) and recovery time objectives (RTOs) are included in the agreement.
B. The lowest price possible is obtained for the service rendered.
C. Security and regulatory requirements are addressed in the agreement.
D. Provisions exist to retain ownership of intellectual property in the event of termination.
Answer
C. Security and regulatory requirements are addressed in the agreement.
CISA Question 2932
Question
Which of the following is the BEST evidence that an organization is aware of applicable laws and regulations?
A. The organization’s compliance matrix
B. History of legal actions and regulatory correspondence
C. The existence of an employee awareness training program
D. Industry benchmark results
Answer
A. The organization’s compliance matrix
CISA Question 2933
Question
Which of the following is the MOST significant obstacle to establishing a new privacy program?
A. Unresolved overlap of security and privacy roles and responsibilities
B. An insufficient privacy awareness training program
C. A Complex legal and regulatory landscape
D. Failure to perform a business impact analysis (BIA)
Answer
C. A Complex legal and regulatory landscape
CISA Question 2934
Question
Which of the following is the BEST indication that an organization has achieved legal and regulatory compliance?
A. The board of directors and senior management accept responsibility for compliance.
B. An independent consultant has been appointed to ensure legal and regulatory compliance.
C. Periodic external and internal audits have not identified instances of noncompliance.
D. The risk management process incorporates noncompliance as a risk.
Answer
C. Periodic external and internal audits have not identified instances of noncompliance.
CISA Question 2935
Question
Which of the following IT processes is likely to have the GREATEST inherent regulatory risk?
A. IT project management
B. Data management
C. Capacity management
D. IT resource management
Answer
B. Data management
CISA Question 2936
Question
Which of the following should be of GREATEST concern to an IS auditor reviewing an organization’s initiative to adopt an enterprise governance framework?
A. The organization has not identified the business drivers for adopting the framework.
B. The organization’s security department has not been involved with the initiative.
C. The organization has tried to adopt the entire framework at once.
D. The organization has not provided employees with formal training on the framework.
Answer
A. The organization has not identified the business drivers for adopting the framework.
CISA Question 2937
Question
An IS auditor’s role in privacy and security is to:
A. assist in developing an IS security strategy.
B. verify compliance with applicable laws.
C. implement risk management methodologies.
D. assist the governance steering committee with implementing a security policy.
Answer
D. assist the governance steering committee with implementing a security policy.
CISA Question 2938
Question
Which of the following is a benefit of requiring management to issue a report to stakeholders regarding the internal controls over IT?
A. Transparency of IT costs
B. Improved portfolio management
C. Improved cost management
D. Focus on IT governance
Answer
D. Focus on IT governance
CISA Question 2939
Question
Which of the following governance functions is responsible for ensuring IT projects have sufficient resources and are prioritized appropriately?
A. Board of directors
B. IT management
C. IT steering committee
D. Executive management
Answer
C. IT steering committee
CISA Question 2940
Question
Which of the following is the MOST important step in the development of an effective IT governance action plan?
A. Conducting a business impact analysis (BIA)
B. Preparing a statement of sensitivity
C. Setting up an IT governance framework for the process
D. Measuring IT governance key performance indicators (KPIs)
Answer
D. Measuring IT governance key performance indicators (KPIs)