Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 28

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2931

Question

Which of the following is MOST important to consider when reviewing a third-party service agreement for disaster recovery services?

A. Recovery point objectives (RPOs) and recovery time objectives (RTOs) are included in the agreement.
B. The lowest price possible is obtained for the service rendered.
C. Security and regulatory requirements are addressed in the agreement.
D. Provisions exist to retain ownership of intellectual property in the event of termination.

Answer

C. Security and regulatory requirements are addressed in the agreement.

CISA Question 2932

Question

Which of the following is the BEST evidence that an organization is aware of applicable laws and regulations?

A. The organization’s compliance matrix
B. History of legal actions and regulatory correspondence
C. The existence of an employee awareness training program
D. Industry benchmark results

Answer

A. The organization’s compliance matrix

CISA Question 2933

Question

Which of the following is the MOST significant obstacle to establishing a new privacy program?

A. Unresolved overlap of security and privacy roles and responsibilities
B. An insufficient privacy awareness training program
C. A Complex legal and regulatory landscape
D. Failure to perform a business impact analysis (BIA)

Answer

C. A Complex legal and regulatory landscape

CISA Question 2934

Question

Which of the following is the BEST indication that an organization has achieved legal and regulatory compliance?

A. The board of directors and senior management accept responsibility for compliance.
B. An independent consultant has been appointed to ensure legal and regulatory compliance.
C. Periodic external and internal audits have not identified instances of noncompliance.
D. The risk management process incorporates noncompliance as a risk.

Answer

C. Periodic external and internal audits have not identified instances of noncompliance.

CISA Question 2935

Question

Which of the following IT processes is likely to have the GREATEST inherent regulatory risk?

A. IT project management
B. Data management
C. Capacity management
D. IT resource management

Answer

B. Data management

CISA Question 2936

Question

Which of the following should be of GREATEST concern to an IS auditor reviewing an organization’s initiative to adopt an enterprise governance framework?

A. The organization has not identified the business drivers for adopting the framework.
B. The organization’s security department has not been involved with the initiative.
C. The organization has tried to adopt the entire framework at once.
D. The organization has not provided employees with formal training on the framework.

Answer

A. The organization has not identified the business drivers for adopting the framework.

CISA Question 2937

Question

An IS auditor’s role in privacy and security is to:

A. assist in developing an IS security strategy.
B. verify compliance with applicable laws.
C. implement risk management methodologies.
D. assist the governance steering committee with implementing a security policy.

Answer

D. assist the governance steering committee with implementing a security policy.

CISA Question 2938

Question

Which of the following is a benefit of requiring management to issue a report to stakeholders regarding the internal controls over IT?

A. Transparency of IT costs
B. Improved portfolio management
C. Improved cost management
D. Focus on IT governance

Answer

D. Focus on IT governance

CISA Question 2939

Question

Which of the following governance functions is responsible for ensuring IT projects have sufficient resources and are prioritized appropriately?

A. Board of directors
B. IT management
C. IT steering committee
D. Executive management

Answer

C. IT steering committee

CISA Question 2940

Question

Which of the following is the MOST important step in the development of an effective IT governance action plan?

A. Conducting a business impact analysis (BIA)
B. Preparing a statement of sensitivity
C. Setting up an IT governance framework for the process
D. Measuring IT governance key performance indicators (KPIs)

Answer

D. Measuring IT governance key performance indicators (KPIs)

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.