The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2961
- Question
- Answer
- CISA Question 2962
- Question
- Answer
- CISA Question 2963
- Question
- Answer
- CISA Question 2964
- Question
- Answer
- CISA Question 2965
- Question
- Answer
- CISA Question 2966
- Question
- Answer
- CISA Question 2967
- Question
- Answer
- CISA Question 2968
- Question
- Answer
- CISA Question 2969
- Question
- Answer
- CISA Question 2970
- Question
- Answer
CISA Question 2961
Question
Which of the following is the BEST way for an information security manager to justify continued investment in the information security program when the organization is facing significant budget cuts?
A. Demonstrate an increase in ransomware attacks targeting peer organizations.
B. Demonstrate the readiness of business continuity plans.
C. Demonstrate that implemented program controls are effective.
D. Demonstrate that the program enables business activities.
Answer
D. Demonstrate that the program enables business activities.
CISA Question 2962
Question
An information security manager has developed a strategy to address new information security risks resulting from recent changes in the business. Which of the following would be MOST important to include when presenting the strategy to senior management?
A. The impact of organizational changes on the security risk profile
B. The costs associated with business process changes
C. Results of benchmarking against industry peers
D. Security controls needed for risk mitigation
Answer
A. The impact of organizational changes on the security risk profile
CISA Question 2963
Question
Which of the following would BEST assist an information security manager in gaining strategic support from executive management?
A. Research on trends in global information security breaches
B. Risk analysis specific to the organization
C. Annual report of security incidents within the organization
D. Rating of the organization’s security based on international standards
Answer
B. Risk analysis specific to the organization
CISA Question 2964
Question
Which of the following is the PRIMARY purpose of conducting a business impact analysis (BIA)?
A. Identifying risk mitigation options
B. Identifying key business risks
C. Identifying critical business processes
D. Identifying the threat environment
Answer
B. Identifying key business risks
CISA Question 2965
Question
To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST:
A. conduct a risk assessment.
B. perform a gap analysis.
C. conduct a cost-benefit analysis.
D. interview senior management.
Answer
B. perform a gap analysis.
CISA Question 2966
Question
An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:
A. identify security program gaps or systemic weaknesses that need correction.
B. prepare properly vetted notifications regarding the incidents to external parties.
C. identify who should be held accountable for the security incidents.
D. document and report the root cause of the incidents for senior management.
Answer
A. identify security program gaps or systemic weaknesses that need correction.
CISA Question 2967
Question
Which of the following is the BEST approach for determining the maturity level of an information security program?
A. Review internal audit results.
B. Engage a third-party review.
C. Perform a self-assessment.
D. Evaluate key performance indicators (KPIs).
Answer
D. Evaluate key performance indicators (KPIs).
CISA Question 2968
Question
Which of the following is MOST effective in the strategic alignment of security initiatives?
A. A security steering committee is set up within the IT department.
B. Key information security policies are updated on a regular basis.
C. Business leaders participate in information security decision making.
D. Policies are created with input from business unit managers.
Answer
D. Policies are created with input from business unit managers.
CISA Question 2969
Question
The PRIMARY purpose of asset valuation for the management of information security is to:
A. eliminate the least significant assets.
B. provide a basis for asset classification.
C. determine the value of each asset.
D. prioritize risk management activities.
Answer
C. determine the value of each asset.
CISA Question 2970
Question
Which of the following is MOST important when selecting an information security metric?
A. Defining the metric in quantitative terms
B. Aligning the metric to the IT strategy
C. Defining the metric in qualitative terms
D. Ensuring the metric is repeatable
Answer
A. Defining the metric in quantitative terms