Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 28

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2961

Question

Which of the following is the BEST way for an information security manager to justify continued investment in the information security program when the organization is facing significant budget cuts?

A. Demonstrate an increase in ransomware attacks targeting peer organizations.
B. Demonstrate the readiness of business continuity plans.
C. Demonstrate that implemented program controls are effective.
D. Demonstrate that the program enables business activities.

Answer

D. Demonstrate that the program enables business activities.

CISA Question 2962

Question

An information security manager has developed a strategy to address new information security risks resulting from recent changes in the business. Which of the following would be MOST important to include when presenting the strategy to senior management?

A. The impact of organizational changes on the security risk profile
B. The costs associated with business process changes
C. Results of benchmarking against industry peers
D. Security controls needed for risk mitigation

Answer

A. The impact of organizational changes on the security risk profile

CISA Question 2963

Question

Which of the following would BEST assist an information security manager in gaining strategic support from executive management?

A. Research on trends in global information security breaches
B. Risk analysis specific to the organization
C. Annual report of security incidents within the organization
D. Rating of the organization’s security based on international standards

Answer

B. Risk analysis specific to the organization

CISA Question 2964

Question

Which of the following is the PRIMARY purpose of conducting a business impact analysis (BIA)?

A. Identifying risk mitigation options
B. Identifying key business risks
C. Identifying critical business processes
D. Identifying the threat environment

Answer

B. Identifying key business risks

CISA Question 2965

Question

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST:

A. conduct a risk assessment.
B. perform a gap analysis.
C. conduct a cost-benefit analysis.
D. interview senior management.

Answer

B. perform a gap analysis.

CISA Question 2966

Question

An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:

A. identify security program gaps or systemic weaknesses that need correction.
B. prepare properly vetted notifications regarding the incidents to external parties.
C. identify who should be held accountable for the security incidents.
D. document and report the root cause of the incidents for senior management.

Answer

A. identify security program gaps or systemic weaknesses that need correction.

CISA Question 2967

Question

Which of the following is the BEST approach for determining the maturity level of an information security program?

A. Review internal audit results.
B. Engage a third-party review.
C. Perform a self-assessment.
D. Evaluate key performance indicators (KPIs).

Answer

D. Evaluate key performance indicators (KPIs).

CISA Question 2968

Question

Which of the following is MOST effective in the strategic alignment of security initiatives?

A. A security steering committee is set up within the IT department.
B. Key information security policies are updated on a regular basis.
C. Business leaders participate in information security decision making.
D. Policies are created with input from business unit managers.

Answer

D. Policies are created with input from business unit managers.

CISA Question 2969

Question

The PRIMARY purpose of asset valuation for the management of information security is to:

A. eliminate the least significant assets.
B. provide a basis for asset classification.
C. determine the value of each asset.
D. prioritize risk management activities.

Answer

C. determine the value of each asset.

CISA Question 2970

Question

Which of the following is MOST important when selecting an information security metric?

A. Defining the metric in quantitative terms
B. Aligning the metric to the IT strategy
C. Defining the metric in qualitative terms
D. Ensuring the metric is repeatable

Answer

A. Defining the metric in quantitative terms

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.