The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2971
- Question
- Answer
- CISA Question 2972
- Question
- Answer
- CISA Question 2973
- Question
- Answer
- CISA Question 2974
- Question
- Answer
- CISA Question 2975
- Question
- Answer
- CISA Question 2976
- Question
- Answer
- CISA Question 2977
- Question
- Answer
- CISA Question 2978
- Question
- Answer
- CISA Question 2979
- Question
- Answer
- CISA Question 2980
- Question
- Answer
CISA Question 2971
Question
Which of the following is MOST important to include in a contract with a critical service provider to help ensure alignment with the organization’s information security program?
A. Escalation paths
B. Right-to-audit clause
C. Termination language
D. Key performance indicators (KPIs)
Answer
D. Key performance indicators (KPIs)
CISA Question 2972
Question
Which of the following should be the PRIMARY objective of the information security incident response process?
A. Minimizing negative impact to critical operations
B. Communicating with internal and external parties
C. Classifying incidents
D. Conducting incident triage
Answer
A. Minimizing negative impact to critical operations
CISA Question 2973
Question
The PRIMARY focus of a training curriculum for members of an incident response team should be:
A. technology training.
B. security awareness.
C. external corporate communication.
D. specific role training.
Answer
D. specific role training.
CISA Question 2974
Question
Which of the following is the PRIMARY role of a data custodian?
A. Processing information
B. Securing information
C. Classifying information
D. Validating information
Answer
B. Securing information
CISA Question 2975
Question
To integrate security into system development life cycle (SDLC) processes, an organization MUST ensure that security:
A. is a prerequisite for completion of major phases.
B. performance metrics have been met.
C. roles and responsibilities have been defined.
D. is represented on the configuration control board.
Answer
A. is a prerequisite for completion of major phases.
CISA Question 2976
Question
Which of the following is the MOST effective way to ensure security policies are relevant to organizational business practices?
A. Leverage security steering committee contribution.
B. Obtain senior management sign-off.
C. Integrate industry best practices.
D. Conduct an organization-wide security audit.
Answer
B. Obtain senior management sign-off.
CISA Question 2977
Question
To effectively classify data, which of the following MUST be determined?
A. Data controls
B. Data ownership
C. Data users
D. Data volume
Answer
B. Data ownership
CISA Question 2978
Question
Which of the following would provide the MOST reliable evidence to indicate whether employee access has been deactivated in a timely manner following termination?
A. Comparing termination forms with dates in the HR system
B. Reviewing hardware return-of-asset forms
C. Interviewing supervisors to verify employee data is being updated immediately
D. Comparing termination forms with system transaction log entries
Answer
D. Comparing termination forms with system transaction log entries
CISA Question 2979
Question
The PRIMARY reason an organization would require that users sign an acknowledgment of their system access responsibilities is to:
A. maintain compliance with industry best practices.
B. serve as evidence of security awareness training.
C. assign accountability for transactions made with the user’s ID.
D. maintain an accurate record of users’ access rights.
Answer
B. serve as evidence of security awareness training.
CISA Question 2980
Question
Which of the following is the MOST important factor to consider when establishing a severity hierarchy for information security incidents?
A. Management support
B. Business impact
C. Regulatory compliance
D. Residual risk
Answer
B. Business impact