Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 28

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2971

Question

Which of the following is MOST important to include in a contract with a critical service provider to help ensure alignment with the organization’s information security program?

A. Escalation paths
B. Right-to-audit clause
C. Termination language
D. Key performance indicators (KPIs)

Answer

D. Key performance indicators (KPIs)

CISA Question 2972

Question

Which of the following should be the PRIMARY objective of the information security incident response process?

A. Minimizing negative impact to critical operations
B. Communicating with internal and external parties
C. Classifying incidents
D. Conducting incident triage

Answer

A. Minimizing negative impact to critical operations

CISA Question 2973

Question

The PRIMARY focus of a training curriculum for members of an incident response team should be:

A. technology training.
B. security awareness.
C. external corporate communication.
D. specific role training.

Answer

D. specific role training.

CISA Question 2974

Question

Which of the following is the PRIMARY role of a data custodian?

A. Processing information
B. Securing information
C. Classifying information
D. Validating information

Answer

B. Securing information

CISA Question 2975

Question

To integrate security into system development life cycle (SDLC) processes, an organization MUST ensure that security:

A. is a prerequisite for completion of major phases.
B. performance metrics have been met.
C. roles and responsibilities have been defined.
D. is represented on the configuration control board.

Answer

A. is a prerequisite for completion of major phases.

CISA Question 2976

Question

Which of the following is the MOST effective way to ensure security policies are relevant to organizational business practices?

A. Leverage security steering committee contribution.
B. Obtain senior management sign-off.
C. Integrate industry best practices.
D. Conduct an organization-wide security audit.

Answer

B. Obtain senior management sign-off.

CISA Question 2977

Question

To effectively classify data, which of the following MUST be determined?

A. Data controls
B. Data ownership
C. Data users
D. Data volume

Answer

B. Data ownership

CISA Question 2978

Question

Which of the following would provide the MOST reliable evidence to indicate whether employee access has been deactivated in a timely manner following termination?

A. Comparing termination forms with dates in the HR system
B. Reviewing hardware return-of-asset forms
C. Interviewing supervisors to verify employee data is being updated immediately
D. Comparing termination forms with system transaction log entries

Answer

D. Comparing termination forms with system transaction log entries

CISA Question 2979

Question

The PRIMARY reason an organization would require that users sign an acknowledgment of their system access responsibilities is to:

A. maintain compliance with industry best practices.
B. serve as evidence of security awareness training.
C. assign accountability for transactions made with the user’s ID.
D. maintain an accurate record of users’ access rights.

Answer

B. serve as evidence of security awareness training.

CISA Question 2980

Question

Which of the following is the MOST important factor to consider when establishing a severity hierarchy for information security incidents?

A. Management support
B. Business impact
C. Regulatory compliance
D. Residual risk

Answer

B. Business impact

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.