The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 2981
- Question
- Answer
- CISA Question 2982
- Question
- Answer
- CISA Question 2983
- Question
- Answer
- CISA Question 2984
- Question
- Answer
- CISA Question 2985
- Question
- Answer
- CISA Question 2986
- Question
- Answer
- CISA Question 2987
- Question
- Answer
- CISA Question 2988
- Question
- Answer
- CISA Question 2989
- Question
- Answer
- CISA Question 2990
- Question
- Answer
CISA Question 2981
Question
The MOST important reason that security risk assessment should be conducted frequently throughout an organization is because:
A. threats to the organization may change.
B. controls should be regularly tested.
C. compliance with legal and regulatory standards should be reassessed.
D. control effectiveness may weaken.
Answer
A. threats to the organization may change.
CISA Question 2982
Question
An information security manager is concerned that executive management does not support information security initiatives. Which of the following is the BEST way to address this situation?
A. Demonstrate alignment of the information security function with business needs.
B. Escalate noncompliance concerns to the internal audit manager.
C. Report the risk and status of the information security program to the board.
D. Revise the information security strategy to meet executive management’s expectations.
Answer
A. Demonstrate alignment of the information security function with business needs.
CISA Question 2983
Question
Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?
A. Compensating controls in place to protect information security
B. Corresponding breaches associated with each vendor
C. Criticality of the service to the organization
D. Compliance requirements associated with the regulation
Answer
C. Criticality of the service to the organization
CISA Question 2984
Question
When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:
A. implement controls to mitigate the risk.
B. report compliance to management.
C. review the residual risk level.
D. monitor for business changes.
Answer
C. review the residual risk level.
CISA Question 2985
Question
Which of the following is MOST useful to include in a report to senior management on a regular basis to demonstrate the effectiveness of the information security program?
A. Critical success factors (CSFs)
B. Key risk indicators (KRIs)
C. Capability maturity models
D. Key performance indicators (KPIs)
Answer
D. Key performance indicators (KPIs)
CISA Question 2986
Question
Which of the following provides the GREATEST assurance that an organization allocates appropriate resources to respond to information security events?
A. Incident classification procedures
B. Threat analysis and intelligence reports
C. An approved IT staffing plan
D. Information security policies and standards.
Answer
C. An approved IT staffing plan
CISA Question 2987
Question
Which of the following is the BEST approach to identify noncompliance issues with legal, regulatory, and contractual requirements?
A. Vulnerability assessment
B. Risk assessment
C. Business impact analysis (BIA)
D. Gap analysis
Answer
D. Gap analysis
CISA Question 2988
Question
Which of the following should be of MOST influence to an information security manager when developing IT security policies?
A. Past and current threats
B. IT security framework
C. Compliance with regulations
D. Business strategy
Answer
D. Business strategy
CISA Question 2989
Question
Which of the following would BEST help to ensure compliance with an organization’s information security requirements by an IT service provider?
A. Defining the business recovery plan with the IT service provider
B. Requiring an external security audits of the IT service provider
C. Defining information security requirements with internal IT
D. Requiring regular reporting from the IT service provider
Answer
D. Requiring regular reporting from the IT service provider
CISA Question 2990
Question
When designing an incident response plan to be agreed upon with a cloud computing vendor, including which of the following will BEST help to ensure the effectiveness of the plan?
A. A training program for the vendor staff
B. An audit and compliance program
C. Responsibility and accountability assignments
D. Requirements for onsite recovery testing
Answer
C. Responsibility and accountability assignments