Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 28

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2981

Question

The MOST important reason that security risk assessment should be conducted frequently throughout an organization is because:

A. threats to the organization may change.
B. controls should be regularly tested.
C. compliance with legal and regulatory standards should be reassessed.
D. control effectiveness may weaken.

Answer

A. threats to the organization may change.

CISA Question 2982

Question

An information security manager is concerned that executive management does not support information security initiatives. Which of the following is the BEST way to address this situation?

A. Demonstrate alignment of the information security function with business needs.
B. Escalate noncompliance concerns to the internal audit manager.
C. Report the risk and status of the information security program to the board.
D. Revise the information security strategy to meet executive management’s expectations.

Answer

A. Demonstrate alignment of the information security function with business needs.

CISA Question 2983

Question

Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?

A. Compensating controls in place to protect information security
B. Corresponding breaches associated with each vendor
C. Criticality of the service to the organization
D. Compliance requirements associated with the regulation

Answer

C. Criticality of the service to the organization

CISA Question 2984

Question

When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:

A. implement controls to mitigate the risk.
B. report compliance to management.
C. review the residual risk level.
D. monitor for business changes.

Answer

C. review the residual risk level.

CISA Question 2985

Question

Which of the following is MOST useful to include in a report to senior management on a regular basis to demonstrate the effectiveness of the information security program?

A. Critical success factors (CSFs)
B. Key risk indicators (KRIs)
C. Capability maturity models
D. Key performance indicators (KPIs)

Answer

D. Key performance indicators (KPIs)

CISA Question 2986

Question

Which of the following provides the GREATEST assurance that an organization allocates appropriate resources to respond to information security events?

A. Incident classification procedures
B. Threat analysis and intelligence reports
C. An approved IT staffing plan
D. Information security policies and standards.

Answer

C. An approved IT staffing plan

CISA Question 2987

Question

Which of the following is the BEST approach to identify noncompliance issues with legal, regulatory, and contractual requirements?

A. Vulnerability assessment
B. Risk assessment
C. Business impact analysis (BIA)
D. Gap analysis

Answer

D. Gap analysis

CISA Question 2988

Question

Which of the following should be of MOST influence to an information security manager when developing IT security policies?

A. Past and current threats
B. IT security framework
C. Compliance with regulations
D. Business strategy

Answer

D. Business strategy

CISA Question 2989

Question

Which of the following would BEST help to ensure compliance with an organization’s information security requirements by an IT service provider?

A. Defining the business recovery plan with the IT service provider
B. Requiring an external security audits of the IT service provider
C. Defining information security requirements with internal IT
D. Requiring regular reporting from the IT service provider

Answer

D. Requiring regular reporting from the IT service provider

CISA Question 2990

Question

When designing an incident response plan to be agreed upon with a cloud computing vendor, including which of the following will BEST help to ensure the effectiveness of the plan?

A. A training program for the vendor staff
B. An audit and compliance program
C. Responsibility and accountability assignments
D. Requirements for onsite recovery testing

Answer

C. Responsibility and accountability assignments

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.