The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3001
- Question
- Answer
- CISA Question 3002
- Question
- Answer
- CISA Question 3003
- Question
- Answer
- CISA Question 3004
- Question
- Answer
- CISA Question 3005
- Question
- Answer
- CISA Question 3006
- Question
- Answer
- CISA Question 3007
- Question
- Answer
- CISA Question 3008
- Question
- Answer
- CISA Question 3009
- Question
- Answer
- CISA Question 3010
- Question
- Answer
CISA Question 3001
Question
Which of the following is a directive control?
A. Establishing an information security operations team
B. Updating data loss prevention software
C. Implementing an information security policy
D. Configuring data encryption software
Answer
C. Implementing an information security policy
CISA Question 3002
Question
Which of the following BEST indicates a need to review an organization’s information security policy?
A. Completion of annual IT risk assessment
B. Increasing complexity of business transactions
C. Increasing exceptions approved by management
D. High number of low-risk findings in the audit report
Answer
B. Increasing complexity of business transactions
CISA Question 3003
Question
A review of Internet security disclosed that users have individual user accounts with the Internet service providers (ISPs) and use these accounts for downloading business data. The organization wants to ensure that only corporate network is used. The organization should FIRST:
A. use a proxy server to filter out Internet sites that should not be accessed.
B. keep a manual log of Internal access.
C. monitor remote access activities.
D. include a statement in its security policy about Internet use.
Answer
D. include a statement in its security policy about Internet use.
CISA Question 3004
Question
Which of the following factors will BEST promote effective information security management?
A. Senior management commitment
B. Identification and risk assessment of sensitive resources
C. Security awareness training
D. Security policy framework
Answer
A. Senior management commitment
CISA Question 3005
Question
Which of the following is the FIRST consideration when developing a data retention policy?
A. Determining the backup cycle based on retention period
B. Designing an infrastructure storage strategy
C. Identifying the legal and contractual retention period for data
D. Determining the security access privileges to the data
Answer
D. Determining the security access privileges to the data
CISA Question 3006
Question
Following significant organizational changes, which of the following is the MOST important consideration when updating the IT policy?
A. The policy is integrated into job descriptions.
B. The policy is endorsed by senior executives.
C. The policy is compliant with relevant laws and regulations.
D. The policy is aligned with industry standards and best practice.
Answer
C. The policy is compliant with relevant laws and regulations.
CISA Question 3007
Question
An information security manager learns that a departmental system is out of compliance with the information security policy’s authentication requirements. Which of the following should be the information security manager’s FIRST course of action?
A. Isolate the noncompliant system from the rest of the network.
B. Submit the issue to the steering committee for escalation.
C. Request risk acceptance from senior management.
D. Conduct an impact analysis to quantify the associated risk.
Answer
D. Conduct an impact analysis to quantify the associated risk.
CISA Question 3008
Question
Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?
A. A report on the maturity of controls
B. Up-to-date policy and procedures documentation
C. Existence of an industry-accepted framework
D. Results of an independent assessment
Answer
D. Results of an independent assessment
CISA Question 3009
Question
A large organization is considering a policy that would allow employees to bring their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:
A. lack of a device management solution.
B. decrease in end user productivity.
C. impact on network capacity.
D. higher costs in supporting end users.
Answer
A. lack of a device management solution.
CISA Question 3010
Question
In the absence of technical controls, what would be the BEST way to reduce unauthorized text messaging on company-supplied mobile devices?
A. Update the corporate mobile usage policy to prohibit texting.
B. Conduct a business impact analysis (BIA) and provide the report to management.
C. Stop providing mobile devices until the organization is able to implement controls.
D. Include the topic of prohibited texting in security awareness training
Answer
D. Include the topic of prohibited texting in security awareness training