Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 29

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3001

Question

Which of the following is a directive control?

A. Establishing an information security operations team
B. Updating data loss prevention software
C. Implementing an information security policy
D. Configuring data encryption software

Answer

C. Implementing an information security policy

CISA Question 3002

Question

Which of the following BEST indicates a need to review an organization’s information security policy?

A. Completion of annual IT risk assessment
B. Increasing complexity of business transactions
C. Increasing exceptions approved by management
D. High number of low-risk findings in the audit report

Answer

B. Increasing complexity of business transactions

CISA Question 3003

Question

A review of Internet security disclosed that users have individual user accounts with the Internet service providers (ISPs) and use these accounts for downloading business data. The organization wants to ensure that only corporate network is used. The organization should FIRST:

A. use a proxy server to filter out Internet sites that should not be accessed.
B. keep a manual log of Internal access.
C. monitor remote access activities.
D. include a statement in its security policy about Internet use.

Answer

D. include a statement in its security policy about Internet use.

CISA Question 3004

Question

Which of the following factors will BEST promote effective information security management?

A. Senior management commitment
B. Identification and risk assessment of sensitive resources
C. Security awareness training
D. Security policy framework

Answer

A. Senior management commitment

CISA Question 3005

Question

Which of the following is the FIRST consideration when developing a data retention policy?

A. Determining the backup cycle based on retention period
B. Designing an infrastructure storage strategy
C. Identifying the legal and contractual retention period for data
D. Determining the security access privileges to the data

Answer

D. Determining the security access privileges to the data

CISA Question 3006

Question

Following significant organizational changes, which of the following is the MOST important consideration when updating the IT policy?

A. The policy is integrated into job descriptions.
B. The policy is endorsed by senior executives.
C. The policy is compliant with relevant laws and regulations.
D. The policy is aligned with industry standards and best practice.

Answer

C. The policy is compliant with relevant laws and regulations.

CISA Question 3007

Question

An information security manager learns that a departmental system is out of compliance with the information security policy’s authentication requirements. Which of the following should be the information security manager’s FIRST course of action?

A. Isolate the noncompliant system from the rest of the network.
B. Submit the issue to the steering committee for escalation.
C. Request risk acceptance from senior management.
D. Conduct an impact analysis to quantify the associated risk.

Answer

D. Conduct an impact analysis to quantify the associated risk.

CISA Question 3008

Question

Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?

A. A report on the maturity of controls
B. Up-to-date policy and procedures documentation
C. Existence of an industry-accepted framework
D. Results of an independent assessment

Answer

D. Results of an independent assessment

CISA Question 3009

Question

A large organization is considering a policy that would allow employees to bring their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:

A. lack of a device management solution.
B. decrease in end user productivity.
C. impact on network capacity.
D. higher costs in supporting end users.

Answer

A. lack of a device management solution.

CISA Question 3010

Question

In the absence of technical controls, what would be the BEST way to reduce unauthorized text messaging on company-supplied mobile devices?

A. Update the corporate mobile usage policy to prohibit texting.
B. Conduct a business impact analysis (BIA) and provide the report to management.
C. Stop providing mobile devices until the organization is able to implement controls.
D. Include the topic of prohibited texting in security awareness training

Answer

D. Include the topic of prohibited texting in security awareness training

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker