The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3011
- Question
- Answer
- CISA Question 3012
- Question
- Answer
- CISA Question 3013
- Question
- Answer
- CISA Question 3014
- Question
- Answer
- CISA Question 3015
- Question
- Answer
- CISA Question 3016
- Question
- Answer
- CISA Question 3017
- Question
- Answer
- CISA Question 3018
- Question
- Answer
- CISA Question 3019
- Question
- Answer
- CISA Question 3020
- Question
- Answer
CISA Question 3011
Question
Which of the following would be MOST effective when justifying the cost of adding security controls to an existing web application?
A. Vulnerability assessment results
B. Application security policy
C. A business case
D. Internal audit reports
Answer
C. A business case
CISA Question 3012
Question
In an organization where IT is critical to its business strategy and where there is a high level of operational dependence on IT, senior management commitment to security is BEST demonstrated by the:
A. reporting line of the chief information security officer (CISO).
B. segregation of duties policy.
C. existence of an IT steering committee.
D. size of the IT security function.
Answer
C. existence of an IT steering committee.
CISA Question 3013
Question
The PRIMARY purpose of aligning information security with corporate governance objectives is to:
A. identify an organization’s tolerance for risk.
B. re-align roles and responsibilities.
C. build capabilities to improve security processes.
D. consistently manage significant areas of risk.
Answer
C. build capabilities to improve security processes.
CISA Question 3014
Question
Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:
A. conducts frequent reviews of the security policy.
B. includes a mix of members from all levels of management.
C. has a clearly defined charter and meeting protocols.
D. has established relationships with external professionals.
Answer
B. includes a mix of members from all levels of management.
CISA Question 3015
Question
Which of the following is the MOST effective way to achieve the integration of information security governance into corporate governance?
A. Ensure information security aligns with IT strategy.
B. Provide periodic IT balanced scorecards to senior management.
C. Align information security budget requests to organizational goals.
D. Ensure information security efforts support business goals.
Answer
D. Ensure information security efforts support business goals.
CISA Question 3016
Question
After implementing an information security governance framework, which of the following would provide the BEST information to develop an information security project plan?
A. Balanced scorecard
B. Recent audit results
C. Risk heat map
D. Gap analysis
Answer
A. Balanced scorecard
CISA Question 3017
Question
Which of the following is MOST important to the successful implementation of an information security governance framework across the organization?
A. The existing organizational security culture
B. Security management processes aligned with security objectives
C. Organizational security controls deployed in line with regulations
D. Security policies that adhere to industry best practices
Answer
B. Security management processes aligned with security objectives
CISA Question 3018
Question
Which of the following is the MOST effective way of ensuring that business units comply with an information security governance framework?
A. Conducting information security awareness training
B. Performing security assessments and gap analyses
C. Integrating security requirements with processes
D. Conducting a business impact analysis (BIA)
Answer
C. Integrating security requirements with processes
CISA Question 3019
Question
An information security manager’s PRIMARY objective for presenting key risks to the board of directors is to:
A. re-evaluate the risk appetite.
B. quantify reputational risks.
C. meet information security compliance requirements.
D. ensure appropriate information security governance.
Answer
D. ensure appropriate information security governance.
CISA Question 3020
Question
An IS auditor has completed a review of an outsourcing agreement and has identified IT governance issues. Which of the following is the MOST effective and efficient way of communicating the issues at a meeting with senior management?
A. Present a completed report and discuss the details.
B. Provide a detailed report in advance and open the floor to questions.
C. Present an overview highlighting the key findings.
D. Provide a plan of action and milestones.
Answer
C. Present an overview highlighting the key findings.