Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 29

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3011

Question

Which of the following would be MOST effective when justifying the cost of adding security controls to an existing web application?

A. Vulnerability assessment results
B. Application security policy
C. A business case
D. Internal audit reports

Answer

C. A business case

CISA Question 3012

Question

In an organization where IT is critical to its business strategy and where there is a high level of operational dependence on IT, senior management commitment to security is BEST demonstrated by the:

A. reporting line of the chief information security officer (CISO).
B. segregation of duties policy.
C. existence of an IT steering committee.
D. size of the IT security function.

Answer

C. existence of an IT steering committee.

CISA Question 3013

Question

The PRIMARY purpose of aligning information security with corporate governance objectives is to:

A. identify an organization’s tolerance for risk.
B. re-align roles and responsibilities.
C. build capabilities to improve security processes.
D. consistently manage significant areas of risk.

Answer

C. build capabilities to improve security processes.

CISA Question 3014

Question

Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:

A. conducts frequent reviews of the security policy.
B. includes a mix of members from all levels of management.
C. has a clearly defined charter and meeting protocols.
D. has established relationships with external professionals.

Answer

B. includes a mix of members from all levels of management.

CISA Question 3015

Question

Which of the following is the MOST effective way to achieve the integration of information security governance into corporate governance?

A. Ensure information security aligns with IT strategy.
B. Provide periodic IT balanced scorecards to senior management.
C. Align information security budget requests to organizational goals.
D. Ensure information security efforts support business goals.

Answer

D. Ensure information security efforts support business goals.

CISA Question 3016

Question

After implementing an information security governance framework, which of the following would provide the BEST information to develop an information security project plan?

A. Balanced scorecard
B. Recent audit results
C. Risk heat map
D. Gap analysis

Answer

A. Balanced scorecard

CISA Question 3017

Question

Which of the following is MOST important to the successful implementation of an information security governance framework across the organization?

A. The existing organizational security culture
B. Security management processes aligned with security objectives
C. Organizational security controls deployed in line with regulations
D. Security policies that adhere to industry best practices

Answer

B. Security management processes aligned with security objectives

CISA Question 3018

Question

Which of the following is the MOST effective way of ensuring that business units comply with an information security governance framework?

A. Conducting information security awareness training
B. Performing security assessments and gap analyses
C. Integrating security requirements with processes
D. Conducting a business impact analysis (BIA)

Answer

C. Integrating security requirements with processes

CISA Question 3019

Question

An information security manager’s PRIMARY objective for presenting key risks to the board of directors is to:

A. re-evaluate the risk appetite.
B. quantify reputational risks.
C. meet information security compliance requirements.
D. ensure appropriate information security governance.

Answer

D. ensure appropriate information security governance.

CISA Question 3020

Question

An IS auditor has completed a review of an outsourcing agreement and has identified IT governance issues. Which of the following is the MOST effective and efficient way of communicating the issues at a meeting with senior management?

A. Present a completed report and discuss the details.
B. Provide a detailed report in advance and open the floor to questions.
C. Present an overview highlighting the key findings.
D. Provide a plan of action and milestones.

Answer

C. Present an overview highlighting the key findings.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.