ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 29

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 3051

Question

Which of the following is a distinguishing feature at the highest level of a maturity model?

A. There are formal standards and procedures.
B. Projects are controlled with management supervision.
C. A continuous improvement process is applied.
D. Processes are monitored continuously.

Answer

C. A continuous improvement process is applied.

CISA Question 3052

Question

Which of the following is MOST important to include in a contract with a software development service provider?

A. A list of key performance indicators (KPIs)
B. Ownership of intellectual property
C. Service level agreement (SLA)
D. Explicit contract termination requirements

Answer

B. Ownership of intellectual property

CISA Question 3053

Question

Which of the following is MOST important when evaluating the retention period for a cloud provider’s client data backups?

A. Cost of data storage
B. Contractual commitments
C. Previous audit recommendations
D. Industry best practice

Answer

B. Contractual commitments

CISA Question 3054

Question

Which of the following can provide assurance that an IT project has delivered its planned benefits?

A. User acceptance testing (UAT)
B. Steering committee approval
C. Post-implementation review
D. Quality assurance evaluation

Answer

C. Post-implementation review

CISA Question 3055

Question

An IT steering committee assists the board of directors to fulfill IT governance duties by:

A. developing IT policies and procedures for project tracking.
B. focusing on the supply of IT services and products.
C. overseeing major projects and IT resource allocation.
D. implementing the IT strategy.

Answer

C. overseeing major projects and IT resource allocation.

CISA Question 3056

Question

Which of the following is MOST – important to consider when developing a bring your own device (BYOD) policy?

A. Supported operating systems
B. Procedure for accessing the network
C. Application download restrictions
D. Remote wipe procedures

Answer

B. Procedure for accessing the network

CISA Question 3057

Question

A CEO requests access to corporate documents from a mobile device that does not comply with organizational policy. The information security manager should FIRST:

A. evaluate the business risk
B. evaluate a third-party solution
C. initiate an exception approval process
D. deploy additional security controls

Answer

A. evaluate the business risk

CISA Question 3058

Question

A small organization is experiencing rapid growth and plans to create a new information security policy. Which of the following is MOST relevant to creating the policy?

A. Industry standards
B. The business impact analysis (BIA)
C. The business objectives
D. Previous audit recommendations

Answer

C. The business objectives

CISA Question 3059

Question

An internal IS auditor discovers that a service organization did not notify its customers following a data breach. Which of the following should the auditor do FIRST?

A. Notify audit management of the finding.
B. Report the finding to regulatory authorities.
C. Notify the service organization’s customers.
D. Require the service organization to notify its customers.

Answer

A. Notify audit management of the finding.

CISA Question 3060

Question

Which of the following should be the PRIMARY reason to establish a social media policy for all employees?

A. To publish acceptable messages to be used by employees when posting
B. To raise awareness and provide guidance about social media risks
C. To restrict access to social media during business hours to maintain productivity
D. To prevent negative public social media postings and comments

Answer

B. To raise awareness and provide guidance about social media risks