The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3061
- Question
- Answer
- CISA Question 3062
- Question
- Answer
- CISA Question 3063
- Question
- Answer
- CISA Question 3064
- Question
- Answer
- CISA Question 3065
- Question
- Answer
- CISA Question 3066
- Question
- Answer
- CISA Question 3067
- Question
- Answer
- CISA Question 3068
- Question
- Answer
- CISA Question 3069
- Question
- Answer
- CISA Question 3070
- Question
- Answer
CISA Question 3061
Question
Which of the following is MOST important for the IS auditor to verify when reviewing the development process of a security policy?
A. Evidence of active involvement of key stakeholders
B. Output from the enterprise’s risk management system
C. Identification of the control framework
D. Evidence of management approval
Answer
D. Evidence of management approval
CISA Question 3062
Question
A large number of exceptions to an organization’s information security standards have been granted after senior management approved a bring your own device (BYOD) program. To address this situation, it is MOST important for the information security manage to:
A. introduce strong authentication on devices
B. reject new exception requests
C. require authorization to wipe lost devices
D. update the information security policy
Answer
D. update the information security policy
CISA Question 3063
Question
Which of the following is a step in establishing a security policy?
A. Developing platform-level security baselines.
B. Developing configurations parameters for the network,
C. Implementing a process for developing and maintaining the policy.
D. Creating a RACI matrix.
Answer
C. Implementing a process for developing and maintaining the policy.
CISA Question 3064
Question
In a multinational organization, local security regulations should be implemented over global security policy because:
A. global security policies include unnecessary controls for local businesses
B. business objectives are defined by local business unit managers
C. requirements of local regulations take precedence
D. deploying awareness of local regulations is more practical than of global policy
Answer
C. requirements of local regulations take precedence
CISA Question 3065
Question
Implementing a strong password policy is part of an organization’s information security strategy for the year. A business unit believes the strategy may adversely affect a client’s adoption of a recently developed mobile application and has decided not to implement the policy. Which of the following would be the information security manager’s BEST course of action?
A. Analyze the risk and impact of not implementing the policy
B. Develop and implement a password policy for the mobile application
C. Escalate non-implementation of the policy to senior management
D. Benchmark with similar mobile applications to identify gaps
Answer
A. Analyze the risk and impact of not implementing the policy
CISA Question 3066
Question
An IS auditor finds that application servers had inconsistent configurations leading to potential security vulnerabilities. Which of the following should the auditor recommend FIRST?
A. Enforce server baseline standards.
B. Improve change management processes using a workflow tool.
C. Hold the application owner accountable for monitoring metrics.
D. Use a single vendor for the application servers.
Answer
A. Enforce server baseline standards.
CISA Question 3067
Question
What type of control is being used when an organization publishes standards and procedures for vulnerability management?
A. Directive
B. Preventive
C. Corrective
D. Detective
Answer
A. Directive
CISA Question 3068
Question
The BEST way to validate whether a malicious act has actually occurred in an application is to review:
A. segregation of duties
B. access controls
C. activity logs
D. change management logs
Answer
C. activity logs
CISA Question 3069
Question
Which of the following findings would be of GREATEST concern to an IS auditor performing an information security audit of critical server log management activities?
A. Log records can be overwritten before being reviewed.
B. Logging procedures are insufficiently documented.
C. Log records are dynamically into different servers.
D. Logs are monitored using manual processes.
Answer
A. Log records can be overwritten before being reviewed.
CISA Question 3070
Question
An organization has developed mature risk management practices that are followed across all departments. What is the MOST effective way for the audit team to leverage this risk management maturity?
A. Facilitating audit risk identification and evaluation workshops
B. Implementing risk responses on management’s behalf
C. Providing assurances to management regarding risk
D. Integrating the risk register for audit planning purposes
Answer
D. Integrating the risk register for audit planning purposes