Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 29

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3061

Question

Which of the following is MOST important for the IS auditor to verify when reviewing the development process of a security policy?

A. Evidence of active involvement of key stakeholders
B. Output from the enterprise’s risk management system
C. Identification of the control framework
D. Evidence of management approval

Answer

D. Evidence of management approval

CISA Question 3062

Question

A large number of exceptions to an organization’s information security standards have been granted after senior management approved a bring your own device (BYOD) program. To address this situation, it is MOST important for the information security manage to:

A. introduce strong authentication on devices
B. reject new exception requests
C. require authorization to wipe lost devices
D. update the information security policy

Answer

D. update the information security policy

CISA Question 3063

Question

Which of the following is a step in establishing a security policy?

A. Developing platform-level security baselines.
B. Developing configurations parameters for the network,
C. Implementing a process for developing and maintaining the policy.
D. Creating a RACI matrix.

Answer

C. Implementing a process for developing and maintaining the policy.

CISA Question 3064

Question

In a multinational organization, local security regulations should be implemented over global security policy because:

A. global security policies include unnecessary controls for local businesses
B. business objectives are defined by local business unit managers
C. requirements of local regulations take precedence
D. deploying awareness of local regulations is more practical than of global policy

Answer

C. requirements of local regulations take precedence

CISA Question 3065

Question

Implementing a strong password policy is part of an organization’s information security strategy for the year. A business unit believes the strategy may adversely affect a client’s adoption of a recently developed mobile application and has decided not to implement the policy. Which of the following would be the information security manager’s BEST course of action?

A. Analyze the risk and impact of not implementing the policy
B. Develop and implement a password policy for the mobile application
C. Escalate non-implementation of the policy to senior management
D. Benchmark with similar mobile applications to identify gaps

Answer

A. Analyze the risk and impact of not implementing the policy

CISA Question 3066

Question

An IS auditor finds that application servers had inconsistent configurations leading to potential security vulnerabilities. Which of the following should the auditor recommend FIRST?

A. Enforce server baseline standards.
B. Improve change management processes using a workflow tool.
C. Hold the application owner accountable for monitoring metrics.
D. Use a single vendor for the application servers.

Answer

A. Enforce server baseline standards.

CISA Question 3067

Question

What type of control is being used when an organization publishes standards and procedures for vulnerability management?

A. Directive
B. Preventive
C. Corrective
D. Detective

Answer

A. Directive

CISA Question 3068

Question

The BEST way to validate whether a malicious act has actually occurred in an application is to review:

A. segregation of duties
B. access controls
C. activity logs
D. change management logs

Answer

C. activity logs

CISA Question 3069

Question

Which of the following findings would be of GREATEST concern to an IS auditor performing an information security audit of critical server log management activities?

A. Log records can be overwritten before being reviewed.
B. Logging procedures are insufficiently documented.
C. Log records are dynamically into different servers.
D. Logs are monitored using manual processes.

Answer

A. Log records can be overwritten before being reviewed.

CISA Question 3070

Question

An organization has developed mature risk management practices that are followed across all departments. What is the MOST effective way for the audit team to leverage this risk management maturity?

A. Facilitating audit risk identification and evaluation workshops
B. Implementing risk responses on management’s behalf
C. Providing assurances to management regarding risk
D. Integrating the risk register for audit planning purposes

Answer

D. Integrating the risk register for audit planning purposes

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.