Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 29

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3071

Question

Which of the following should be the PRIMARY objective of an information security governance framework?

A. Increase the organization’s return on security investment.
B. Provide a baseline for optimizing the security profile of the organization.
C. Ensure that users comply with the organization’s information security policies.
D. Demonstrate compliance with industry best practices to external stakeholders.

Answer

B. Provide a baseline for optimizing the security profile of the organization.

CISA Question 3072

Question

From a risk management perspective, which of the following is MOST important to be tracked in continuous monitoring?

A. Number of prevented attacks
B. Changes in the threat environment
C. Changes in user privileges
D. Number of failed logins

Answer

B. Changes in the threat environment

CISA Question 3073

Question

Which of the following is the PRIMARY advantage of having an established information security governance framework in place when an organization is adopting emerging technologies?

A. An emerging technologies strategy would be in place
B. A cost-benefit analysis process would be easier to perform
C. An effective security risk management process is established
D. End-user acceptance of emerging technologies has been established

Answer

C. An effective security risk management process is established

CISA Question 3074

Question

What is the MOST effective way to ensure security policies and procedures are up-to-date?

A. Verify security requirements are being identified and consistently applied.
B. Align the organization’s security practices with industry standards and best practice.
C. Define and document senior management’s vision for the direction of the security
D. Prevent security documentation audit issues from being raised

Answer

B. Align the organization’s security practices with industry standards and best practice.

CISA Question 3075

Question

Which of the following is a PRIMARY responsibility of an information security governance committee?

A. Approving the purchase of information security technologies
B. Approving the information security awareness training strategy
C. Reviewing the information security strategy
D. Analyzing information security policy compliance reviews

Answer

C. Reviewing the information security strategy

CISA Question 3076

Question

When facilitating the alignment of corporate governance and information security governance, which of the following is the MOST important role of an organization’s security steering committee?

A. Obtaining support for the integration from business owners
B. Obtaining approval for the information security budget
C. Evaluating and reporting the degree of integration
D. Defining metrics to demonstrate alignment

Answer

C. Evaluating and reporting the degree of integration

CISA Question 3077

Question

A multinational organization is introducing a security governance framework. The information security manager’s concern is that regional security practices differ.
Which of the following should be evaluated FIRST?

A. Local regulatory requirements
B. Local IT requirements
C. Cross-border data mobility
D. Corporate security objectives

Answer

A. Local regulatory requirements

CISA Question 3078

Question

Which of the following BEST demonstrates effective information security management within an organization?

A. Employees support decisions made by information security management.
B. Excessive risk exposure in one department can be absorbed by other departments.
C. Information security governance is incorporated into organizational governance.
D. Control ownership is assigned to parties who can accept losses related to control failure.

Answer

C. Information security governance is incorporated into organizational governance.

CISA Question 3079

Question

Which of the following is the MOST important requirement for the successful implementation of security governance?

A. Aligning to an international security framework
B. Mapping to organizational strategies
C. Implementing a security balanced scorecard
D. Performing an enterprise-wide risk assessment

Answer

B. Mapping to organizational strategies

CISA Question 3080

Question

The effectiveness of an information security governance framework will BEST be enhanced if:

A. consultants review the information security governance framework
B. a culture of legal and regulatory compliance is promoted by management
C. IS auditors are empowered to evaluate governance activities
D. risk management is built into operational and strategic activities

Answer

B. a culture of legal and regulatory compliance is promoted by management

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.