ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 3

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 291

Question

An IS auditor suspects an organization’s computer may have been used to commit a crime. Which of the following is the auditor’s BEST course of action?

A. Examine the computer to search for evidence supporting the suspicions.
B. Notify local law enforcement of the potential crime before further investigation.
C. Contact the incident response team to conduct an investigation.
D. Advise management of the crime after the investigation.

Answer

C. Contact the incident response team to conduct an investigation.

CISA Question 292

Question

Which of the following is the MAIN advantage of using one-time passwords?

A. They are suitable for e-commerce authentication.
B. Passwords are hardware/software generated.
C. An intercepted password would be of no use.
D. The user does not need to remember passwords.

Answer

C. An intercepted password would be of no use.

CISA Question 293

Question

An IS auditor finds an organization has a significant number of systems developed by end-users. Which of the following is the BEST recommendation to help mitigate the associated risks?

A. Storing systems on a shared drive managed by IT
B. Storing developed source code in a centralized repository
C. Centralizing information technology procurement
D. Using a formal development methodology

Answer

D. Using a formal development methodology

CISA Question 294

Question

Which of the following would BEST enable an organization to provide indirect access to web applications?

A. Web application proxy
B. Web application programming interface (API)
C. Web application server
D. Web authentication services

Answer

A. Web application proxy

CISA Question 295

Question

Which of the following controls BEST mitigates the impact of a distributed denial of service (DDoS) attack against the controller in a softwaredefined network (SDN)?

A. Implementing multiple physical SDN controllers
B. Relocating virtualized network functions to physical infrastructure
C. Hardening the operating system that hosts the SDN controller
D. Implementing configuration management for SDN controllers

Answer

A. Implementing multiple physical SDN controllers

CISA Question 296

Question

Which of the following is MOST important when creating a forensic image of a hard drive?

A. Generating a content hash of the hard drive
B. Requiring an independent third-party be present while imaging
C. Securing a backup copy of the hard drive
D. Choosing an industry-leading forensics software tool

Answer

A. Generating a content hash of the hard drive

CISA Question 297

Question

Data anonymization helps to prevent which types of attacks in a big data environment?

A. Man-in-the-middle
B. Denial-of-service
C. Correlation
D. Spoofing

Answer

A. Man-in-the-middle

CISA Question 298

Question

Which of the following will MOST likely compromise the control provided by a digital signature created using RSA encryption?

A. Deciphering the receiver’s public key
B. Obtaining the sender’s private key
C. Altering the plaintext message
D. Reversing the hash function using the digest

Answer

B. Obtaining the sender’s private key

CISA Question 299

Question

Which of the following is an example of personally identifiable information (PII)?

A. Office address
B. Passport number
C. Date of birth
D. Marital status

Answer

B. Passport number

CISA Question 300

Question

Which of the following is the PRIMARY factor in determining a recovery time objective (RTO)?

A. Cost of testing the business continuity plan (BCP)
B. Downtime cost of disaster
C. Cost of offsite backup premises
D. Response time of the emergency action plan

Answer

B. Downtime cost of disaster