The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3131
- Question
- Answer
- CISA Question 3132
- Question
- Answer
- CISA Question 3133
- Question
- Answer
- CISA Question 3134
- Question
- Answer
- CISA Question 3135
- Question
- Answer
- CISA Question 3136
- Question
- Answer
- CISA Question 3137
- Question
- Answer
- CISA Question 3138
- Question
- Answer
- CISA Question 3139
- Question
- Answer
- CISA Question 3140
- Question
- Answer
CISA Question 3131
Question
The PRIMARY objective of value delivery in reference to IT governance is to:
A. increase efficiency
B. promote best practices
C. optimize investments
D. ensure compliance
Answer
C. optimize investments
CISA Question 3132
Question
Which of the following would be of GREATEST concern to an IS auditor evaluating governance over open source development components?
A. The development project has gone over budget and time
B. The open source development components do not meet industry best practices
C. The software is not analyzed for compliance with organizational requirements
D. Existing open source policies have not been approved in over a year
Answer
C. The software is not analyzed for compliance with organizational requirements
CISA Question 3133
Question
Following a risk assessment, new countermeasures have been approved by management. Which of the following should be performed NEXT?
A. Schedule the target end date for implementation activities.
B. Budget the total cost of implementation activities.
C. Develop an implementation strategy.
D. Calculate the residual risk for each countermeasure.
Answer
C. Develop an implementation strategy.
CISA Question 3134
Question
An information security manager has identified and implemented migrating controls according to industry best practices. Which of the following is the GREATEST risk associated with this approach?
A. Important security controls may be missed without senior management input.
B. The cost of control implementation may be too high.
C. The migration measures may not be updated in a timely manner.
D. The security program may not be aligned with organizational objectives.
Answer
D. The security program may not be aligned with organizational objectives.
CISA Question 3135
Question
What is the MOST important role of an organization’s data custodian in support of information security function?
A. Evaluating data security technology vendors
B. Applying approval security policies
C. Approving access rights to departmental data
D. Assessing data security risks to the organization
Answer
C. Approving access rights to departmental data
CISA Question 3136
Question
An information security manager is developing evidence preservation procedures for an incident response plan. Which of the following would be the BEST source of guidance for requirements associated with the procedures?
A. IT management
B. Executive management
C. Legal counsel
D. Data owners
Answer
D. Data owners
CISA Question 3137
Question
An organization’s IT department is undertaking a large virtualization project to reduce its physical server footprint. Which of the following should be the HIGHEST priority of the information security manager?
A. Determining how incidents will be managed
B. Selecting the virtualization software
C. Being involved as the design stage of the project
D. Ensuring the project has appropriate security funding
Answer
C. Being involved as the design stage of the project
CISA Question 3138
Question
Which of the following should be the MOST important consideration when implementing an information security framework?
A. Compliance requirements
B. Audit findings
C. Technical capabilities
D. Risk appetite
Answer
A. Compliance requirements
CISA Question 3139
Question
Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?
A. Providing information security training to third-party personnel
B. Auditing the service delivery of third-party providers
C. Inducting information security clauses within contracts
D. Requiring third parties to sign confidentiality agreements
Answer
C. Inducting information security clauses within contracts
CISA Question 3140
Question
A PRIMARY advantage of involving business management in evaluating and managing information security risks is that they:
A. better understand the security architecture
B. better understand organizational risks
C. can balance technical and business risks
D. are more objective than security management
Answer
C. can balance technical and business risks