Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 30

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3131

Question

The PRIMARY objective of value delivery in reference to IT governance is to:

A. increase efficiency
B. promote best practices
C. optimize investments
D. ensure compliance

Answer

C. optimize investments

CISA Question 3132

Question

Which of the following would be of GREATEST concern to an IS auditor evaluating governance over open source development components?

A. The development project has gone over budget and time
B. The open source development components do not meet industry best practices
C. The software is not analyzed for compliance with organizational requirements
D. Existing open source policies have not been approved in over a year

Answer

C. The software is not analyzed for compliance with organizational requirements

CISA Question 3133

Question

Following a risk assessment, new countermeasures have been approved by management. Which of the following should be performed NEXT?

A. Schedule the target end date for implementation activities.
B. Budget the total cost of implementation activities.
C. Develop an implementation strategy.
D. Calculate the residual risk for each countermeasure.

Answer

C. Develop an implementation strategy.

CISA Question 3134

Question

An information security manager has identified and implemented migrating controls according to industry best practices. Which of the following is the GREATEST risk associated with this approach?

A. Important security controls may be missed without senior management input.
B. The cost of control implementation may be too high.
C. The migration measures may not be updated in a timely manner.
D. The security program may not be aligned with organizational objectives.

Answer

D. The security program may not be aligned with organizational objectives.

CISA Question 3135

Question

What is the MOST important role of an organization’s data custodian in support of information security function?

A. Evaluating data security technology vendors
B. Applying approval security policies
C. Approving access rights to departmental data
D. Assessing data security risks to the organization

Answer

C. Approving access rights to departmental data

CISA Question 3136

Question

An information security manager is developing evidence preservation procedures for an incident response plan. Which of the following would be the BEST source of guidance for requirements associated with the procedures?

A. IT management
B. Executive management
C. Legal counsel
D. Data owners

Answer

D. Data owners

CISA Question 3137

Question

An organization’s IT department is undertaking a large virtualization project to reduce its physical server footprint. Which of the following should be the HIGHEST priority of the information security manager?

A. Determining how incidents will be managed
B. Selecting the virtualization software
C. Being involved as the design stage of the project
D. Ensuring the project has appropriate security funding

Answer

C. Being involved as the design stage of the project

CISA Question 3138

Question

Which of the following should be the MOST important consideration when implementing an information security framework?

A. Compliance requirements
B. Audit findings
C. Technical capabilities
D. Risk appetite

Answer

A. Compliance requirements

CISA Question 3139

Question

Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?

A. Providing information security training to third-party personnel
B. Auditing the service delivery of third-party providers
C. Inducting information security clauses within contracts
D. Requiring third parties to sign confidentiality agreements

Answer

C. Inducting information security clauses within contracts

CISA Question 3140

Question

A PRIMARY advantage of involving business management in evaluating and managing information security risks is that they:

A. better understand the security architecture
B. better understand organizational risks
C. can balance technical and business risks
D. are more objective than security management

Answer

C. can balance technical and business risks

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker