The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3141
- Question
- Answer
- CISA Question 3142
- Question
- Answer
- CISA Question 3143
- Question
- Answer
- CISA Question 3144
- Question
- Answer
- CISA Question 3145
- Question
- Answer
- CISA Question 3146
- Question
- Answer
- CISA Question 3147
- Question
- Answer
- CISA Question 3148
- Question
- Answer
- CISA Question 3149
- Question
- Answer
- CISA Question 3150
- Question
- Answer
CISA Question 3141
Question
An organization is considering whether to allow employees to use personal computing devices for business purposes. To BEST facilitate senior management’s decision, the information security manager should:
A. perform a cost-benefit analysis
B. map the strategy to business objectives
C. conduct a risk assessment
D. develop a business case
Answer
B. map the strategy to business objectives
CISA Question 3142
Question
Which of the following is the BEST reason to certify an organization to an international security standard?
A. The certification covers enterprise security end-to-end.
B. The certification reduces information security risk.
C. The certification ensures that optimal controls are in place.
D. The certification delivers value to stakeholders.
Answer
D. The certification delivers value to stakeholders.
CISA Question 3143
Question
The FIRST step in establishing an information security program is to:
A. secure organizational commitment and support
B. assess the organization’s compliance with regulatory requirements
C. determine the level of risk that is acceptable to senior management
D. define policies and standards that mitigate the organization’s risks
Answer
A. secure organizational commitment and support
CISA Question 3144
Question
Which of the following is the MOST important driver when developing an effective information security strategy?
A. Security audit reports
B. Benchmarking reports
C. Information security standards
D. Compliance requirements
Answer
C. Information security standards
CISA Question 3145
Question
If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:
A. transfer risk to a third party to avoid cost of impact
B. implement controls to mitigate the risk to an acceptable level
C. recommend that management avoids the business activity
D. assess the gap between current and acceptable level of risk
Answer
D. assess the gap between current and acceptable level of risk
CISA Question 3146
Question
The MOST important objective of security awareness training for business staff is to:
A. understand intrusion methods
B. reduce negative audit findings
C. increase compliance
D. modify behavior
Answer
D. modify behavior
CISA Question 3147
Question
An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance. Which of the following would provide the MOST useful information for planning purposes?
A. Results from a business impact analysis
B. Results from a gap analysis
C. An inventory of security controls currently in place
D. Deadline and penalties for noncompliance
Answer
B. Results from a gap analysis
CISA Question 3148
Question
Which of the following is the BEST course of action for an information security manager to align security and business goals?
A. Reviewing the business strategy
B. Actively engaging with stakeholders
C. Conducting a business impact analysis
D. Defining key performance indicators
Answer
D. Defining key performance indicators
CISA Question 3149
Question
An organization’s senior management is encouraging employees to use social media for promotional purposes. Which of the following should be the information security manager’s FIRST step to support this strategy?
A. Develop a business case for a data loss prevention solution
B. Develop a guideline on the acceptable use of social media
C. Incorporate social media into the security awareness program
D. Employ the use of a web content filtering solution
Answer
B. Develop a guideline on the acceptable use of social media
CISA Question 3150
Question
When an information security manager presents an information security program status report to senior management, the MAIN focus should be:
A. key performance indicators (KPIs)
B. critical risks indicators
C. net present value (NPV)
D. key controls evaluation
Answer
A. key performance indicators (KPIs)