Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 30

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 3141

Question

An organization is considering whether to allow employees to use personal computing devices for business purposes. To BEST facilitate senior management’s decision, the information security manager should:

A. perform a cost-benefit analysis
B. map the strategy to business objectives
C. conduct a risk assessment
D. develop a business case

Answer

B. map the strategy to business objectives

CISA Question 3142

Question

Which of the following is the BEST reason to certify an organization to an international security standard?

A. The certification covers enterprise security end-to-end.
B. The certification reduces information security risk.
C. The certification ensures that optimal controls are in place.
D. The certification delivers value to stakeholders.

Answer

D. The certification delivers value to stakeholders.

CISA Question 3143

Question

The FIRST step in establishing an information security program is to:

A. secure organizational commitment and support
B. assess the organization’s compliance with regulatory requirements
C. determine the level of risk that is acceptable to senior management
D. define policies and standards that mitigate the organization’s risks

Answer

A. secure organizational commitment and support

CISA Question 3144

Question

Which of the following is the MOST important driver when developing an effective information security strategy?

A. Security audit reports
B. Benchmarking reports
C. Information security standards
D. Compliance requirements

Answer

C. Information security standards

CISA Question 3145

Question

If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:

A. transfer risk to a third party to avoid cost of impact
B. implement controls to mitigate the risk to an acceptable level
C. recommend that management avoids the business activity
D. assess the gap between current and acceptable level of risk

Answer

D. assess the gap between current and acceptable level of risk

CISA Question 3146

Question

The MOST important objective of security awareness training for business staff is to:

A. understand intrusion methods
B. reduce negative audit findings
C. increase compliance
D. modify behavior

Answer

D. modify behavior

CISA Question 3147

Question

An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance. Which of the following would provide the MOST useful information for planning purposes?

A. Results from a business impact analysis
B. Results from a gap analysis
C. An inventory of security controls currently in place
D. Deadline and penalties for noncompliance

Answer

B. Results from a gap analysis

CISA Question 3148

Question

Which of the following is the BEST course of action for an information security manager to align security and business goals?

A. Reviewing the business strategy
B. Actively engaging with stakeholders
C. Conducting a business impact analysis
D. Defining key performance indicators

Answer

D. Defining key performance indicators

CISA Question 3149

Question

An organization’s senior management is encouraging employees to use social media for promotional purposes. Which of the following should be the information security manager’s FIRST step to support this strategy?

A. Develop a business case for a data loss prevention solution
B. Develop a guideline on the acceptable use of social media
C. Incorporate social media into the security awareness program
D. Employ the use of a web content filtering solution

Answer

B. Develop a guideline on the acceptable use of social media

CISA Question 3150

Question

When an information security manager presents an information security program status report to senior management, the MAIN focus should be:

A. key performance indicators (KPIs)
B. critical risks indicators
C. net present value (NPV)
D. key controls evaluation

Answer

A. key performance indicators (KPIs)

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker