The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 3151
- Question
- Answer
- CISA Question 3152
- Question
- Answer
- CISA Question 3153
- Question
- Answer
- CISA Question 3154
- Question
- Answer
- CISA Question 3155
- Question
- Answer
- CISA Question 3156
- Question
- Answer
- CISA Question 3157
- Question
- Answer
- CISA Question 3158
- Question
- Answer
- CISA Question 3159
- Question
- Answer
- CISA Question 3160
- Question
- Answer
CISA Question 3151
Question
Which of the following would be the MOST important information to include in a business case for an information security project in a highly regulated industry?
A. Industry comparison analysis
B. Critical audit findings
C. Compliance risk assessment
D. Number of reported security incidents
Answer
C. Compliance risk assessment
CISA Question 3152
Question
The MAIN purpose of documenting information security guidelines for use within a large, international organization is to:
A. ensure that all business units have the same strategic security goals
B. provide evidence for auditors that security practices are adequate
C. explain the organization’s preferred practices for security
D. ensure that all business units implement identical security procedures
Answer
A. ensure that all business units have the same strategic security goals
CISA Question 3153
Question
An organization which uses external cloud services extensively is concerned with risk monitoring and timely response. The BEST way to address this concern is to ensure:
A. the availability of continuous technical support
B. internal security standards are in place
C. a right-to-audit clause is included in contracts
D. appropriate service level agreements (SLAs) are in place
Answer
A. the availability of continuous technical support
CISA Question 3154
Question
Which of the following is the BEST approach to make strategic information security decisions?
A. Establish regular information security status reporting
B. Establish business unit security working groups
C. Establish periodic senior management meetings
D. Establish an information security steering committee
Answer
D. Establish an information security steering committee
CISA Question 3155
Question
An organization’s information security department is creating procedures for handling digital evidence that may be used in court. Which of the following would be the MOST important consideration from a risk standpoint?
A. Ensuring the entire security team reviews the evidence
B. Ensuring that analysis is conducted on the original data
C. Ensuring the original data is kept confidential
D. Ensuring the integrity of the data is preserved
Answer
D. Ensuring the integrity of the data is preserved
CISA Question 3156
Question
An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?
A. Requiring policy acknowledgment and nondisclosure agreements signed by employees
B. Providing education and guidelines to employees on use of social networking sites
C. Establishing strong access controls on confidential data
D. Monitoring employees’ social networking usage
Answer
B. Providing education and guidelines to employees on use of social networking sites
CISA Question 3157
Question
Which of the following requires a consensus by key stakeholders on IT strategic goals and objectives?
A. Balanced scorecards
B. Benchmarking
C. Maturity models
D. Peer reviews
Answer
A. Balanced scorecards
CISA Question 3158
Question
Which of the following should be of GREATEST concern to an IS auditor planning to employ data analytics in an upcoming audit?
A. There is no documented data model
B. Data is from the previous reporting period
C. Available data is incomplete
D. Data fields are used for multiple purposes
Answer
B. Data is from the previous reporting period
CISA Question 3159
Question
What would be of GREATEST concern to an IS auditor reviewing end-user computing (EUC) spreadsheets used for financial reporting in which version control is enforced?
A. Access requests are processed manually
B. Spreadsheets are maintained in various locations
C. Spreadsheet owners are only reviewed annually
D. Spreadsheets are not password protected
Answer
B. Spreadsheets are maintained in various locations
CISA Question 3160
Question
An IS auditor noted that a change to a critical calculation was placed into the production environment without being tested. Which of the following is the BEST way to obtain assurance that the calculation functions correctly?
A. Check regular execution of the calculation batch job
B. Perform substantive testing using computer-assisted audit techniques (CAATs)
C. Obtain post-change approval from management
D. Interview the lead system developer
Answer
B. Perform substantive testing using computer-assisted audit techniques (CAATs)