The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 301
- Question
- Answer
- CISA Question 302
- Question
- Answer
- CISA Question 303
- Question
- Answer
- CISA Question 304
- Question
- Answer
- CISA Question 305
- Question
- Answer
- CISA Question 306
- Question
- Answer
- CISA Question 307
- Question
- Answer
- CISA Question 308
- Question
- Answer
- CISA Question 309
- Question
- Answer
- CISA Question 310
- Question
- Answer
CISA Question 301
Question
Which type of review is MOST important to conduct when an IS auditor is informed that a recent internal exploitation of a bug has been discovered in a business application?
A. Forensic audit
B. Penetration testing
C. Server security audit
D. Application security testing
Answer
D. Application security testing
CISA Question 302
Question
Which of the following controls MOST effectively reduces the risk associated with use of instant messaging (IM) in the workplace?
A. Traffic encryption
B. Session border controllers
C. Network address translation
D. Blocking peer-to-peer (P2P) clients
Answer
D. Blocking peer-to-peer (P2P) clients
CISA Question 303
Question
An organization has implemented application whitelisting in response to the discovery of a large amount of unapproved software. Which type of control has been deployed?
A. Directive
B. Preventive
C. Detective
D. Corrective
Answer
B. Preventive
CISA Question 304
Question
Which of the following attacks is BEST detected by an intrusion detection system (IDS)?
A. Spamming
B. Spoofing
C. Logic bomb
D. System scanning
Answer
D. System scanning
CISA Question 305
Question
The recovery time objective (RTO) is normally determined on the basis of the:
A. criticality of the systems affected
B. risk of occurrence
C. acceptable downtime of the alternate site
D. cost of recovery of all systems
Answer
A. criticality of the systems affected
CISA Question 306
Question
Which of the following is the BEST way to minimize leakage of data in transit?
A. Virtual local area network (VLAN)
B. Storage encryption
C. Virtual private network (VPN)
D. Digital signature
Answer
C. Virtual private network (VPN)
CISA Question 307
Question
Which of the following would provide the BEST evidence for use in a forensic investigation of an employee’s hard drive?
A. A file level copy of the hard drive
B. Bit-stream copy of the hard drive
C. Memory dump to an external hard drive
D. Prior backups
Answer
B. Bit-stream copy of the hard drive
CISA Question 308
Question
Which of the following is an indication of possible hacker activity involving voice communications?
A. A significant percentage of lines are busy during early morning and late afternoon hours.
B. Outbound calls are found to significantly increase in frequency during non-business hours.
C. Inbound calls experience significant fluctuations based on time-of-day and day-of-week.
D. Direct inward system access (DISA) is found to be disabled on the company’s exchange.
Answer
B. Outbound calls are found to significantly increase in frequency during non-business hours.
CISA Question 309
Question
When using a wireless device, which of the following BEST ensures confidential access to email via web mail?
A. Simple object access protocol (SOAP)
B. Hypertext transfer protocol secure (HTTPS)
C. Extensible markup language (XML)
D. Wired equivalent privacy (WEP)
Answer
B. Hypertext transfer protocol secure (HTTPS)
CISA Question 310
Question
Which of the following is the GREATEST risk associated with instant messaging?
A. Data governance may become ineffective.
B. Data classification procedures may not be followed.
C. Data logging is more difficult.
D. Data exfiltration is more likely to occur.
Answer
D. Data exfiltration is more likely to occur.