Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 8

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 791

Question

Which of the following is BEST addressed when using a timestamp within a digital signature to deliver sensitive financial information?

A. Replay protection
B. Authentication
C. Nonrepudiation
D. Data integrity

Answer

A. Replay protection

CISA Question 792

Question

Which of the following IT governance best practices improves strategic alignment?

A. Supplier and partner risks are managed.
B. A knowledge base on customers, products, markets and processes is in place.
C. A structure is provided that facilitates the creation and sharing of business information.
D. Top management mediate between the imperatives of business and technology.

Answer

D. Top management mediate between the imperatives of business and technology.

Explanation

Top management mediating between the imperatives of business and technology is an IT strategic alignment best practice. Supplier and partner risks being managed is a risk management best practice. A knowledge base on customers, products, markets and processes being in place is an IT value delivery best practice. An infrastructure being provided to facilitate the creation and sharing of business information is an IT value delivery and risk management.

CISA Question 793

Question

As an outcome of information security governance, strategic alignment provides:

A. security requirements driven by enterprise requirements.
B. baseline security following best practices.
C. institutionalized and commoditized solutions.
D. an understanding of risk exposure.

Answer

A. security requirements driven by enterprise requirements.

Explanation

Information security governance, when properly implemented, should provide four basic outcomes: strategic alignment, value delivery, risk management and performance measurement. Strategic alignment provides input for security requirements driven by enterprise requirements.
Value delivery provides a standard set of security practices, i.e., baseline security following best practices or institutionalized and commoditized solutions. Risk management provides an understanding of risk exposure.

CISA Question 794

Question

IT governance is PRIMARILY the responsibility of the:

A. chief executive officer.
B. board of directors.
C. IT steering committee.
D. audit committee.

Answer

B. board of directors.

Explanation

IT governance is primarily the responsibility of the executives and shareholders {as represented by the board of directors). The chief executive officer is instrumental in implementing IT governance per the directions of the board of directors. The IT steering committee monitors and facilitates deployment of IT resources for specific projects in support of business plans. The audit committee reports to the board of directors and should monitor the implementation of audit recommendations.

CISA Question 795

Question

Establishing the level of acceptable risk is the responsibility of:

A. quality assurance management.
B. senior business management.
C. the chief information officer.
D. the chief security officer.

Answer

B. senior business management.

Explanation

Senior management should establish the acceptable risk level, since they have the ultimate or final responsibility for the effective and efficient operation of the organization. Choices A, C and D should act as advisors to senior management in determining an acceptable risk level.

CISA Question 796

Question

Effective IT governance will ensure that the IT plan is consistent with the organization’s:

A. business plan.
B. audit plan.
C. security plan.
D. investment plan.

Answer

A. business plan.

Explanation

To govern IT effectively, IT and business should be moving in the same direction, requiring that the IT plans are aligned with an organization’s business plans. The audit and investment plans are not part of the IT plan, while the security plan should be at a corporate level.

CISA Question 797

Question

Involvement of senior management is MOST important in the development of:

A. strategic plans.
B. IS policies.
C. IS procedures.
D. standards and guidelines.

Answer

A. strategic plans.

Explanation

Strategic plans provide the basis for ensuring that the enterprise meets its goals and objectives. Involvement of senior management is critical to ensuring that the plan adequately addresses the established goals and objectives. IS policies, procedures, standards and guidelines are all structured to support the overall strategic plan.

CISA Question 798

Question

An IS steering committee should:

A. include a mix of members from different departments and staff levels.
B. ensure that IS security policies and procedures have been executed properly.
C. have formal terms of reference and maintain minutes of its meetings.
D. be briefed about new trends and products at each meeting by a vendor.

Answer

C. have formal terms of reference and maintain minutes of its meetings.

Explanation

It is important to keep detailed steering committee minutes to document the decisions and activities of the IS steering committee, and the board of directors should be informed about those decisions on a timely basis. Choice A is incorrect because only senior management or highlevel staff members should be on this committee because of its strategic mission. Choice B is not a responsibility of this committee, but the responsibility of the security administrator. Choice D is incorrect because a vendor should be invited to meetings only when appropriate.

CISA Question 799

Question

Which of the following is a function of an IS steering committee?

A. Monitoring vendor-controlled change control and testing
B. Ensuring a separation of duties within the information’s processing environment
C. Approving and monitoring major projects, the status of IS plans and budgets
D. Liaising between the IS department and the end users

Answer

C. Approving and monitoring major projects, the status of IS plans and budgets

Explanation

The IS steering committee typically serves as a general review board for major IS projects and should not become involved in routine operations; therefore, one of its functions is to approve and monitor major projects, the status of IS plans and budgets. Vendor change control is an outsourcing issue and should be monitored by IS management. Ensuring a separation of duties within the information’s processing environment is an IS management responsibility. Liaising between the IS department and the end users is a function of the individual parties and not a committee.

CISA Question 800

Question

The MOST likely effect of the lack of senior management commitment to IT strategic planning is:

A. a lack of investment in technology.
B. a lack of a methodology for systems development.
C. technology not aligning with the organization’s objectives.
D. an absence of control over technology contracts.

Answer

C. technology not aligning with the organization’s objectives.

Explanation

A steering committee should exist to ensure that the IT strategies support the organization’s goals. The absence of an information technology committee or a committee not composed of senior managers would be an indication of a lack of top-level management commitment. This condition would increase the risk that IT would not be aligned with the organization’s strategy.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.