Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 8

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 761

Question

The PRIMARY advantage of object-oriented technology is enhanced:

A. efficiency due to the re-use of elements of logic.
B. management of sequential program execution for data access.
C. management of a restricted variety of data types for a data object.
D. grouping of objects into methods for data access.

Answer

A. efficiency due to the re-use of elements of logic.

CISA Question 762

Question

Cross-site scripting (XSS) attacks are BEST prevented through:

A. use of common industry frameworks.
B. secure coding practices.
C. application firewall policy settings.
D. a three-tier web architecture.

Answer

B. secure coding practices.

CISA Question 763

Question

Both statistical and nonstatistical sampling techniques:

A. permit the auditor to quantify the probability of error.
B. permit the auditor to quantify and fix the level of risk.
C. require judgment when defining population characteristics.
D. provide each item an equal opportunity of being selected.

Answer

A. permit the auditor to quantify the probability of error.

CISA Question 764

Question

Which of the following is the GREATEST benefit of implementing an incident management process?

A. Opportunity for frequent reassessment of incidents
B. Reduction in security threats
C. Reduction in the business impact of incidents
D. Reduction of costs by the efficient use of resources

Answer

C. Reduction in the business impact of incidents

CISA Question 765

Question

Which of the following is MOST important for an IS auditor to consider when reviewing the effectiveness of an incident response program?

A. Incidents are categorized according to industry standards.
B. Lessons learned are incorporated into incident response processes.
C. Incidents are escalated to senior management in a timely manner.
D. The plan is reviewed and updated annually.

Answer

B. Lessons learned are incorporated into incident response processes.

CISA Question 766

Question

When an intrusion into an organization’s network is detected, which of the following should be performed FIRST?

A. Block all compromised network nodes.
B. Protect information in the compromised systems.
C. Develop a response to the incident.
D. Identify nodes that have been compromised.

Answer

C. Develop a response to the incident.

CISA Question 767

Question

An IS auditor learns a server administration team regularly applies workarounds to address repeated failures of critical data processing services.
Which of the following would BEST enable the organization to resolve this issue?

A. Service level management
B. Change management
C. Problem management
D. Incident management

Answer

C. Problem management

CISA Question 768

Question

Which of the following is the MAIN purpose of implementing an incident response process?

A. Provide substantial audit-trail evidence.
B. Assign roles and responsibilities.
C. Comply with policies and procedures.
D. Manage impact due to breaches.

Answer

D. Manage impact due to breaches.

CISA Question 769

Question

The PRIMARY reason an IS department should analyze past incidents and problems is to:

A. determine if all incidents and problems are reported.
B. assign responsibility for problems.
C. assess help desk performance.
D. identify the causes of recurring incidents and problems

Answer

D. identify the causes of recurring incidents and problems

CISA Question 770

Question

An IS auditor has discovered that unauthorized customer management software was installed on a workstation. The auditor determines the software has been uploading customer data to an external party. Which of the following is the IS auditor’s BEST course of action?

A. Review other workstations to determine the extent of the incident.
B. Determine the number of customer records that were uploaded.
C. Notify the incident response team.
D. Present the issue at the next audit progress meeting.

Answer

C. Notify the incident response team.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.