The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 771
- Question
- Answer
- CISA Question 772
- Question
- Answer
- CISA Question 773
- Question
- Answer
- CISA Question 774
- Question
- Answer
- CISA Question 775
- Question
- Answer
- CISA Question 776
- Question
- Answer
- CISA Question 777
- Question
- Answer
- CISA Question 778
- Question
- Answer
- CISA Question 779
- Question
- Answer
- CISA Question 780
- Question
- Answer
CISA Question 771
Question
Which of the following is MOST important for the improvement of an organization’s incident response processes?
A. Post-event reviews by the incident response team
B. Regular upgrades to incident management software
C. Ongoing incident response training for users
D. Periodic walk-through of incident response procedures
Answer
A. Post-event reviews by the incident response team
CISA Question 772
Question
The MAIN reason an organization’s incident management procedures should include a post-incident review is to:
A. ensure evidence is collected for possible post-event litigation.
B. take appropriate action when procedures are not followed.
C. enable better reporting for executives and the audit committee.
D. improve processes by learning from identified weaknesses.
Answer
D. improve processes by learning from identified weaknesses.
CISA Question 773
Question
Which of the following metrics would be MOST helpful to an IS auditor in evaluating an organization’s security incident response management capability?
A. Number of business interruptions due to IT security incidents per year.
B. Number of IT security incidents reported per month
C. Number of malware infections in business applications detected per day.
D. Number of alerts generated by intrusion detection systems (IDS) per minute.
Answer
A. Number of business interruptions due to IT security incidents per year.
CISA Question 774
Question
Which of the following is the BEST indication of an effective incident management process?
A. Percentage of incidents where root cause has been identified
B. Percentage of incidents closed without escalation
C. Number of calls to the help desk
D. Number of incidents reviewed by the IT management
Answer
B. Percentage of incidents closed without escalation
CISA Question 775
Question
An IS auditor reviewing security incident processes realizes incidents are resolved and closed, but root causes are not investigated. Which of the following should be the MAJOR concern with this situation?
A. Abuses by employees have not been reported.
B. Vulnerabilities have not been properly addressed.
C. Security incident policies are out of date.
D. Lessons learned have not been properly documented.
Answer
A. Abuses by employees have not been reported.
CISA Question 776
Question
Which of the following is MOST important to include in an organization’s incident response plan to help prevent similar incidents from happening in the future?
A. Documentation of incident details
B. Incident closure procedures
C. Containment and neutralization actions
D. Post-incident review
Answer
D. Post-incident review
CISA Question 777
Question
An organization recently experienced a phishing attack that resulted in a breach of confidential information. Which of the following would be MOST relevant for an IS auditor to review when determining the root cause of the incident?
A. Email configurations
B. Simple mail transfer protocol (SMTP) logging
C. Browser configurations
D. Audit logging
Answer
B. Simple mail transfer protocol (SMTP) logging
CISA Question 778
Question
What is an IS auditor’s BEST recommendation to management if a review of the incident management process finds multiple instances of incident tickets remaining open for an unusually long time?
A. Implement reporting of key performance indicators (KPIs) for ticket closure.
B. Increase the number of help desk staff to enable faster ticket closure.
C. Manually review the identified tickets and mark as closed in the system.
D. Configure the system to automatically close tickets after a defined period.
Answer
D. Configure the system to automatically close tickets after a defined period.
CISA Question 779
Question
Which of the following scenarios would enable a forensic investigation?
A. The suspected computer was rebooted, and the evidence log file was converted to a readable format for further analysis.
B. The incident response team prepared a final report for the forensic investigator and deleted the original file securely to avoid further damage.
C. The media in question was preserved using imaging, and chain of custody was documented according to the organization’s incident response plan.
D. Incident response team members extracted the logs showing the suspicious activity and added their notes before submitting for investigation.
Answer
A. The suspected computer was rebooted, and the evidence log file was converted to a readable format for further analysis.
CISA Question 780
Question
An IS auditor finds that the process for removing access for terminated employees is not documented. What is the MOST significant risk from this observation?
A. Procedures may not align with best practices.
B. HR records may not match system access.
C. Unauthorized access cannot be identified.
D. Access rights may not be removed in a timely manner.
Answer
D. Access rights may not be removed in a timely manner.