Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 8

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 771

Question

Which of the following is MOST important for the improvement of an organization’s incident response processes?

A. Post-event reviews by the incident response team
B. Regular upgrades to incident management software
C. Ongoing incident response training for users
D. Periodic walk-through of incident response procedures

Answer

A. Post-event reviews by the incident response team

CISA Question 772

Question

The MAIN reason an organization’s incident management procedures should include a post-incident review is to:

A. ensure evidence is collected for possible post-event litigation.
B. take appropriate action when procedures are not followed.
C. enable better reporting for executives and the audit committee.
D. improve processes by learning from identified weaknesses.

Answer

D. improve processes by learning from identified weaknesses.

CISA Question 773

Question

Which of the following metrics would be MOST helpful to an IS auditor in evaluating an organization’s security incident response management capability?

A. Number of business interruptions due to IT security incidents per year.
B. Number of IT security incidents reported per month
C. Number of malware infections in business applications detected per day.
D. Number of alerts generated by intrusion detection systems (IDS) per minute.

Answer

A. Number of business interruptions due to IT security incidents per year.

CISA Question 774

Question

Which of the following is the BEST indication of an effective incident management process?

A. Percentage of incidents where root cause has been identified
B. Percentage of incidents closed without escalation
C. Number of calls to the help desk
D. Number of incidents reviewed by the IT management

Answer

B. Percentage of incidents closed without escalation

CISA Question 775

Question

An IS auditor reviewing security incident processes realizes incidents are resolved and closed, but root causes are not investigated. Which of the following should be the MAJOR concern with this situation?

A. Abuses by employees have not been reported.
B. Vulnerabilities have not been properly addressed.
C. Security incident policies are out of date.
D. Lessons learned have not been properly documented.

Answer

A. Abuses by employees have not been reported.

CISA Question 776

Question

Which of the following is MOST important to include in an organization’s incident response plan to help prevent similar incidents from happening in the future?

A. Documentation of incident details
B. Incident closure procedures
C. Containment and neutralization actions
D. Post-incident review

Answer

D. Post-incident review

CISA Question 777

Question

An organization recently experienced a phishing attack that resulted in a breach of confidential information. Which of the following would be MOST relevant for an IS auditor to review when determining the root cause of the incident?

A. Email configurations
B. Simple mail transfer protocol (SMTP) logging
C. Browser configurations
D. Audit logging

Answer

B. Simple mail transfer protocol (SMTP) logging

CISA Question 778

Question

What is an IS auditor’s BEST recommendation to management if a review of the incident management process finds multiple instances of incident tickets remaining open for an unusually long time?

A. Implement reporting of key performance indicators (KPIs) for ticket closure.
B. Increase the number of help desk staff to enable faster ticket closure.
C. Manually review the identified tickets and mark as closed in the system.
D. Configure the system to automatically close tickets after a defined period.

Answer

D. Configure the system to automatically close tickets after a defined period.

CISA Question 779

Question

Which of the following scenarios would enable a forensic investigation?

A. The suspected computer was rebooted, and the evidence log file was converted to a readable format for further analysis.
B. The incident response team prepared a final report for the forensic investigator and deleted the original file securely to avoid further damage.
C. The media in question was preserved using imaging, and chain of custody was documented according to the organization’s incident response plan.
D. Incident response team members extracted the logs showing the suspicious activity and added their notes before submitting for investigation.

Answer

A. The suspected computer was rebooted, and the evidence log file was converted to a readable format for further analysis.

CISA Question 780

Question

An IS auditor finds that the process for removing access for terminated employees is not documented. What is the MOST significant risk from this observation?

A. Procedures may not align with best practices.
B. HR records may not match system access.
C. Unauthorized access cannot be identified.
D. Access rights may not be removed in a timely manner.

Answer

D. Access rights may not be removed in a timely manner.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.