Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 8

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 771

Question

Which of the following is MOST important for the improvement of an organization’s incident response processes?

A. Post-event reviews by the incident response team
B. Regular upgrades to incident management software
C. Ongoing incident response training for users
D. Periodic walk-through of incident response procedures

Answer

A. Post-event reviews by the incident response team

CISA Question 772

Question

The MAIN reason an organization’s incident management procedures should include a post-incident review is to:

A. ensure evidence is collected for possible post-event litigation.
B. take appropriate action when procedures are not followed.
C. enable better reporting for executives and the audit committee.
D. improve processes by learning from identified weaknesses.

Answer

D. improve processes by learning from identified weaknesses.

CISA Question 773

Question

Which of the following metrics would be MOST helpful to an IS auditor in evaluating an organization’s security incident response management capability?

A. Number of business interruptions due to IT security incidents per year.
B. Number of IT security incidents reported per month
C. Number of malware infections in business applications detected per day.
D. Number of alerts generated by intrusion detection systems (IDS) per minute.

Answer

A. Number of business interruptions due to IT security incidents per year.

CISA Question 774

Question

Which of the following is the BEST indication of an effective incident management process?

A. Percentage of incidents where root cause has been identified
B. Percentage of incidents closed without escalation
C. Number of calls to the help desk
D. Number of incidents reviewed by the IT management

Answer

B. Percentage of incidents closed without escalation

CISA Question 775

Question

An IS auditor reviewing security incident processes realizes incidents are resolved and closed, but root causes are not investigated. Which of the following should be the MAJOR concern with this situation?

A. Abuses by employees have not been reported.
B. Vulnerabilities have not been properly addressed.
C. Security incident policies are out of date.
D. Lessons learned have not been properly documented.

Answer

A. Abuses by employees have not been reported.

CISA Question 776

Question

Which of the following is MOST important to include in an organization’s incident response plan to help prevent similar incidents from happening in the future?

A. Documentation of incident details
B. Incident closure procedures
C. Containment and neutralization actions
D. Post-incident review

Answer

D. Post-incident review

CISA Question 777

Question

An organization recently experienced a phishing attack that resulted in a breach of confidential information. Which of the following would be MOST relevant for an IS auditor to review when determining the root cause of the incident?

A. Email configurations
B. Simple mail transfer protocol (SMTP) logging
C. Browser configurations
D. Audit logging

Answer

B. Simple mail transfer protocol (SMTP) logging

CISA Question 778

Question

What is an IS auditor’s BEST recommendation to management if a review of the incident management process finds multiple instances of incident tickets remaining open for an unusually long time?

A. Implement reporting of key performance indicators (KPIs) for ticket closure.
B. Increase the number of help desk staff to enable faster ticket closure.
C. Manually review the identified tickets and mark as closed in the system.
D. Configure the system to automatically close tickets after a defined period.

Answer

D. Configure the system to automatically close tickets after a defined period.

CISA Question 779

Question

Which of the following scenarios would enable a forensic investigation?

A. The suspected computer was rebooted, and the evidence log file was converted to a readable format for further analysis.
B. The incident response team prepared a final report for the forensic investigator and deleted the original file securely to avoid further damage.
C. The media in question was preserved using imaging, and chain of custody was documented according to the organization’s incident response plan.
D. Incident response team members extracted the logs showing the suspicious activity and added their notes before submitting for investigation.

Answer

A. The suspected computer was rebooted, and the evidence log file was converted to a readable format for further analysis.

CISA Question 780

Question

An IS auditor finds that the process for removing access for terminated employees is not documented. What is the MOST significant risk from this observation?

A. Procedures may not align with best practices.
B. HR records may not match system access.
C. Unauthorized access cannot be identified.
D. Access rights may not be removed in a timely manner.

Answer

D. Access rights may not be removed in a timely manner.

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.