The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 781
- Question
- Answer
- CISA Question 782
- Question
- Answer
- CISA Question 783
- Question
- Answer
- CISA Question 784
- Question
- Answer
- CISA Question 785
- Question
- Answer
- CISA Question 786
- Question
- Answer
- CISA Question 787
- Question
- Answer
- CISA Question 788
- Question
- Answer
- CISA Question 789
- Question
- Answer
- CISA Question 790
- Question
- Answer
CISA Question 781
Question
An IS auditor is assessing an organization’s data loss prevention (DLP) solution for protecting intellectual property from insider theft. Which of the following would the auditor consider MOST important for effective data protection?
A. Employee training on information handling
B. Creation of DLP policies and procedures
C. Encryption of data copied to flash drives
D. Identification and classification of sensitive data
Answer
B. Creation of DLP policies and procedures
CISA Question 782
Question
A government organization uses standard Wi-Fi Protected Access 2 (WPA2) to protect confidential information transmitted to a file server. Which of the following is the IS auditor’s BEST recommendation to further strengthen security?
A. Certificate-based authentication
B. Network address translation (NAT)
C. Media access control (MAC) address filtering
D. Service set identifier (SSID) masking
Answer
D. Service set identifier (SSID) masking
CISA Question 783
Question
An organization’s current end-user computing practices include the use of a spreadsheet for financial statements. Which of the following is the GREATEST concern?
A. Formulas are not protected against unintended changes.
B. The spreadsheet contains numerous macros.
C. Operational procedures have not been reviewed in the current fiscal year.
D. The spreadsheet is not maintained by IT.
Answer
A. Formulas are not protected against unintended changes.
CISA Question 784
Question
A multinational company wants to establish a mandatory global standard for information security including data protection and privacy. Which of the following should be the GREATEST concern to an IS auditor?
A. Inconsistent roll-out of the standard across all countries.
B. Increased organizational effort without any tangible benefit
C. Noncompliance with local laws in the affected countries
D. Lack of adoption by organized labor groups in all affected countries
Answer
C. Noncompliance with local laws in the affected countries
CISA Question 785
Question
An IS auditor has been asked to perform a post-implementation assessment of a new corporate human resources (HR) system. Which of the following control areas would be MOST important to review for the protection of employee information?
A. Logging capabilities
B. Authentication mechanisms
C. Data retention practices
D. System architecture
Answer
B. Authentication mechanisms
CISA Question 786
Question
To help ensure the organization’s information assets are adequately protected, which of the following considerations is MOST important when developing an information classification and handling policy?
A. The policy has been mapped against industry frameworks for classifying information assets.
B. The policy is owned by the head of information security, who has the authority to enforce the policy.
C. The policy specifies requirements to safeguard information assets based on their importance to the organization.
D. The policy is subject to periodic reviews to ensure its provisions are up to date.
Answer
D. The policy is subject to periodic reviews to ensure its provisions are up to date.
CISA Question 787
Question
Which of the following is the BEST way to protect the confidentiality of data on a corporate smartphone?
A. Disabling public wireless connections
B. Using remote data wipe capabilities
C. Using encryption
D. Changing the default PIN for Bluetooth connections
Answer
B. Using remote data wipe capabilities
CISA Question 788
Question
Following a recent internal data breach, an IS auditor was asked to evaluate information security practices within the organization. Which of the following findings would be MOST important to report to senior management?
A. Employees are not required to sign a non-compete agreement.
B. Security education and awareness workshops have not been completed.
C. Users lack technical knowledge related to security and data protection.
D. Desktop passwords do not require special characters.
Answer
C. Users lack technical knowledge related to security and data protection.
CISA Question 789
Question
Which of the following would be of MOST concern during an audit of an end user computing system containing sensitive information?
A. Audit logging is not available.
B. System data is not protected.
C. Secure authorization is not available.
D. The system is not included in inventory.
Answer
B. System data is not protected.
CISA Question 790
Question
An organization has software that is not compliant with data protection requirements. To help ensure that appropriate and relevant data protection controls are implemented in the future, the auditor’s BEST course of action would be to:
A. conduct a privacy impact assessment to identity gaps in the organization’s privacy.
B. recommend that privacy checks are included within the solution development life cycle.
C. recommend an executive be appointed to oversee privacy program improvements.
D. map the organization’s business processes to identify personally identifiable information (PII).
Answer
A. conduct a privacy impact assessment to identity gaps in the organization’s privacy.