Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 8

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 781

Question

An IS auditor is assessing an organization’s data loss prevention (DLP) solution for protecting intellectual property from insider theft. Which of the following would the auditor consider MOST important for effective data protection?

A. Employee training on information handling
B. Creation of DLP policies and procedures
C. Encryption of data copied to flash drives
D. Identification and classification of sensitive data

Answer

B. Creation of DLP policies and procedures

CISA Question 782

Question

A government organization uses standard Wi-Fi Protected Access 2 (WPA2) to protect confidential information transmitted to a file server. Which of the following is the IS auditor’s BEST recommendation to further strengthen security?

A. Certificate-based authentication
B. Network address translation (NAT)
C. Media access control (MAC) address filtering
D. Service set identifier (SSID) masking

Answer

D. Service set identifier (SSID) masking

CISA Question 783

Question

An organization’s current end-user computing practices include the use of a spreadsheet for financial statements. Which of the following is the GREATEST concern?

A. Formulas are not protected against unintended changes.
B. The spreadsheet contains numerous macros.
C. Operational procedures have not been reviewed in the current fiscal year.
D. The spreadsheet is not maintained by IT.

Answer

A. Formulas are not protected against unintended changes.

CISA Question 784

Question

A multinational company wants to establish a mandatory global standard for information security including data protection and privacy. Which of the following should be the GREATEST concern to an IS auditor?

A. Inconsistent roll-out of the standard across all countries.
B. Increased organizational effort without any tangible benefit
C. Noncompliance with local laws in the affected countries
D. Lack of adoption by organized labor groups in all affected countries

Answer

C. Noncompliance with local laws in the affected countries

CISA Question 785

Question

An IS auditor has been asked to perform a post-implementation assessment of a new corporate human resources (HR) system. Which of the following control areas would be MOST important to review for the protection of employee information?

A. Logging capabilities
B. Authentication mechanisms
C. Data retention practices
D. System architecture

Answer

B. Authentication mechanisms

CISA Question 786

Question

To help ensure the organization’s information assets are adequately protected, which of the following considerations is MOST important when developing an information classification and handling policy?

A. The policy has been mapped against industry frameworks for classifying information assets.
B. The policy is owned by the head of information security, who has the authority to enforce the policy.
C. The policy specifies requirements to safeguard information assets based on their importance to the organization.
D. The policy is subject to periodic reviews to ensure its provisions are up to date.

Answer

D. The policy is subject to periodic reviews to ensure its provisions are up to date.

CISA Question 787

Question

Which of the following is the BEST way to protect the confidentiality of data on a corporate smartphone?

A. Disabling public wireless connections
B. Using remote data wipe capabilities
C. Using encryption
D. Changing the default PIN for Bluetooth connections

Answer

B. Using remote data wipe capabilities

CISA Question 788

Question

Following a recent internal data breach, an IS auditor was asked to evaluate information security practices within the organization. Which of the following findings would be MOST important to report to senior management?

A. Employees are not required to sign a non-compete agreement.
B. Security education and awareness workshops have not been completed.
C. Users lack technical knowledge related to security and data protection.
D. Desktop passwords do not require special characters.

Answer

C. Users lack technical knowledge related to security and data protection.

CISA Question 789

Question

Which of the following would be of MOST concern during an audit of an end user computing system containing sensitive information?

A. Audit logging is not available.
B. System data is not protected.
C. Secure authorization is not available.
D. The system is not included in inventory.

Answer

B. System data is not protected.

CISA Question 790

Question

An organization has software that is not compliant with data protection requirements. To help ensure that appropriate and relevant data protection controls are implemented in the future, the auditor’s BEST course of action would be to:

A. conduct a privacy impact assessment to identity gaps in the organization’s privacy.
B. recommend that privacy checks are included within the solution development life cycle.
C. recommend an executive be appointed to oversee privacy program improvements.
D. map the organization’s business processes to identify personally identifiable information (PII).

Answer

A. conduct a privacy impact assessment to identity gaps in the organization’s privacy.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.