[Dec-2021] CISA Braindumps - CISA Questions to Get Better Grades [Q241-Q264]

Share

[Dec-2021] CISA Braindumps – CISA Questions to Get Better Grades

CISA Exam Dumps - Try Best CISA Exam Questions - PrepPDF


Prerequisites

The main requirement for earning the CISA certification is to pass one test. However, before you can take it, you are required to have at least five years of practical experience in the field of information security and information technology audit. The candidates should also have experience with control, assurance, and security. If you don’t have up to five years, you can also complete the exam with a minimum of two years of hands-on experience in the domain of the qualifying test.

 

NEW QUESTION 241
Assuming this diagram represents an internal facility and the organization is implementing a firewall protection program, where should firewalls be installed?

  • A. SMTP Gateway and op-3
  • B. Op-3 location only
  • C. MIS (Global) and NAT2
  • D. No firewalls are needed

Answer: A

Explanation:
Explanation/Reference:
Explanation:
The objective of a firewall is to protect a trusted network from an untrusted network; therefore, locations needing firewall implementations would be at the existence of the external connections. All other answers are incomplete or represent internal connections.

 

NEW QUESTION 242
Which of the following BEST enables an organization to quantify acceptable data loss in the event of a disaster?

  • A. Recovery point objective (RPO)
  • B. Mean time to recover (MTTR)
  • C. Recovery time objective (RTO)
  • D. Availability of backup software

Answer: A

 

NEW QUESTION 243
A senior IS auditor suspects that a PC may have been used to perpetrate a fraud in a finance department The auditor should FIRST report this suspicion to:

  • A. auditee line management
  • B. audit management
  • C. the audit committee.
  • D. the police

Answer: C

 

NEW QUESTION 244
Which of the following would be an IS auditor's GREATEST concern when reviewing an organization's security controls for policy compliance?

  • A. The security policy has not been reviewed within the past year
  • B. Security policy documents are available on a public domain website.
  • C. End users are not required to acknowledge security policy training.
  • D. Security policies are not uniformly applicable across the organization

Answer: A

 

NEW QUESTION 245
The PRIMARY purpose of a business impact analysis (BIA) is to:

  • A. provide a plan for resuming operations after a disaster.
  • B. publicize the commitment of the organization to physical and logical security.
  • C. provide the framework for an effective disaster recovery plan.
  • D. identify the events that could impact the continuity of an organization's operations.

Answer: D

Explanation:
A business impact analysis (BIA) is one of the key steps in the development of a business continuity plan (BCP). A BIA will identify the diverse events that could impact the continuity of the operations of an organization.

 

NEW QUESTION 246
Security should ALWAYS be an all or nothing issue.

  • A. True for untrusted systems only
  • B. None of the choices.
  • C. True for trusted systems only
  • D. False
  • E. True

Answer: D

Explanation:
Security should not be an all or nothing issue. The designers and operators of systems should assume that security breaches are inevitable in the long term. Full audit trails should be kept of system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined.

 

NEW QUESTION 247
Which of the following provides the MOST comprehensive understanding of an organizations information security posture?

  • A. Risk management metrics
  • B. External audit findings
  • C. Results of vulnerability assessments
  • D. The organizationEtms security incident trends

Answer: A

 

NEW QUESTION 248
An organization has performance metrics to track how well IT resources are being used, but there has been little progress on meeting the organization's goals. Which of the following would be MOST helpful to determine the underlying reason?

  • A. Re-evaluating key performance indicators (KPls)
  • B. Conducting a root cause analysis
  • C. Conducting a business impact analysis (BIA)
  • D. Re-evaluating organizational goals

Answer: A

 

NEW QUESTION 249
When reviewing IS strategies, an IS auditor can BEST assess whether IS strategy supports the organizations' business objectives by determining if IS:

  • A. has sufficient excess capacity to respond to changing directions.
  • B. has all the personnel and equipment it needs.
  • C. plans are consistent with management strategy.
  • D. uses its equipment and personnel efficiently and effectively.

Answer: C

Explanation:
Determining if the IS plan is consistent with management strategy relates IS/IT planning to business plans. Choices A, C and D are effective methods for determining the alignment of IS plans with business objectives and the organization's strategies.

 

NEW QUESTION 250
Effective IT governance requires organizational structures and processes to ensure that:

  • A. the organization's strategies and objectives extend the IT strategy.
  • B. IT governance is separate and distinct from the overall governance.
  • C. the business strategy is derived from an IT strategy.
  • D. the IT strategy extends the organization's strategies and objectives.

Answer: D

Explanation:
Effective IT governance requires that board and executive management extend governance to IT and provide the leadership, organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategiesand objectives, and that the strategy is aligned with business strategy. Choice A is incorrect because it is the IT strategy that extends the organizational objectives, not the opposite. IT governance is not an isolated discipline; it must become anintegral part of the overall enterprise governance.

 

NEW QUESTION 251
Management has decided to include a compliance manager in the approval process for a new business that may require changes to the IT infrastructure. Which of the following is the GREATEST benefit of this approach?

  • A. Process accountabilities to external stakeholders are improved.
  • B. Fewer reviews are needed when updating the IT compliance process.
  • C. Security breach incidents can be identified in early stages.
  • D. Regulatory risk exposures can be identified before they materialize.

Answer: D

Explanation:
Section: Information System Operations, Maintenance and Support

 

NEW QUESTION 252
How is the time required for transaction processing review usually affected by properly implemented Electronic Data Interface (EDI)?

  • A. EDI does not affect the time necessary for review.
  • B. Cannot be determined.
  • C. EDI usually decreases the time necessary for review.
  • D. EDI usually increases the time necessary for review.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Electronic data interface (EDI) supports intervendor communication while decreasing the time necessary for review because it is usually configured to readily identify errors requiring follow-up.

 

NEW QUESTION 253
Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:

  • A. has a clearly defined charter and meeting protocols.
  • B. includes a mix of members from all levels of management.
  • C. has established relationships with external professionals.
  • D. conducts frequent reviews of the security policy.

Answer: B

Explanation:
Section: Governance and Management of IT

 

NEW QUESTION 254
A transaction processing system interfaces with the general ledger. Data analytics has identified that some transactions are being recorded twice in the general ledger. While management states a system fix has been implemented, what should the IS auditor recommend to validate the interface is working in the future?

  • A. Conduct functional testing.
  • B. Ensure system owner sign-off for the system fix.
  • C. Perform periodic reconciliations.
  • D. Improve user acceptance testing (UAT).

Answer: D

 

NEW QUESTION 255
Properly planned risk-based audit programs are often capable of offering which of the following benefits?

  • A. audit transparency only.
  • B. audit transparency and effectiveness.
  • C. audit efficiency and effectiveness.
  • D. None of the choices.
  • E. audit efficiency only.
  • F. audit effectiveness only.

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
Properly planned risk-based audit programs shall increase audit efficiency and effectiveness. The
sophistication and formality of this kind of audit do vary a lot depending on the target's size and complexity.

 

NEW QUESTION 256
Which of ihe following should be done FIRST to effectively define the IT audit universe for an entity with multiple business lines?

  • A. Obtain a complete listing of assets fundamental to the entity's businesses.
  • B. Obtain a complete listing of the entity's IT processes
  • C. Identify aggregate residual IT risk for each business line.
  • D. Identify key control objectives for each business line's core processes

Answer: A

 

NEW QUESTION 257
An IS auditor noted that a change to a critical calculation was placed into the production environment without being tested. Which of the following is the BEST way to obtain assurance that the calculation functions correctly?

  • A. Interview the lead system developer.
  • B. Check regular execution of the calculation batch job.
  • C. Obtain post-change approval from management.
  • D. Perform substantive testing using computer-assisted audit techniques (CAATs).

Answer: B

 

NEW QUESTION 258
Many organizations require an employee to take a mandatory vacation (holiday) of a week or more to:

  • A. eliminate the potential disruption caused when an employee takes vacation one day at a time.
  • B. provide proper cross-training for another employee.
  • C. reduce the opportunity for an employee to commit an improper or illegal act.
  • D. ensure the employee maintains a good quality of life, which will lead to greater productivity.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Required vacations/holidays of a week or more in duration in which someone other than the regular employee performs the job function is often mandatory for sensitive positions, as this reduces the opportunity to commit improper or illegal acts. During this time it may be possible to discover any fraudulent activity that was taking place. Choices A, C and D could all be organizational benefits from a mandatory vacation policy, but they are not the reason why the policy is established.

 

NEW QUESTION 259
An IS auditor finds a number of system accounts that do not have documented approvals Which of the following should be performed FIRST by the auditor?

  • A. Obtain sign-off on the accounts from the application owner
  • B. Document a finding and report an ineffective account provisioning control
  • C. Have the accounts removed immediately
  • D. Determine the purpose and risk of the accounts

Answer: D

 

NEW QUESTION 260
A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor s BEST recommendation to facilitate compliance with the regulation?

  • A. Establish key performance indicators (KPIs) for timely identification of security incidents.
  • B. Engage an external security incident response expert for incident handling.
  • C. Include the requirement in the incident management response plan.
  • D. Enhance the alert functionality of the intrusion detection system (IDS).

Answer: C

 

NEW QUESTION 261
If concurrent update transactions to an account are not processed properly, which of the following will be
affected?

  • A. Confidentiality
  • B. Availability
  • C. Accountability
  • D. Integrity

Answer: D

Explanation:
Section: The process of Auditing Information System

 

NEW QUESTION 262
Which of the following would be MOST helpful when assessing how applications exchange data with other applications?

  • A. Results of a risk assessment on the applications
  • B. Configuration management database
  • C. Entity relationship diagram
  • D. List of servers and their applications

Answer: C

Explanation:
Section: Information System Operations, Maintenance and Support

 

NEW QUESTION 263
What is the PRIMARY benefit to executive management when audit, risk, and security functions are
aligned?

  • A. More effective decision making
  • B. Reduced number of assurance reports
  • C. More timely risk reporting
  • D. More efficient incident handling

Answer: A

Explanation:
Section: Governance and Management of IT

 

NEW QUESTION 264
......


Protection of Information Assets

This objective has the highest percentage in the exam content, which means that you need to pay more attention to its components. The questions from this topic will measure your knowledge of the following:

  • Security Event Management – security awareness programs and training; information system attack techniques; security testing tools and methods; security monitoring tools and methods; evidence collection and forensic; incident response management.
  • Information asset security and control – privacy principles; data classification; virtual environments; information assets security frameworks, guidelines, and standards; identity & access management; public key infrastructure; data encryption & encryption-related methods; network & endpoint security; physical access & environmental controls;

You should also be ready that there will be about 39 supporting tasks that include various processes connected to the exam concepts. Therefore, it is important to master all the objectives.

 

Verified CISA exam dumps Q&As with Correct 973 Questions and Answers: https://www.preppdf.com/ISACA/CISA-prepaway-exam-dumps.html

Get New CISA Certification – Valid Exam Dumps Questions: https://drive.google.com/open?id=15V8iDPcjLwAbvARZ9j4VWt7qbhqtEMg2