2024 Latest CISA Demo and CISA Exam Questions SPOTO

Best CISA exam dumps 2024 you should get to 100% pass CISA exam! SPOTO offers you 100% real CISA exam demo with real CISA exam questions. ISACA CISA Exam Demo You can easily find all kinds of IT exam Q&As on SPOTO.

Categories	Exam Code	100% Pass Dumps
ISACA	CISA
	CISM
	CISA/CISM/CRISC proxy service

1.An external audit team is deciding whether to rely on internal audit’s work for an annual compliance audit. Which of the following is the GREATEST consideration when making this decision?

Professional certifications held by the internal audit team members.
Years of experience each of the internal auditors have in performing compliance audits.
The level of documentation maintained by internal audit and the methods used to collect evidence.
Independence of the internal audit department from management’s influence

Answer:

2.Which of the following is a KEY consideration to ensure the availability of nodes in an active-active application cluster configuration?

The cluster agent software used is open source.
Some of the nodes are located in the same city.
Adequate storage exists across all nodes.
Network encryption exists between nodes.

Answer:

3.Which of the following is found in an audit charter?

Audit objectives and scope.
Required training for audit staff.
The process of developing the annual audit plan.
The authority given to the audit function.

Answer:

4.Which of the following would be MOST time and cost efficient when performing a control self -assessment (CSA) for an organization with a large number of widely dispersed employees?

Top-down and bottom-up analysis
Facilitated workshops
Survey questionnaire
Face-to-face interviews

Answer:

5.A lower recovery point objective (RPO) results in:

lower overall cost.
higher backup frequency.
wider interruption windows.
higher disaster tolerance.

Answer:

6.With a properly implemented public key infrastructure (PKI) in use, person A wishes to ensure that an outgoing message can be read only by person B. To achieve this, the message should be encrypted using which of the following?

Person B’s public key
Person A’s private key
Person A’s public key
Person B’s private key

Answer:

7.When developing a business continuity plan (BCP), which of the following should be performed FIRST?

Develop business continuity training.
Classify operations.
Conduct a business impact analysis (BIA).
Establish a disaster recovery plan (DRP)

Answer:

8.An IS auditor discovers that a security information and event management (SIEM) system is not monitored outside of business hours.

Which of the following is the auditor’s BEST course of action?

Perform a business impact analysis (BIA).
Recommend a third-party monitored SIEM service.
Determine whether an alert system has been established
Notify the chief information security officer (CISO).

Answer:

9.An IS auditor is planning to review an organization’s information security program and wants to determine the minimum standards for securing the IT technical infrastructure. Which of the following is the BEST source for the auditor to consult?

Information security risk assessment report
Information security architecture
Information security guidelines
Information security strategic plan

Answer:

10.The results of an IS audit indicating the need to strengthen controls has been communicated to the appropriate stakeholders Which of the following is the BEST way for management to enforce implementation of the recommendations?

Request auditors to design a roadmap for closure
Copy senior management on communications related to the audit
Have stakeholders develop a business case for control changes.
Assign ownership to each remediation activity.

Answer:

11.Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?

Frequent testing of backups
Annual walk-through testing
Full operational test
Periodic risk assessment

Answer:

12.An organization has recently acquired another organization. When reviewing both IS departments, the IS auditor discovers two redundant IT applications Which of the following would be the auditor’s BEST recommendation for management?

Assess the gaps on both applications to determine further steps.
Develop an initiative to integrate both applications.
Keep the most comprehensive application as approved by senior management.
Submit a request for proposal (RFP) to replace the applications.

Answer:

13. During an audit of an organization’s intranet, it is discovered that users are not deleting their local web browser caches on a regular basis. This practice will result in the risk of:

disclosure of information.
repudiation
data incompleteness.
lack of data integrity

Answer:

14. Following an unauthorized disclosure of data an organization needs to implement data loss prevention (DLP) measures. What is the IS auditor’s BEST recommendation?

Establish a risk and control framework
Monitor and block outgoing emails based on common DLP criteria
Restrict removable media access on all computer systems
Install DLP software on corporate servers to prevent recurrence

Answer:

15. Which of the following BEST indicates that an organization has effective governance in place?

The organization regularly updates governance-related policies and procedures.
The organization’s board of directors executes on the management strategy.
The organization is compliant with local government regulations.
The organization’s board of directors reviews metrics for strategic initiatives.

Answer: