Best CISA exam dumps 2021 you should get to 100% pass CISA exam! SPOTO offers you 100% real CISA exam demo with real CISA exam questions. ISACA CISA Exam Demo You can easily find all kinds of IT exam Q&As on SPOTO.
|Categories||Exam Code||100% Pass Dumps|
|CISA/CISM/CRISC proxy service|
1.An external audit team is deciding whether to rely on internal audit’s work for an annual compliance audit. Which of the following is the GREATEST consideration when making this decision?
- Professional certifications held by the internal audit team members.
- Years of experience each of the internal auditors have in performing compliance audits.
- The level of documentation maintained by internal audit and the methods used to collect evidence.
- Independence of the internal audit department from management’s influence
2.Which of the following is a KEY consideration to ensure the availability of nodes in an active-active application cluster configuration?
- The cluster agent software used is open source.
- Some of the nodes are located in the same city.
- Adequate storage exists across all nodes.
- Network encryption exists between nodes.
3.Which of the following is found in an audit charter?
- Audit objectives and scope.
- Required training for audit staff.
- The process of developing the annual audit plan.
- The authority given to the audit function.
4.Which of the following would be MOST time and cost efficient when performing a control self -assessment (CSA) for an organization with a large number of widely dispersed employees?
- Top-down and bottom-up analysis
- Facilitated workshops
- Survey questionnaire
- Face-to-face interviews
5.A lower recovery point objective (RPO) results in:
- lower overall cost.
- higher backup frequency.
- wider interruption windows.
- higher disaster tolerance.
6.With a properly implemented public key infrastructure (PKI) in use, person A wishes to ensure that an outgoing message can be read only by person B. To achieve this, the message should be encrypted using which of the following?
- Person B’s public key
- Person A’s private key
- Person A’s public key
- Person B’s private key
7.When developing a business continuity plan (BCP), which of the following should be performed FIRST?
- Develop business continuity training.
- Classify operations.
- Conduct a business impact analysis (BIA).
- Establish a disaster recovery plan (DRP)
8.An IS auditor discovers that a security information and event management (SIEM) system is not monitored outside of business hours.
Which of the following is the auditor’s BEST course of action?
- Perform a business impact analysis (BIA).
- Recommend a third-party monitored SIEM service.
- Determine whether an alert system has been established
- Notify the chief information security officer (CISO).
9.An IS auditor is planning to review an organization’s information security program and wants to determine the minimum standards for securing the IT technical infrastructure. Which of the following is the BEST source for the auditor to consult?
- Information security risk assessment report
- Information security architecture
- Information security guidelines
- Information security strategic plan
10.The results of an IS audit indicating the need to strengthen controls has been communicated to the appropriate stakeholders Which of the following is the BEST way for management to enforce implementation of the recommendations?
- Request auditors to design a roadmap for closure
- Copy senior management on communications related to the audit
- Have stakeholders develop a business case for control changes.
- Assign ownership to each remediation activity.
11.Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?
- Frequent testing of backups
- Annual walk-through testing
- Full operational test
- Periodic risk assessment
12.An organization has recently acquired another organization. When reviewing both IS departments, the IS auditor discovers two redundant IT applications Which of the following would be the auditor’s BEST recommendation for management?
- Assess the gaps on both applications to determine further steps.
- Develop an initiative to integrate both applications.
- Keep the most comprehensive application as approved by senior management.
- Submit a request for proposal (RFP) to replace the applications.
13. During an audit of an organization’s intranet, it is discovered that users are not deleting their local web browser caches on a regular basis. This practice will result in the risk of:
- disclosure of information.
- data incompleteness.
- lack of data integrity
14. Following an unauthorized disclosure of data an organization needs to implement data loss prevention (DLP) measures. What is the IS auditor’s BEST recommendation?
- Establish a risk and control framework
- Monitor and block outgoing emails based on common DLP criteria
- Restrict removable media access on all computer systems
- Install DLP software on corporate servers to prevent recurrence
15. Which of the following BEST indicates that an organization has effective governance in place?
- The organization regularly updates governance-related policies and procedures.
- The organization’s board of directors executes on the management strategy.
- The organization is compliant with local government regulations.
- The organization’s board of directors reviews metrics for strategic initiatives.
Want more SPOTO CISA exam questions? Want to check the answers? Please contact us for the real CISA exam dumps and technical guidance!