The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
CISA Question 2791
Question
An organization implemented a mandatory information security awareness training program a year ago. What is the BEST way to determine its effectiveness?
A. Analyze responses from an employee survey on training satisfaction.
B. Analyze results from training completion reports.
C. Analyze results of a social engineering test.
D. Analyze findings from previous audit reports.
Answer
C. Analyze results of a social engineering test.
CISA Question 2792
Question
Which of the following would contribute MOST to employees’ understanding of data handling responsibilities?
A. Requiring staff acknowledgement of security policies
B. Labeling documents according to appropriate security classification
C. Implementing a tailored security awareness training program
D. Demonstrating support by senior management of the security program
Answer
C. Implementing a tailored security awareness training program
CISA Question 2793
Question
Which of the following is MOST critical to the successful implementation of information security within an organization?
A. Strong risk management skills exist within the information security group.
B. Budget is allocated for information security tools.
C. The information security manager is responsible for setting information security policy.
D. Security is effectively marketed to all managers and employees.
Answer
D. Security is effectively marketed to all managers and employees.
CISA Question 2794
Question
An emergency change was made to an IT system as a result of a failure. Which of the following should be of GREATEST concern to the organization’s information security manager?
A. The operations team implemented the change without regression testing.
B. The change did not include a proper assessment of risk.
C. Documentation of the change was made after implementation.
D. The information security manager did not review the change prior to
implementation.
Answer
B. The change did not include a proper assessment of risk.
CISA Question 2795
Question
During which phase of an incident response process should corrective actions to the response procedure be considered and implemented?
A. Eradication
B. Identification
C. Review
D. Containment
Answer
A. Eradication
CISA Question 2796
Question
An organization’s HR department would like to outsource
its employee management system to a cloud-hosted solution due to features and cost savings offered.
Management has identified this solution as a business need and wants to move forward. What should be the PRIMARY role of information security in this effort?
A. Ensure a security audit is performed of the service provider.
B. Ensure the service provider has the appropriate certifications.
C. Determine how to securely implement the solution.
D. Explain security issues
associated with the solution to management.
Answer
C. Determine how to securely implement the solution.
CISA Question 2797
Question
An organization has an approved bring your own device (BYOD) program. Which of the following is the MOST effective method to enforce application control on personal devices?
A. Implement a mobile device management solution.
B. Establish a mobile device acceptable use policy.
C. Implement a web application
firewall.
D. Educate users regarding the use of approved applications.
Answer
A. Implement a mobile device management solution.
CISA Question 2798
Question
When using a newly implemented security information and event management (SIEM) infrastructure, which of the following should be considered FIRST?
A. Report distribution
B. Encryption
C. Tuning
D. Retention
Answer
C. Tuning
CISA Question 2799
Question
An organization has implemented an enhanced password policy for business applications which requires significantly more business unit resources to support clients. The BEST approach to obtain the support of business unit management would be to:
A. elaborate on the positive impact to information security.
B. present industry benchmarking results to business units.
C. discuss the risk and impact of security incidents if not implemented.
D. present an analysis of the cost and
benefit of the changes.
Answer
C. discuss the risk and impact of security incidents if not implemented.
CISA Question 2800
Question
An organization is using a single account shared by personnel for its social networking marketing page. Which of the following is the BEST method to maintain accountability over the account?
A. Reviewing access rights on a periodic basis
B. Integrating the account with a single sign-on
C. Regular monitoring of proxy
server logs
D. Implementing an account password check-out process
Answer
D. Implementing an account password check-out process