Test-Questions.com
Exam Prep With Quizzes
 Certified Information Systems Auditor (CISA) 
cisa questions and answers pdf cisa test questions free

 

Q:1-Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions?
Mark one answer:
Response
Correction
Detection
Monitoring

Q:2-The development of an IS security policy is ultimately the responsibility of the:
Mark one answer:
IS department.
security committee.
security administrator.
board of directors.

Q:3-An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that:
Mark one answer:
this lack of knowledge may lead to unintentional disclosure of sensitive information.
information security is not critical to all functions.
IS audit should provide security training to the employees.
the audit finding will cause management to provide continuous training to staff.

Q:4-The rate of change in technology increases the importance of:
Mark one answer:
outsourcing the IS function.
implementing and enforcing good processes.
hiring personnel willing to make a career within the organization.
meeting user requirements.

Q:5-The PRIMARY objective of an audit of IT security policies is to ensure that:
Mark one answer:
they are distributed and available to all staff.
security and control policies support business and IT objectives.
there is a published organizational chart with functional descriptions.
duties are appropriately segregated.

test-questions.com

Q:6-Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?
Mark one answer:
User management coordination does not exist.
Specific user accountability cannot be established.
Unauthorized users may have access to originate, modify or delete data.
Audit recommendations may not be implemented.

Q:7-The advantage of a bottom-up approach to the development of organizational policies is that the policies:
Mark one answer:
are developed for the organization as a whole.
are more likely to be derived as a result of a risk assessment.
will not conflict with overall corporate policy.
ensure consistency across the organization.

Q:8-When reviewing an organization's strategic IT plan an IS auditor should expect to find:
Mark one answer:
an assessment of the fit of the organization's application portfolio with business objectives.
actions to reduce hardware procurement cost.
a listing of approved suppliers of IT contract resources.
a description of the technical architecture for the organization's network perimeter security.

Q:9-When developing a formal enterprise security program, the MOST critical success factor (CSF) would be the:
Mark one answer:
establishment of a review board.
creation of a security unit.
effective support of an executive sponsor.
selection of a security process owner.

Q:10-When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:
Mark one answer:
incorporates state of the art technology.
addresses the required operational controls.
articulates the IT mission and vision.
specifies project management practices.

❌Report wrong answer

cisa sample questions pdf isaca cisa test questions

Test-Questions.com CISA Exam Questions
Unlock 790 Q's with Code

 ISACA CISA 
Total Questions: 790 
Free        Demo        Premium