Isaca CISA exam ready here! Get the latest CISA exam exercise questions and exam dumps pdf for free! 100% pass the exam to select
the full Isaca CISA dumps the link to get VCE or PDF. All exam questions are updated!
Lead4pass offers the latest Isaca CISA Google Drive
[Latest updates] Free Isaca CISA dumps pdf download from Google Drive: https://drive.google.com/file/d/1CCeyedV9IFXCaeNwL8cOk_EsDJXNTYrG/
Buklsainsa Exam Table of Contents:
- Isaca CISA Practice testing questions from Youtube
- latest updated Isaca CISA exam questions and answers
- Lead4Pass Isaca discount code
- About lead4pass
Isaca CISA Practice testing questions from Youtube
latest updated Isaca CISA exam questions and answers
QUESTION 1
Which of the following is the BEST way for management to ensure the effectiveness of the cybersecurity incident
response process?
A. Periodic update of incident response process documentation
B. Periodic reporting of cybersecurity incidents to key stakeholders
C. Periodic tabletop exercises involving key stakeholders
D. Periodic cybersecurity training for staff involved in incident response
Correct Answer: C
QUESTION 2
Which of the following is MOST important when an organization contracts for the long-term use of a custom-developed
application?
A. Documented coding standards
B. Error correction management
C. Contract renewal provisions
D. Escrow clause
Correct Answer: C
QUESTION 3
What would be the major purpose of rootkit?
A. to hide evidence from system administrators.
B. to encrypt files for system administrators.
C. to corrupt files for system administrators.
D. to hijack system sessions.
E. None of the choices.
Correct Answer: A
rootkit originally describes those recompiled Unix tools that would hide any trace of the intruder.
You can say that the only purpose of rootkit is to hide evidence from system administrators so there is no way to detect
malicious special privilege access attempts.
QUESTION 4
Which of the following network configuration options contains a direct link between any two host machines?
A. Bus
B. Ring
C. Star
D. Completely connected (mesh)
Correct Answer: D
A completely connected mesh configuration creates a direct link between any two host machines.
QUESTION 5
In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a
digital certificate (i.e., certificate subjects) is the:
A. registration authority (RA).
B. issuing certification authority (CA).
C. subject CA.
D. policy management authority.
Correct Answer: A
A RA is an entity that is responsible for identification and authentication of certificate subjects, but the RA does not sign
or issue certificates. The certificate subject usually interacts with the RA for completing the process of subscribing to the
services of the certification authority in terms of getting identity validated with standard identification documents, as
detailed in the certificate policies of the CA. In the context of a particular certificate, the issuing CA is the CA that issued
the certificate. In the context of a particular CA certificate, the subject CA is the CA whose public key is certified in the
certificate.
QUESTION 6
TEMPEST is a hardware for which of the following purposes?
A. Eavedropping
B. Social engineering
C. Virus scanning
D. Firewalling
E. None of the choices.
Correct Answer: A
Any data that is transmitted over a network is at some risk of being eavesdropped, or even modified by a malicious
person. Even machines that operate as a closed system can be eavesdropped upon via monitoring the faint
electromagnetic transmissions generated by the hardware such as TEMPEST.
QUESTION 7
What would be an IS auditor\\’s GREATEST concern when using a test environment for an application audit?
A. Test and production environments lack data encryption.
B. Developers have access to the test environment.
C. Retention period of test data has been exceeded.
D. Test and production environments do not mirror each other.
Correct Answer: D
QUESTION 8
A small organization does not have enough employees to implement adequate segregation of duties in accounts
payable. Which of the following is the BEST compensating control to mitigate the risk associated with this situation?
A. Regular reconciliation of key transactions approved by a supervisor
B. Supervisory review of logs to detect changes in vendors
C. Review of transactions exceeding a specific threshold
D. Rotation of duties among existing personnel
Correct Answer: B
QUESTION 9
What control detects transmission errors by appending calculated bits onto the end of each segment of data?
A. Reasonableness check
B. Parity check
C. Redundancy check
D. Check digits
Correct Answer: C
A redundancy check detects transmission errors by appending calculated bits onto the end of each segment of data. A
reasonableness check compares data to predefined reasonability limits or occurrence rates established for the data. A
parity check is a hardware control that detects data errors when data are read from one computer to another, from
memory or during transmission.
Check digits detect transposition and transcription errors.
QUESTION 10
Applying a retention date on a file will ensure that:
A. data cannot be read until the date is set.
B. data will not be deleted before that date.
C. backup copies are not retained after that date.
D. datasets having the same name are differentiated.
Correct Answer: B
A retention date will ensure that a file cannot be overwritten before that date has passed. The retention date will not
affect the ability to read the file. Backup copies would be expected to have a different retention date and therefore may
be retained after the file has been overwritten. The creation date, not the retention date, will differentiate files with the
same name.
QUESTION 11
Which policy helps an auditor to gain a better understanding of biometrics system in an organization?
A. BIMS Policy
B. BOMS Policy
C. BMS Policy
D. BOS Policy
Correct Answer: A
The auditor should use a Biometric Information Management System (BIMS) Policy to gain better understanding of the
biometric system in use.
Management of Biometrics
Management of biometrics should address effective security for the collection, distribution and processing of biometrics
data encompassing:
Data integrity, authenticity and non-repudiation
Management of biometric data across its life cycle ?compromised of the enrollment, transmission and storage,
verification, identification, and termination process Usage of biometric technology, including one-to-one and one-tomany matching, for identification and authentication Application of biometric technology for internal and external, as well
as logical and physical access control Encapsulation of biometric data Security of the physical hardware used
throughout the biometric data life cycle Techniques for integrity and privacy protection of biometric data.
Management should develop and approve a Biometric Information Management and Security (BIMS) policy. The auditor
should use the BIMS policy to gain better understanding of the biometric system in use. With respect to testing, the
auditor should make sure this policy has been developed and biometric information system is being secured
appropriately.
The identification and authentication procedures for individual enrollment and template creation should be specified in
BIMS policy.
The following were incorrect answers:
All other choices presented were incorrect answers because they are not valid policies.
Reference:
CISA review manual 2014 Page number 331 and 332
QUESTION 12
Which of the following is the PRIMARY objective of implementing privacy-related controls within an organization?
A. To identify data at rest and data in transit for encryption
B. To prevent confidential data loss
C. To comply with legal and regulatory requirements
D. To provide options to individuals regarding use of their data
Correct Answer: C
QUESTION 13
Who is mainly responsible for protecting information assets they have been entrusted with on a daily basis by defining
who can access the data, it\\’s sensitivity level, type of access, and adhering to corporate information security policies?
A. Data Owner
B. Security Officer
C. Senior Management
D. End User
Correct Answer: A
The Data Owner is the person who has been entrusted with a data set that belong to the company. As such they are
responsible to classify the data according to it\\’s value and sensitivity. The Data Owner decides who will get access to
the data, what type of access would be granted. The Data Owner will tell the Data Custodian or System Administrator
what access to configure within the systems.
A business executive or manager is typically responsible for an information asset. These are the individuals that assign
the appropriate classification to information assets. They ensure that the business information is protected with
appropriate controls. Periodically, the information asset owners need to review the classification and access rights
associated with information assets. The owners, or their delegates, may be required to approve access to the
information. Owners also need to determine the criticality, sensitivity, retention, backups, and safeguards for the
information. Owners or their delegates are responsible for understanding the risks that exist with regards to the
information that they control.
The following answers are incorrect:
Executive Management/Senior Management – Executive management maintains the overall responsibility for protection
of the information assets. The business operations are dependent upon information being available, accurate, and
protected from individuals without a need to know.
Security Officer – The security officer directs, coordinates, plans, and organizes information security activities throughout
the organization. The security officer works with many different individuals, such as executive management,
management of the business units, technical staff, business partners, auditors, and third parties such as vendors. The
security officer and his or her team are responsible for the design, implementation, management, and review of the
organization\\’s security policies, standards, procedures, baselines, and guidelines.
End User – The end user does not decide on classification of the data
Reference:
CISA review manual 2014 page number 108 Official ISC2 guide to CISSP CBK 3rd Edition Page number 342
Lead4Pass Isaca discount code
About lead4pass
Lead4Pass has 8 years of exam experience! A number of professional Isaca exam experts! Update exam questions throughout the year! The most complete exam questions and answers! The safest buying experience! The greatest free sharing of exam practice questions and answers!
Our goal is to help more people pass the Isaca exam! Exams are a part of life, but they are important!
In the study, you need to sum up the study! Trust Lead4Pass to help you pass the exam 100%!
Summarize:
Buklsainsa free to share Isaca CISA exam exercise questions, CISA pdf, CISA exam video! Lead4pass updated exam questions and answers throughout the year!
Make sure you pass the exam successfully. Select lead4Pass CISA to pass the Isaca CISA exam “Certified Information Systems Auditor“.
ps.
Latest update Lead4pass CISA exam dumps: https://www.leads4pass.com/cisa.html (3107 Q&As)
[Latest updates] Free Isaca CISA Dumps pdf download from Google Drive: https://drive.google.com/file/d/1CCeyedV9IFXCaeNwL8cOk_EsDJXNTYrG/