Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 2021:

  The risk that the IS auditor will not find an error that has occurred is identified by which of the following terms?

  A. Control
  B. Prevention
  C. Inherent
  D. Detection
  D. Detection

  ---

  Explanation

• Question 2022:

  A new privacy regulation requires a customer's privacy information to be deleted within 72 hours, if requested. Which of the following would be an IS auditor's GREATEST concern regarding compliance to this regulation?

  A. Outdated online privacy policies
  B. Incomplete backup and retention policies
  C. End user access to applications with customer information
  D. Lack of knowledge of where customers' information is saved
  D. Lack of knowledge of where customers' information is saved

  ---

  Explanation

• Question 2023:

  An IS audit team is evaluating the documentation related to the most recent application user-access review performed by IT and business management. It is determined the user list was not system-generated. Which of the following should be the GREATEST concern?

  A. Source of the user list reviewed
  B. Availability of the user list reviewed
  C. Confidentiality of the user list reviewed
  D. Completeness of the user list reviewed
  A. Source of the user list reviewed

  ---

  Explanation

• Question 2024:

  An IS auditor notes that help desk personnel are required to make critical decisions during major service disruptions. Which of the following is the auditor's BEST recommendation to address this situation?

  A. Introduce classification of disruptions by risk category.
  B. Provide historical incident response information for the help desk
  C. Implement an incident response plan
  D. Establish shared responsibility among business peers.
  C. Implement an incident response plan

  ---

  Explanation

• Question 2025:

  A global bank plans to use a cloud provider for backup of customer financial data. Which of the following should be the PRIMARY focus of this project?

  A. Backup testing schedule
  B. Data retention policy
  C. Transfer frequency
  D. Data confidentiality
  D. Data confidentiality

  ---

  Explanation

• Question 2026:

  Which of the following should be the IS auditor's PRIMARY focus when evaluating an organizations offsite storage facility?

  A. Adequacy of physical and environmental controls
  B. Results of business continuity plan (BCP) tests
  C. Shared facilities
  D. Retention policy and period
  A. Adequacy of physical and environmental controls

  ---

  Explanation

  Explanation

• Question 2027:

  Which of the following issues identified during a formal review of an organization's information security policies presents the GREATEST potential risk to the organization?

  A. The policies are not available to key risk stakeholders.
  B. The policies have not been reviewed by the risk management committee.
  C. The policies are not aligned with the information security risk appetite.
  D. The policies are not based on industry best practices for information security.
  C. The policies are not aligned with the information security risk appetite.

  ---

  Explanation

• Question 2028:

  Which of the following would provide the BEST evidence of an IT strategy corrections effectiveness?

  A. The minutes from the IT strategy committee meetings
  B. Synchronization of IT activities with corporate objectives
  C. The IT strategy committee charier
  D. Business unit satisfaction survey results
  B. Synchronization of IT activities with corporate objectives

  ---

  Explanation

  The best evidence of an IT strategy correction's effectiveness is the synchronization of IT activities with corporate objectives. The IT strategy correction is a process of reviewing and adjusting the IT strategy to ensure that it aligns with and supports the corporate strategy and objectives. The synchronization of IT activities with corporate objectives means that the IT activities are consistent with and contribute to the achievement of the corporate goals and vision. The IS auditor can measure and evaluate the IT strategy correction's effectiveness by comparing the IT activities with the corporate objectives, and assessing whether they are aligned, integrated, and coordinated. The other options are not as good evidence of an IT strategy correction's effectiveness, because they either do not reflect the alignment of IT and business, or they are inputs or outputs of the IT strategy correction process rather than outcomes or results.

  References: CISA Review Manual (Digital Version)1, Chapter 1, Section 1.2.1

• Question 2029:

  Which of the following should be the PRIMARY consideration when incorporating user training and awareness into a data loss prevention (DLP) strategy?

  A. Avoiding financial penalties and reputational risk
  B. Ensuring data availability
  C. Promoting secure data handling practices
  D. Adhering to data governance policies
  C. Promoting secure data handling practices

  ---

  Explanation

  Explanation

  Comprehensive and Detailed Step-by-Step

  ADLP strategyaims toprevent data breachesby ensuringusers handle data securely. Option A (Incorrect):Avoiding financial and reputational risk is anoutcome, but not theprimary goalof training.

  Option B (Incorrect):Data availabilityis important but is notdirectly relatedto DLP user training.

  Option C (Correct):User training should focus on secure data handling, as human error is a leading cause of data loss incidents.

  Option D (Incorrect):Data governanceensurescompliance, but secure handling practices are themain goal of DLP training.

  ISACA CISA Review Manual -Domain 5: Protection of Information Assets?CoversDLP strategies, security awareness, and training.

• Question 2030:

  Which of the following is the BEST way to identify whether the IT help desk is meeting service level agreements (SLAS)?

  A. Review exception reports
  B. Review IT staffing schedules.
  C. Analyze help desk ticket logs
  D. Conduct IT management interviews
  A. Review exception reports

  ---

  Explanation

  The best way to identify whether the IT help desk is meeting service level agreements (SLAs) is A. Review exception reports. Exception reports are documents that highlight any deviations from the agreed service levels, such as breaches,

  delays, or failures. They can help the IT help desk to monitor their performance, identify root causes, and implement corrective actions. Reviewing exception reports can also help the IT help desk to communicate with the end users and

  stakeholders about any service issues and their resolution.

  IT help desk support SLA, Section 4: Reporting and Reviewing Service Levels, Page 3.