Practice Free CISA Exam Online Questions
Question #251
Which of the following is the MOST efficient control to reduce the risk associated with a systems administrator having network administrator responsibilities?
- A . The administrator must obtain temporary access to make critical changes.
- B . The administrator will need to request additional approval for critical changes.
- C . The administrator must sign a due diligence agreement.
- D . The administrator will be subject to unannounced audits.
Correct Answer: B
Question #252
To enable the alignment of IT staff development plans with IT strategy, which of the following should be done FIRST?
- A . Review IT staff job descriptions for alignment
- B . Develop quarterly training for each IT staff member.
- C . Identify required IT skill sets that support key business processes
- D . Include strategic objectives m IT staff performance objectives
Correct Answer: C
C
Explanation:
Identifying required IT skill sets that support key business processes is the first step to enable the alignment of IT staff development plans with IT strategy. An IT strategy is a plan that defines how IT will support the organization’s goals and objectives. Identifying required IT skill sets means determining the knowledge, abilities, and competencies that IT staff need to perform their roles and responsibilities effectively and efficiently. This can help to align IT staff development plans with IT strategy, as well as to identify and address any skill gaps or needs within the IT workforce. The other options are not the first steps to enable alignment, but rather possible subsequent actions that may depend on the required IT skill sets.
Reference: CISA Review Manual (Digital Version), Chapter 5, Section 5.11
CISA Review Questions, Answers & ExplanationsDatabase, Question ID 229
C
Explanation:
Identifying required IT skill sets that support key business processes is the first step to enable the alignment of IT staff development plans with IT strategy. An IT strategy is a plan that defines how IT will support the organization’s goals and objectives. Identifying required IT skill sets means determining the knowledge, abilities, and competencies that IT staff need to perform their roles and responsibilities effectively and efficiently. This can help to align IT staff development plans with IT strategy, as well as to identify and address any skill gaps or needs within the IT workforce. The other options are not the first steps to enable alignment, but rather possible subsequent actions that may depend on the required IT skill sets.
Reference: CISA Review Manual (Digital Version), Chapter 5, Section 5.11
CISA Review Questions, Answers & ExplanationsDatabase, Question ID 229
Question #253
Which of the following is MOST critical to the success of an information security program?
- A . Management’s commitment to information security
- B . User accountability for information security
- C . Alignment of information security with IT objectives
- D . Integration of business and information security
Correct Answer: A
A
Explanation:
The most critical factor for the success of an information security program is management’s commitment to information security. Management’s commitment to information security means that the senior management supports, sponsors, funds, monitors and enforces the information security program within the organization. Management’s commitment to information security also demonstrates leadership, sets the tone and culture, and establishes the strategic direction and objectives for information security. User accountability for information security, alignment of information security with IT objectives, and integration of business and information security are also important factors for the success of an information security program, but they are not as critical as management’s commitment to information security, as they depend on or derive from it.
Reference: Info Technology & Systems Resources | COBIT, Risk, Governance … – ISACA, IT Governance and Process Maturity
A
Explanation:
The most critical factor for the success of an information security program is management’s commitment to information security. Management’s commitment to information security means that the senior management supports, sponsors, funds, monitors and enforces the information security program within the organization. Management’s commitment to information security also demonstrates leadership, sets the tone and culture, and establishes the strategic direction and objectives for information security. User accountability for information security, alignment of information security with IT objectives, and integration of business and information security are also important factors for the success of an information security program, but they are not as critical as management’s commitment to information security, as they depend on or derive from it.
Reference: Info Technology & Systems Resources | COBIT, Risk, Governance … – ISACA, IT Governance and Process Maturity
Question #254
An organization establishes capacity utilization thresholds and monitors for instances when thresholds are exceeded.
Which of the following is BEST supported by this activity?
- A . Integrity
- B . Availability
- C . Confidentiality
- D . Nonrepudiation
Correct Answer: B
B
Explanation:
Comprehensive and Detailed Step-by-Step
Monitoringcapacity utilizationsupportsavailabilityby ensuring thatresources remain functional and do not exceed operational limits.
Option A (Incorrect): Integrityensures that data isaccurate and unaltered, but monitoring capacity thresholds primarily relates tosystem availability.
Option B (Correct): Availabilityensures that systems remainaccessible and functional, and monitoring capacity utilization helpsprevent downtimeandservice disruptions.
Option C (Incorrect): Confidentialityensures that data isprotected from unauthorized access, which is unrelated to capacity monitoring.
Option D (Incorrect): Nonrepudiationensures that actions can betraced to specific individuals, but it
does not relate tocapacity monitoring.
Reference: ISACA CISA Review Manual CDomain 4: Information Systems Operations and Business ResilienceC Coverscapacity planning and monitoring for system availability.
B
Explanation:
Comprehensive and Detailed Step-by-Step
Monitoringcapacity utilizationsupportsavailabilityby ensuring thatresources remain functional and do not exceed operational limits.
Option A (Incorrect): Integrityensures that data isaccurate and unaltered, but monitoring capacity thresholds primarily relates tosystem availability.
Option B (Correct): Availabilityensures that systems remainaccessible and functional, and monitoring capacity utilization helpsprevent downtimeandservice disruptions.
Option C (Incorrect): Confidentialityensures that data isprotected from unauthorized access, which is unrelated to capacity monitoring.
Option D (Incorrect): Nonrepudiationensures that actions can betraced to specific individuals, but it
does not relate tocapacity monitoring.
Reference: ISACA CISA Review Manual CDomain 4: Information Systems Operations and Business ResilienceC Coverscapacity planning and monitoring for system availability.
Question #255
Which of the following would be of GREATEST concern to an IS auditor reviewing an IT strategy document?
- A . The previous year’s IT strategic goals were not achieved.
- B . Target architecture is defined at a technical level.
- C . Financial estimates of new initiatives are disclosed within the document.
- D . Strategic IT goals are derived solely from the latest market trends.
Correct Answer: D
D
Explanation:
Comprehensive and Detailed Step-by-Step
AnIT strategymust bealigned with business objectives, not solely based onmarket trends.
Strategic IT Goals Derived Solely from Market Trends (Correct Answer C D)
IT strategy should supportorganizational goals, not justfollow industry trends.
Example: A company investing inAIjust because it’strendy, without considering business needs. Previous Year’s IT Goals Not Achieved (Incorrect C A)
A concern, butdoes not indicate a fundamental strategy flaw. Target Architecture Defined at a Technical Level (Incorrect C B) Technical details are important for implementation. Financial Estimates Included (Incorrect C C)
Cost transparency is agood practice.
Reference: ISACA CISA Review Manual
COBIT 2019 (IT Governance)
D
Explanation:
Comprehensive and Detailed Step-by-Step
AnIT strategymust bealigned with business objectives, not solely based onmarket trends.
Strategic IT Goals Derived Solely from Market Trends (Correct Answer C D)
IT strategy should supportorganizational goals, not justfollow industry trends.
Example: A company investing inAIjust because it’strendy, without considering business needs. Previous Year’s IT Goals Not Achieved (Incorrect C A)
A concern, butdoes not indicate a fundamental strategy flaw. Target Architecture Defined at a Technical Level (Incorrect C B) Technical details are important for implementation. Financial Estimates Included (Incorrect C C)
Cost transparency is agood practice.
Reference: ISACA CISA Review Manual
COBIT 2019 (IT Governance)
Question #256
A network analyst is monitoring the network after hours and detects activity that appears to be a brute-force attempt to compromise a critical server. After reviewing the alerts to ensure their accuracy, what should be done NEXT?
- A . Perform a root cause analysis.
- B . Document all steps taken in a written report.
- C . Isolate the affected system.
- D . Invoke the incident response plan.
Correct Answer: D
Question #256
A network analyst is monitoring the network after hours and detects activity that appears to be a brute-force attempt to compromise a critical server. After reviewing the alerts to ensure their accuracy, what should be done NEXT?
- A . Perform a root cause analysis.
- B . Document all steps taken in a written report.
- C . Isolate the affected system.
- D . Invoke the incident response plan.
Correct Answer: D
Question #258
Aligning IT strategy with business strategy PRIMARILY helps an organization to:
- A . Increase involvement of senior management in IT.
- B . Optimize investments in IT.
- C . Create risk awareness across business units.
- D . Monitor the effectiveness of IT.
Correct Answer: B
B
Explanation:
Comprehensive and Detailed Step-by-Step
Aligning IT with business strategy ensures that IT investments provide value and support business objectives.
Option A (Incorrect): While senior management involvement is essential, it is abyproductof alignment rather than the primary goal.
Option B (Correct): The main purpose of alignment is tooptimize IT investments by ensuring that IT initiatives directly support business needs, reducing waste and improving ROI.
Option C (Incorrect): Risk awareness is important but is not the primary reason for IT-business alignment.
Option D (Incorrect): Monitoring IT effectiveness is part of governance but not the main objective of IT-business alignment.
Reference: ISACA CISA Review Manual CDomain 1: Information Systems Auditing ProcessC Covers IT governance, strategy alignment, and value realization.
B
Explanation:
Comprehensive and Detailed Step-by-Step
Aligning IT with business strategy ensures that IT investments provide value and support business objectives.
Option A (Incorrect): While senior management involvement is essential, it is abyproductof alignment rather than the primary goal.
Option B (Correct): The main purpose of alignment is tooptimize IT investments by ensuring that IT initiatives directly support business needs, reducing waste and improving ROI.
Option C (Incorrect): Risk awareness is important but is not the primary reason for IT-business alignment.
Option D (Incorrect): Monitoring IT effectiveness is part of governance but not the main objective of IT-business alignment.
Reference: ISACA CISA Review Manual CDomain 1: Information Systems Auditing ProcessC Covers IT governance, strategy alignment, and value realization.
Question #259
Which of the following key performance indicators (KPIs) provides stakeholders with the MOST useful information about whether information security risk is being managed?
- A . Time from identifying security threats to implementing solutions
- B . The number of security controls audited
- C . Time from security log capture to log analysis
- D . The number of entries in the security risk register
Correct Answer: A
A
Explanation:
Comprehensive and Detailed Step-by-Step
Thespeed at which security threats are mitigatedis akey indicatorof an organization’srisk management effectiveness.
Option A (Correct): Response time to security threatsmeasures how efficiently security teams detect, analyze, and mitigate risks, providingclear insight into security operations.
Option B (Incorrect): The number of security controls auditeddoes not indicatehow well risk is being managed, only that reviews are taking place.
Option C (Incorrect): Log analysis speedis useful, but it does notdirectly measure risk mitigation
effectiveness.
Option D (Incorrect): Risk register entriesindicate known risks but do not provide insight intohow well those risks are managed.
Reference: ISACA CISA Review Manual CDomain 5: Protection of Information AssetsC Coverssecurity metrics, KPIs, and risk management evaluation.
A
Explanation:
Comprehensive and Detailed Step-by-Step
Thespeed at which security threats are mitigatedis akey indicatorof an organization’srisk management effectiveness.
Option A (Correct): Response time to security threatsmeasures how efficiently security teams detect, analyze, and mitigate risks, providingclear insight into security operations.
Option B (Incorrect): The number of security controls auditeddoes not indicatehow well risk is being managed, only that reviews are taking place.
Option C (Incorrect): Log analysis speedis useful, but it does notdirectly measure risk mitigation
effectiveness.
Option D (Incorrect): Risk register entriesindicate known risks but do not provide insight intohow well those risks are managed.
Reference: ISACA CISA Review Manual CDomain 5: Protection of Information AssetsC Coverssecurity metrics, KPIs, and risk management evaluation.
Question #260
Which of the following is an objective of IT project portfolio management?
- A . Successful implementation of projects
- B . Selection of sound, strategically aligned investment opportunities
- C . Validation of business case benefits
- D . Establishment of tracking mechanisms
Correct Answer: A