Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. ISACA
  3. CISA

ISACA CISA Exam (page: 20)
ISACA Certified Information Systems Auditor
Updated on: 25-Dec-2025

Viewing Page 20 of 366
CISA PDF 1823 Questions

Which of the following is the BEST control to mitigate attacks that redirect Internet traffic to an unauthorized website?

  1. Utilize a network-based firewall.
  2. Conduct regular user security awareness training.
  3. Enforce a strong password policy meeting complexity requirements.
  4. Perform domain name system (DNS) server security hardening.

Answer(s): D



During a follow-up audit, an IS auditor learns that some key management personnel have been replaced since the original audit, and current management has decided not to implement some previously accepted recommendations. What is the auditor's BEST course of action?

  1. Retest the control.
  2. Notify the audit manager.
  3. Close the audit finding.
  4. Notify the chair of the audit committee

Answer(s): B



An organization wants to classify database tables according to its data classification scheme. From an IS auditor's perspective, the tables should be classified based on the:

  1. specific functional contents of each single table.
  2. frequency of updates to the table.
  3. number of end users with access to the table.
  4. descriptions of column names in the table.

Answer(s): A



Management is concerned about sensitive information being intentionally or unintentionally emailed as attachments outside the organization by employees. What is the MOST important task before implementing any associated email controls?

  1. Provide notification to employees about possible email monitoring.
  2. Develop an information classification scheme.
  3. Develop an acceptable use policy for end-user computing (EUC).
  4. Require all employees to sign nondisclosure agreements (NDAs).

Answer(s): B



While auditing a small organization's data classification processes and procedures, an IS auditor noticed that data is often classified at the incorrect level. What is the MOST effective way for the organization to improve this situation?

  1. Conduct awareness presentations and seminars for information classification policies.
  2. Use automatic document classification based on content.
  3. Have IT security staff conduct targeted training for data owners.
  4. Publish the data classification policy on the corporate web portal.

Answer(s): C



Viewing Page 20 of 366



Share your comments for ISACA CISA exam with other users:

Mike 8/20/2023 5:12:00 PM

the exam dumps are helping me get a solid foundation on the practical techniques and practices needed to be successful in the auditing world.
UNITED STATES


Sam 8/31/2023 10:32:00 AM

not bad but you question database from isaca
MALAYSIA


Deno 10/25/2023 1:14:00 AM

i failed the cisa exam today. but i have found all the questions that were on the exam to be on this site.
Anonymous