Free Access to ISACA.CISA.v2024-12-27.q999 with Valid Practice Test (Page 77)

Request Exam Contact

Home
View All Exams
New QA's
Upload

PRACTICE EXAMS:

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce
Other

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
CISA Exam
ISACA.CISA.v2024-12-27.q999 Dumps

««
«
…
72
73
74
75
76
77
78
79
80
81
…
»
»»

Question 376

Which of the following audit procedures would BEST assist an IS auditor in determining the effectiveness of a business continuity plan (BCP)?

A.Performing an assessment of BCP test documentation
B.Participating in BCP meetings held with user department managers
C.Performing a maturity assessment of BCP methodology against industry standards
D.Observing tests of the BCP performed at the alternate processing site

Correct Answer: D

Section: The process of Auditing Information System

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 377

The PRIMARY benefit of information asset classification is that it:

A.prevents loss of assets.
B.helps to align organizational objectives.
C.facilitates budgeting accuracy.
D.enables risk management decisions.

Correct Answer: D

Explanation
The primary benefit of information asset classification is that it enables risk management decisions.
Information asset classification helps to identify the value, sensitivity and criticality of information assets, and to determine the appropriate level of protection and controls required for them. This facilitates risk assessment and risk treatment processes, and ensures that information assets are aligned with business objectives and regulatory requirements. Preventing loss of assets, helping to align organizational objectives or facilitating budgeting accuracy are secondary benefits of information asset classification, but not the main purpose. References: ISACA, CISA Review Manual, 27th Edition, 2018, page 300

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 378

Before implementing controls, management should FIRST ensure that the controls:

A.satisfy a requirement in addressing a risk issue.
B.do not reduce productivity.
C.are based on a cost-benefit analysis.
D.are detective or corrective.

Correct Answer: A

Explanation/Reference:
Explanation:
When designing controls, it is necessary to consider all the above aspects. In an ideal situation, controls that address all these aspects would be the best controls. Realistically, it may not be possible to design them all and cost may be prohibitive; therefore, it is necessary to first consider the preventive controls that attack the cause of a threat.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 379

The optimum business continuity strategy for an entity is determined by the:

A.lowest downtime cost and highest recovery cost.
B.lowest sum of downtime cost and recovery cost.
C.lowest recovery cost and highest downtime cost.
D.average of the combined downtime and recovery cost.

Correct Answer: B

Explanation/Reference:
Explanation:
Both costs have to be minimized, and the strategy for which the costs are lowest is the optimum strategy.
The strategy with the highest recovery cost cannot be the optimum strategy. The strategy with the highest downtime cost cannot be the optimum strategy. The average of the combined downtime and recovery cost will be higher than the lowest combined cost of downtime and recovery.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 380

In an IT organization where many responsibilities are shared which of the following is the BEST control for detecting unauthorized data changes?

A.Users are required to periodically rotate responsibilities
B.Segregation of duties conflicts are periodically reviewed
C.Data changes are independently reviewed by another group
D.Data changes are logged in an outside application

Correct Answer: C

Explanation
The best control for detecting unauthorized data changes in an IT organization where many responsibilities are shared is to have data changes independently reviewed by another group. This is because an independent review can provide an objective and unbiased verification of the data changes and ensure that they are authorized, accurate, and complete. An independent review can also help to detect any errors, fraud, or malicious activities that may have occurred during the data changes. An independent review can also provide assurance that the data integrity and security are maintained. References:
CISA Review Manual (Digital Version), Chapter 4, Section 4.31
CISA Online Review Course, Domain 1, Module 4, Lesson 22

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
72
73
74
75
76
77
78
79
80
81
…
»
»»

[×]

Download PDF File

Enter your email address to download ISACA.CISA.v2024-12-27.q999 Dumps

Email:

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics Made Easy - Statcounter