100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CISA REVIEW QUESTIONS AND ANSWERS WITH SOLUTIONS 2024 $16.49   Add to cart

Exam (elaborations)

CISA REVIEW QUESTIONS AND ANSWERS WITH SOLUTIONS 2024

 9 views  0 purchase
  • Course
  • CISA
  • Institution
  • CISA

CISA REVIEW QUESTIONS AND ANSWERS WITH SOLUTIONS 2024

Preview 3 out of 23  pages

  • August 16, 2024
  • 23
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CISA
  • CISA
avatar-seller
Performance
CISA REVIEW QUESTIONS AND
ANSWERS WITH SOLUTIONS 2024
IT governance is most concerned with

A. Security policy

B. IT policy

C. IT strategy

D. IT executive compensation - ANSWER IT Strategy

IT governance is the mechanism through which IT strategy is established, controlled, and monitored
through the balanced scorecard. Long-term and other strategic decisions are made in the context of IT
governance.



One of the advantages of outsourcing is

A. It permits the organization to focus on core competencies.

B. It results in reduced costs.

C. It provides greater control over work performed by the outsourcing agency.

D. It eliminates segregation of duties issues. - ANSWER It permits the organization to focus on core
competencies.

Outsourcing is an opportunity for the organization to focus on its core competencies. When an
organization outsources a business function, it no longer needs to be concerned about training
employees in that function. Outsourcing does not always reduce costs, because cost reduction is not
always the primary purpose for outsourcing in the first place.



An external IS auditor has discovered a segregation of duties issue in a high-value process. What is the
best action for the auditor to take?

A. Implement a preventive control.

B. Implement a detective control.

C. Implement a compensating control.

D. Document the matter in the audit report. - ANSWER Document the matter in the audit report.

The external auditor can only document the finding in the audit report. An external auditor is not in a
position to implement controls.

,An organization has chosen to open a business office in another country where labor costs are lower and
has hired workers to perform business functions there. This organization has

A. Outsourced the function

B. Outsourced the function offshore

C. Insourced the function on-site

D. Insourced the function at a remote location - ANSWER Insourced the function at a remote location

An organization that opens a business office in another country and staffs the office with its own
employees is insourcing, not outsourcing. Outsourcing is the practice of using contract labor, which is
clearly not the case in this example. In this case, the insourcing is taking place at a remote location.



What is the purpose of a criticality analysis?

A. Determine feasible recovery targets.

B. Determine which staff members are the most critical.

C. Determine which business processes are the most critical.

D. Determine maximum tolerable downtime. - ANSWER Determine which business processes are the
most critical.

A criticality analysis is used to determine which business processes are the most critical by ranking them
in order of criticality.



An organization needs to better understand whether one of its key business processes is effective. What
action should the organization consider?

A. Audit the process.

B. Benchmark the process.

C. Outsource the process.

D. Offshore the process. - ANSWER Benchmark the process.

An organization that needs to understand whether a key process is effective should consider
benchmarking the process. This will help the organization better understand whether its approach is
similar to that of other organizations.



Annualized loss expectancy (ALE) is defined as

A. Single loss expectancy (SLE) × annualized rate of occurrence (ARO)

B. Exposure factor (EF) × the annualized rate of occurrence (ARO)

, C. Single loss expectancy (SLE) × the exposure factor (EF)

D. Asset value (AV) × the single loss expectancy (SLE) - ANSWER Single loss expectancy (SLE) × annualized
rate of occurrence (ARO)

Annualized loss expectancy (ALE) is the annual expected loss to an asset. It is calculated by multiplying
the single loss expectancy (SLE—the financial loss experienced when the loss is realized one time) by the
annualized rate of occurrence (ARO—the number of times that the organization expects the loss to
occur).



A quantitative risk analysis is more difficult to perform because

A. It is difficult to get accurate figures on the impact of a realized threat.

B. It is difficult to get accurate figures on the probability of specific threats.

C. It is difficult to get accurate figures on the value of assets.

D. It is difficult to calculate the annualized loss expectancy of a specific threat. - ANSWER It is difficult to
get accurate figures on the probability of specific threats.

The most difficult part of a quantitative risk analysis is determining the probability that a threat will
actually be realized. It is relatively easy to determine the value of an asset and the impact of a threat
event.



A collection of servers that is designed to operate as a single logical server is known as what?

A. Cluster

B. Grid

C. Cloud

D. Replicant - ANSWER Cluster

A server cluster is a collection of two or more servers that is designed to appear as a single server.



What is the purpose of a balanced scorecard?

A. Measures the efficiency of an IT organization

B. Evaluates the performance of individual employees

C. Benchmarks a process in the organization against peer organizations

D. Measures organizational performance and effectiveness against strategic goals - ANSWER Measures
organizational performance and effectiveness against strategic goals

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Performance. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $16.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

80364 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$16.49
  • (0)
  Add to cart