Cisa Practice Exam Questions And Answers
Latest Update
Identify the most critical element from the following for the successful
implementation and ongoing regular maintenance of an information security
policy. [BAC]
A.Management support and approval for the information security policy
B. Understanding of the information security policy by all appropriate parties
C. Punitive actions for any violation of information security rules
D. Stringent access control monitoring of information security rules - correct
answers B. An information security policy comprises of processes, procedures, and
rules in an organization. The most important aspect of a successful
implementation of an information security policy is the assimilation by all
appropriate parties such as employees, service providers, and business partners.
Punitive actions for any violations are related to the education and awareness of
the policy.
Fair Lending has implemented a disaster recovery plan. Andrew, CFO of Fair
Lending, wants to ensure that the implemented plan is adequate. Identify the
immediate next step from the following.
Initiate the Full Operational Test
Initiate the Desk-based Evaluation
Initiate the Preparedness Test
Socialize with the Senior Management and Obtain Sponsorship - correct answers
B. The immediate next step to evaluate the adequacy of a disaster recovery plan
,once it has been implemented is to conduct a desk-based evaluation which is also
known as a paper test. The paper test involves walking through the plan and
discussion on what might happen in a particular type of service disruption with
the major stakeholders. As per the best practice, the paper test precedes the
preparedness test.
There are various methods of suppressing a data center fire. Identify the MOST
effective and environmentally friendly method from the following.
Water-based systems (sprinkler systems)
Argonite systems
Carbon dioxide systems
Dry-pipe sprinkling systems - correct answers D, Dry-pipe sprinkling systems are
the most effective and environmentally friendly from the available options. In this
system, the water does not flow until the fire alarm activates a pump. Water-
based systems (sprinkler systems) are environmentally friendly but may not
present the most effective option. In this system, the water is always present in
the piping, which can potentially leak, causing damage to equipment.
IT risk management process comprises of following 5 steps listed in no particular
sequence. (b) Asset Identification (e) Evaluation of Threats and Vulnerabilities to
Assets (a) Evaluation of the Impact (c) Calculation of Risk (d) Evaluation of and
Response to Risk Identify the correct sequence from the following
b, a, e, c, d
b, e, a, c, d
b, e, a, d, c
a, b, c, d, e - correct answers B. IT risk management process comprises of
following 5 steps: Step 1: Asset Identification Step 2: Evaluation of Threats and
,Vulnerabilities to Assets Step 3: Evaluation of the Impact Step 4: Calculation of
Risk Step 5: Evaluation of and Response to Risk
Palm Trading Company has implemented digital signatures to protect email
communication with their customers. Identify the benefit of using a digital
signature from the following.
Protects email content from unauthorized reading
Protects email content from data theft
Ensure timely delivery of email content
Ensures integrity of the email content - correct answers D. The digital signature is
used for verifying the identity of the sender and the integrity of the content.
Merlin, head of information systems audit at Cocoa Payroll Services, was invited to
a development project meeting. During the meeting, Merlin noted that no project
risks were documented and raised this issue with the head of IT. The IT project
manager opined that it was too early to identify risks and that they intend to hire
a risk manager if risks do start impacting the project. Identify the likely response
from Merlin from the following.
Express the willingness to work with the risk manager when one is appointed
Emphasize the importance of identifying and documenting risks, and to develop
contingency plans
Since the project manager is accountable for the outcome of the project, it is
reasonable to accept his position
Inform the project manager of intent to conduct a review of the risks at the
completion of the requirements definition phase of the project - correct answers
B An experienced project manager must be able to identify the majority of key
, project risks at the beginning of the project, and plan to deal with them when
they do materialize
Quick Micropayments has recently commissioned a critical online customer
platform. The CIO requested the information systems audit department to
conduct an independent review of the system. Identify the priority for the auditor
to plan and initiate an audit.
Review the audit charter and plan the audit
Review the impact of the implementation of the new system on the IT operations
Review prior audit reports on the system and plan the audit
Review the HR reports on employee turnover to identify any impact on the system
- correct answers A. The auditor should review the audit charter and plan the
audit accordingly. Since this is a newly implemented system, prior audit reports
are not available. A review of employee turnover and the impact on the IT
operational environment is of limited value at this stage.
Andrew, CFO of Fair Lending, is working on a business expansion plan to have a
street presence across North America. Andrew wants to ensure the disaster
recovery plan is comprehensive and provides adequate coverage in a potential
business interrupting scenario. The other consideration for Andrew is to have an
adequate and cost-effective evaluation method. Identify suitable evaluation
methods from the following
Preparedness Test
Full Operational Test
Desk-based Evaluation
Annual Tape Backup Recovery - correct answers A. A preparedness test is a
localized version of a full operational test, wherein actual resources are expended
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper Schoolflix. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €13,88. Je zit daarna nergens aan vast.