Free Access ISACA.CISA.v2022-08-28.q129 Practice Test (Page 13)

Question 56

When auditing third-party service providers, an IS auditor should be concerned with which of the following?

A.Ownership of the programs and files

B.A statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster

C.A statement of due care

D.Ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster

Question 57

What is an initial step in creating a proper firewall policy?

A.Assigning access to users according to the principle of least privilege

B.Determining appropriate firewall hardware and software

C.Identifying network applications such as mail, web, or FTP servers

D.Configuring firewall access rules

Question 58

Which of the following is the GREATEST risk associated with vulnerability scanning tools used to identify security weaknesses?

A.False positives

B.Use of open source tools

C.Outdated signatures for detection

D.False negatives

Question 59

During a database security audit, an IS auditor is reviewing the process used to upload source data Which of the following is the MOST significant risk area for the auditor to focus on?

A.Data resilience

B.Data integrity

C.Data normalization

D.Data sensitivity

Question 60

During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include:

A.the level of information security required when business recovery procedures are invoked.

B.information security roles and responsibilities in the crisis management structure.

C.information security resource requirements.

D.change management procedures for information security that could affect business continuity arrangements.

Other Version: 4516ISACA.CISA.v2025-05-24.q773; 1565ISACA.CISA.v2024-10-22.q310; 4135ISACA.CISA.v2023-10-02.q715; 3714ISACA.CISA.v2023-03-29.q119; 2375ISACA.CISA.v2023-02-09.q181; 1485ISACA.CISA.v2023-02-06.q107; 4197ISACA.CISA.v2022-02-25.q148; 126ISACA.Actualtestpdf.CISA.v2021-11-13.by.sarah.721q.pdf; 5600ISACA.CISA.v2021-11-11.q194; 8785ISACA.CISA.v2021-10-08.q198; 9763ISACA.CISA.v2021-09-28.q199; 12226ISACA.CISA.v2021-09-11.q201

Latest Upload: 107Oracle.1Z0-1057-23.v2025-09-10.q47; 146Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 155TheSecOpsGroup.CNSP.v2025-09-08.q20; 204CFAInstitute.ESG-Investing.v2025-09-08.q173; 152PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 140Salesforce.Data-Architect.v2025-09-05.q216; 136Adobe.AD0-E605.v2025-09-05.q50; 176Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 56

Question 57

Question 58

Question 59

Question 60

Download PDF File