Free Access ISACA.CISA.v2023-02-06.q107 Practice Test (Page 20)

Question 91

An IS auditor finds that an organization's data loss prevention (DLP) system is configured to use vendor default settings to identify violations. The auditor's MAIN concern should be that:

A.violations may not be categorized according to the organization's risk profile.

B.violation reports may not be reviewed in a timely manner.

C.violation reports may not be retained according to the organization's risk profile.

D.a significant number of false positive violations may be reported.

Question 92

An organization that has suffered a cyber attack is performing a forensic analysis of the affected users' computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?

A.The chain of custody has not been documented.

B.An imaging process was used to obtain a copy of the data from each computer.

C.Audit was only involved during extraction of the Information

D.The legal department has not been engaged.

Question 93

Cross-site scripting (XSS) attacks are BEST prevented through:

A.secure coding practices.

B.application firewall policy settings.

C.a three-tier web architecture.

D.use of common industry frameworks.

Question 94

An organization's enterprise architecture (EA) department decides to change a legacy system's components while maintaining its original functionality. Which of the following is MOST important for an IS auditor to understand when reviewing this decision?

A.The proposed network topology to be used by the redesigned system

B.The current business capabilities delivered by the legacy system

C.The database entity relationships within the legacy system

D.The data flows between the components to be used by the redesigned system

Question 95

An IS auditor learns the organization has experienced several server failures in its distributed environment. Which of the following is the BEST recommendation to limit the potential impact of server failures in the future?

A.Parallel testing

B.Failover power

C.Clustering

D.Redundant pathways

Other Version: 4518ISACA.CISA.v2025-05-24.q773; 1567ISACA.CISA.v2024-10-22.q310; 4135ISACA.CISA.v2023-10-02.q715; 3714ISACA.CISA.v2023-03-29.q119; 2375ISACA.CISA.v2023-02-09.q181; 3046ISACA.CISA.v2022-08-28.q129; 4199ISACA.CISA.v2022-02-25.q148; 126ISACA.Actualtestpdf.CISA.v2021-11-13.by.sarah.721q.pdf; 5606ISACA.CISA.v2021-11-11.q194; 8786ISACA.CISA.v2021-10-08.q198; 9763ISACA.CISA.v2021-09-28.q199; 12235ISACA.CISA.v2021-09-11.q201

Latest Upload: 107Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 156TheSecOpsGroup.CNSP.v2025-09-08.q20; 207CFAInstitute.ESG-Investing.v2025-09-08.q173; 154PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 144Salesforce.Data-Architect.v2025-09-05.q216; 136Adobe.AD0-E605.v2025-09-05.q50; 177Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 91

Question 92

Question 93

Question 94

Question 95

Download PDF File