Free Access ISACA.CISA.v2025-05-24.q773 Practice Test (Page 116)

Question 571

Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization's information security policy?

A.IT steering committee minutes

B.Business objectives

C.Alignment with the IT tactical plan

D.Compliance with industry best practice

Correct Answer: B

The most important consideration for an IS auditor when assessing the adequacy of an organization's information security policy is the business objectives. An information security policy is a document that defines the organization's approach to protecting its information assets from internal and external threats. It should align with the organization's mission, vision, values, and goals, and support its business processes and functions1. An information security policy should also be focused on the business needs and requirements of the organization, rather than on technical details or specific solutions2.
The other options are not as important as the business objectives, because they do not directly reflect the organization's purpose and direction. IT steering committee minutes are records of the discussions and decisions made by a group of senior executives who oversee the IT strategy and governance of the organization. They may provide some insights into the information security policy, but they are not sufficient to evaluate its adequacy3. Alignment with the IT tactical plan is a measure of how well the information security policy supports the short-term actions and projects that implement the IT strategy. However, the IT tactical plan itself should be aligned with the business objectives, and not vice versa4. Compliance with industry best practice is a desirable quality of an information security policy, but it is not a guarantee of its effectiveness or suitability for the organization. Industry best practices are general guidelines or recommendations that may not apply to every organization or situation. An information security policy should be customized and tailored to the specific context and needs of the organization. References:
* The 12 Elements of an Information Security Policy | Exabeam1
* 11 Key Elements of an Information Security Policy | Egnyte2
* What is an IT steering committee? Definition, roles & responsibilities ...3
* What is IT Strategy? Definition, Components & Best Practices | BMC ...4
* IT Security Policy: Key Components & Best Practices for Every Business

Question 572

Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration?

A.Function point analysis

B.PERT chart

C.Rapid application development

D.Object-oriented system development

Question 573

An IS auditor observes that a large number of departed employees have not been removed from the accounts payable system. Which of the following is MOST important to determine in order to assess the risk1?

A.The ability of departed employees to actually access the system

B.The frequency of user access reviews performed by management

C.The process for terminating access of departed employees

D.The frequency of intrusion attempts associated with the accounts payable system

Question 574

Which of the following is the MOST important consideration when developing tabletop exercises within a cybersecurity incident response plan?

A.Create exercises that are challenging enough to prove inadequacies in the current incident response plan.

B.Identify the scope and scenarios that are relevant to current threats faced by the organization.

C.Ensure participants are selected from all cross-functional units in the organization.

D.Ensure the incident response team will have enough distractions to simulate real-life situations.

Question 575

Which of the following is MOST appropriate to review when determining if the work completed on an IT project is in alignment with budgeted costs?

A.Financial value analysis

B.Return on investment (ROI) analysis

C.Business impact analysis (BIA)

D.Earned value analysis (EVA)

Other Version: 1635ISACA.CISA.v2024-10-22.q310; 4137ISACA.CISA.v2023-10-02.q715; 3741ISACA.CISA.v2023-03-29.q119; 2398ISACA.CISA.v2023-02-09.q181; 1498ISACA.CISA.v2023-02-06.q107; 3051ISACA.CISA.v2022-08-28.q129; 4218ISACA.CISA.v2022-02-25.q148; 126ISACA.Actualtestpdf.CISA.v2021-11-13.by.sarah.721q.pdf; 5623ISACA.CISA.v2021-11-11.q194; 8827ISACA.CISA.v2021-10-08.q198; 9801ISACA.CISA.v2021-09-28.q199; 12255ISACA.CISA.v2021-09-11.q201

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 172TheSecOpsGroup.CNSP.v2025-09-08.q20; 239CFAInstitute.ESG-Investing.v2025-09-08.q173; 225PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 157Salesforce.Data-Architect.v2025-09-05.q216; 152Adobe.AD0-E605.v2025-09-05.q50

Question 571

Question 572

Question 573

Question 574

Question 575

Download PDF File