Free Access ISACA.CISA.v2026-02-11.q999 Practice Test (Page 50)

Question 241

Which of the following should be an IS auditor's GREATEST concern when evaluating a cybersecurity incident response plan?

A.The plan has not been recently tested

B.Rules and responsibilities are not detailed for each process

C.The plan does not include incident response metrics

D.Stakeholder contact details are not up to date

Question 242

While reviewing the project plan for a new system prior to go-live, an IS auditor notes that the project team has not documented a fallback plan. Which of the following would be the BEST go-live approach in this situation?

A.Load balancing

B.Immediate cutover

C.Real-time replication

D.Parallel processing

Question 243

An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. Inthis situation, which of the following would be considered an adequate set of compensating controls?

A.Allow changes to be made only with the DBA user account.

B.Make changes to the database after granting access to a normal user account.

C.Use the DBA user account to make changes, log the changes and review the change log the following day.

D.Use the normal user account to make changes, log the changes and review the change log the following day.

Question 244

Which of the following represents the greatest risk in the use of software bots in an organization?

A.Minor overrides were not authorized by the business

B.Software bots were incapable of learning from training data

C.Software bots were programmed to record all user interactions, including mouse tracking

D.Unauthorized modifications were made to the scripts to improve performance

Question 245

IT management has not implemented action plans for a previous audit report finding and has decided to accept the associated risk. Which of the following is the auditor's BEST course of action?

A.Update the enterprise risk register to reflect the observation.

B.Document noncompliance with the agreed-upon plan.

C.Check for implementation of compensating controls.

D.Validate compliance with the risk acceptance process.

Other Version: 6270ISACA.CISA.v2026-01-26.q999; 9857ISACA.CISA.v2025-05-24.q773; 3472ISACA.CISA.v2024-10-22.q310; 7907ISACA.CISA.v2023-10-02.q715; 4903ISACA.CISA.v2023-03-29.q119; 3754ISACA.CISA.v2023-02-09.q181; 2305ISACA.CISA.v2023-02-06.q107; 3841ISACA.CISA.v2022-08-28.q129; 5302ISACA.CISA.v2022-02-25.q148; 130ISACA.Actualtestpdf.CISA.v2021-11-13.by.sarah.721q.pdf; 6984ISACA.CISA.v2021-11-11.q194; 10488ISACA.CISA.v2021-10-08.q198; 11558ISACA.CISA.v2021-09-28.q199; 13810ISACA.CISA.v2021-09-11.q201

Latest Upload: 286PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 414Nokia.4A0-113.v2026-05-01.q69; 447EC-COUNCIL.312-49v11.v2026-04-30.q214; 414Microsoft.MB-820.v2026-04-30.q101; 284Salesforce.MC-202.v2026-04-30.q57; 327BICSI.INSTC_V8.v2026-04-29.q53; 462NMLS.MLO.v2026-04-28.q82; 303NCARB.Project-Management.v2026-04-28.q27; 555EMC.D-AV-DY-23.v2026-04-27.q184; 1402ServiceNow.CSA.v2026-04-27.q483

Question 241

Question 242

Question 243

Question 244

Question 245

Download PDF File