8/5/24, 5:45 PM CISA Exam - Free Actual Q&As, Page 1 | ExamTopics
Topic 1 - Single Topic
Question #1 Topic 1
Which of the following should be of GREATEST concern to an IS auditor reviewing an organization's business continuity plan (BCP)?
A. The BCP has not been tested since it was first issued.
B. The BCP is not version-controlled.
C. The BCP's contact information needs to be updated.
D. The BCP has not been approved by senior management.
Correct Answer: A
Community vote distribution
A (63%) D (30%) 2%
Pass4surehub_com Highly Voted 1 month ago
(A is correct) if you want valid Questions and Answers. You have the site name above.
upvoted 9 times
GenPatton Highly Voted 10 months, 2 weeks ago
Selected Answer: A
I went to the CISA review manual to solve this, and the main concern should be the lack of testing.
First: Senior management create a "business continuity policy" (Ref: Review Manual 27th edition 4.15.4). In general, senior management makes
policies, and the plebs below make plans and procedures. Therefore a business continuity plan is not necessarily senior management approved.
Furthermore there is a passage in the review manual (4.15.11) regarding auditing business continuity. The passage does not really mention senior
management, but it does mention plan testing and obtaining historical results of tests during an audit.
upvoted 8 times
navexoc Most Recent 2 days, 20 hours ago
Still Valid question and answer ( A is correct ) TY ValidItexams
upvoted 1 times
wiwakiy787 5 days, 4 hours ago
A is corrrect answers all thankss goes to Examforusre..com
upvoted 1 times
scriptkiddie 2 weeks, 4 days ago
Selected Answer: D
If no one declares the disaster, the BCP would not be invoked, making all other concerns less significant
upvoted 1 times
scriptkiddie 2 weeks, 4 days ago
D. If no one declares the disaster, the BCP would not be invoked, making all other concerns less significant.
upvoted 1 times
poopsmcgoops 1 month, 1 week ago
It's D you fucking mongrels, look in the damn CRM
4.15 BUSINESS CONTINUITY PLAN
"BCP is primarily the responsibility of senior management, as they are
entrusted with safeguarding the assets and the viability of the organization, as
defined in the BCP/DRP policy. "
you don't even get into testing until the BCP is approved.
upvoted 1 times
KAP2HURUF 2 months, 1 week ago
Selected Answer: A
This is because a BCP that has not been tested is unproven and may not be effective in an actual disaster or business interruption scenario. Testing
is essential to identify gaps, ensure that all components of the plan work as intended, and that staff are familiar with their roles in the event of an
incident. Without testing, there is no assurance that the BCP will function correctly, which poses a significant risk to the organization's ability to
recover from an incident.
upvoted 1 times
a84n 3 months, 1 week ago
Selected Answer: D
https://www.examtopics.com/exams/isaca/cisa/custom-view/ 2/10
�8/5/24, 5:45 PM CISA Exam - Free Actual Q&As, Page 1 | ExamTopics
Answer: D
upvoted 1 times
5b56aae 3 months, 3 weeks ago
Selected Answer: A
Testing is the best way to assure the BCP works as intended
upvoted 1 times
Olatoyimika 4 months ago
Answer is D
upvoted 1 times
fori12 4 months, 2 weeks ago
Selected Answer: A
Note: Assessing the results and the value of the BCP and the DRP tests is an important part of the IS auditor’s responsibility.
upvoted 1 times
Mynameisboomboom 6 months, 3 weeks ago
Selected Answer: A
The primary concern for an IS auditor evaluating an organization's Business Continuity Plan is its capability to sustain critical business operations
during unforeseen events. This includes assessing the plan's thoroughness, testing protocols, and the organization's capacity to recover essential
functions. Additionally, the auditor should scrutinize any involvement or reliance on external services or providers, such as Pass4SureHub.com,
ensuring their integration aligns with the overall effectiveness of the Business Continuity Plan.
upvoted 1 times
camolig529 7 months ago
Selected Answer: B
B is coreect answer
upvoted 1 times
camolig529 7 months ago
Selected Answer: C
dsafdfghjkl
upvoted 1 times
FAGFUR 8 months, 2 weeks ago
Selected Answer: О
Answer A
upvoted 1 times
AbdulQadirKhan 10 months ago
Approval by Senior Management: The approval of the BCP by senior management is a fundamental step in ensuring that the BCP is considered a
valid and authoritative document within the organization. Without senior management's buy-in and approval, it may not receive the necessary
resources and attention it requires for effective implementation.
While the other issues mentioned (A, B, and C) are important and should also be addressed, the lack of senior management approval can indicate
more significant problem with the BCP's overall effectiveness and organizational commitment to business continuity planning. This oversight may
result in inadequate support, testing, or maintenance of the BCP, ultimately reducing its ability to ensure business continuity during disruptions.
upvoted 4 times
https://www.examtopics.com/exams/isaca/cisa/custom-view/ 3/10
�8/5/24, 5:45 PM CISA Exam - Free Actual Q&As, Page 1 | ExamTopics
Question #2 Topic 1
Which of the following would be MOST useful when analyzing computer performance?
A. Tuning of system software to optimize resource usage
B. Operations report of user dissatisfaction with response time
C. Statistical metrics measuring capacity utilization
D. Report of off-peak utilization and response time
Correct Answer: B
Community vote distribution
C (53%) B (47%)
tapsshore Highly Voted 1 year, 6 months ago
Option C. Statistical metrics measuring capacity utilization would be the most useful when analyzing computer performance.
These metrics provide valuable information on how resources, such as CPU, memory, and storage, are being used and can help identify bottleneck
or underutilized resources. This information can then be used to optimize resource usage, such as by adding more memory or upgrading hardware
which can improve overall performance.
Option A. Tuning of system software to optimize resource usage is also important, but it's not enough to just tune the software if you don't have
an understanding of how the resources are being utilized.
Option B. Operations report of user dissatisfaction with response time can be useful in identifying specific issues that users are experiencing, but it
doesn't provide a comprehensive view of overall performance.
Option D. Report of off-peak utilization and response time is important to understand how the system behaves during non-peak hours, but it does
not give a complete picture of the system performance.
upvoted 12 times
scriptkiddie Most Recent 2 weeks, 4 days ago
Selected Answer: C
Statistical metrics provide a quantifiable measure of capacity utilization which is critical for analyzing computer performance.
upvoted 1 times
scriptkiddie 2 weeks, 4 days ago
C. Statistical metrics provide a quantifiable measure of capacity utilization which is critical for analyzing computer performance.
upvoted 1 times
jan1234 3 weeks, 4 days ago
Selected Answer: C
The correct answer is C. Statistical metrics measuring capacity utilization.
Statistical metrics, such as:
- CPU utilization
- Memory usage
- Disk I/O rates
- Network bandwidth usage
provide quantitative data to analyze computer performance. These metrics help identify:
- Resource bottlenecks
- Capacity constraints
- Trends in usage patterns
- Potential optimization opportunities
upvoted 1 times
B1990 1 month ago
C. Statistical metrics measuring capacity utilization.
Statistical metrics measuring capacity utilization provide quantitative data on how effectively the computer system's resources are being utilized.
These metrics can include CPU utilization, memory usage, disk I/O rates, network bandwidth, and other relevant parameters. By analyzing these
metrics, you can identify potential bottlenecks, assess resource allocation, and determine if the system is operating at optimal levels.
While the other options may also provide valuable insights, statistical metrics measuring capacity utilization are more directly related to analyzing
overall system performance and resource efficiency. They provide objective data that allows for informed decision-making and optimization efforts
upvoted 1 times
https://www.examtopics.com/exams/isaca/cisa/custom-view/ 4/10
�8/5/24, 5:45 PM CISA Exam - Free Actual Q&As, Page 1 | ExamTopics
a84n 3 months, 1 week ago
Selected Answer: C
Answer: C
upvoted 1 times
5b56aae 3 months, 3 weeks ago
Selected Answer: B
Performance should be of the perspective of user satisfaction
upvoted 1 times
Swallows 4 months ago
Selected Answer: B
The answer should be B.
upvoted 1 times
Swallows 3 months, 3 weeks ago
After a calm review, I think C is the answer. Correction.
upvoted 1 times
Rachy 6 months, 2 weeks ago
Selected Answer: C
C. Statistical metrics
upvoted 1 times
Sibsankar 6 months, 3 weeks ago
This will be C; Capacity management involve with system resource.
upvoted 1 times
minajahan 11 months, 3 weeks ago
Selected Answer: B
I think this question was also in the CISA Manual.
upvoted 1 times
oldmagic 1 year, 1 month ago
Selected Answer: C
C is the correct answer B is a subjective answer and therefor not as accurate
upvoted 1 times
starzuu 1 year, 1 month ago
Selected Answer: C
Its C.
upvoted 1 times
ObaidMan 1 year, 1 month ago
When analyzing computer performance, the most useful option would likely be C. Statistical metrics measuring capacity utilization. These metrics
provide valuable insights into how resources are being utilized and can help identify potential bottlenecks or areas of inefficiency. By monitoring
capacity utilization, one can make informed decisions about resource allocation, scalability, and system optimization. Tuning system software
(option A) can also be beneficial, but having statistical metrics to guide the tuning process would provide more accurate and objective information
Option B, the operations report of user dissatisfaction, provides subjective feedback but may not necessarily pinpoint the underlying performance
issues. Option D, the report of off-peak utilization and response time, is useful for identifying patterns and trends but may not capture the overall
performance picture.
upvoted 1 times
NDUBU 1 year, 3 months ago
C. Statistical metrics measuring capacity utilization would be MOST useful when analyzing computer performance. Capacity utilization metrics help
to identify if computer systems are being over or underutilized, which can be a significant factor in performance issues. Tuning of system software
to optimize resource usage can also be helpful, but it is a more specific solution rather than a general tool for analysis. Operations reports of user
dissatisfaction with response time and reports of off-peak utilization and response time can also provide valuable information, but they are more
focused on the user experience rather than analyzing performance.
upvoted 1 times
Ehsanulhaq 1 year, 4 months ago
C. Statistical metrics measuring capacity utilization would be MOST useful when analyzing computer performance.
Capacity utilization is a statistical measure that reflects the extent to which the resources of a system, such as memory, processor, or disk space, are
being used. It can help identify trends and patterns in the usage of system resources over time and can be used to determine whether the system
being used to its full potential or is overloaded.
upvoted 1 times
Muna56 1 year, 4 months ago
Selected Answer: C
answer is c
upvoted 1 times
https://www.examtopics.com/exams/isaca/cisa/custom-view/ 5/10
�8/5/24, 5:45 PM CISA Exam - Free Actual Q&As, Page 1 | ExamTopics
https://www.examtopics.com/exams/isaca/cisa/custom-view/ 6/10
�8/5/24, 5:45 PM CISA Exam - Free Actual Q&As, Page 1 | ExamTopics
Question #3 Topic 1
Which of the following is the GREATEST risk if two users have concurrent access to the same database record?
A. Entity integrity
B. Availability integrity
C. Referential integrity
D. Data integrity
Correct Answer: D
Community vote distribution
D (100%)
scriptkiddie 2 weeks, 4 days ago
Selected Answer: D
Concurrency controls prevent data integrity issues that can occur when two update processes access the same data element simultaneously.
upvoted 1 times
Swallows 3 weeks, 1 day ago
Selected Answer: D
Although referential integrity is primarily concerned with relationships between different tables, it poses a direct risk to data integrity, since
concurrent accesses updating the same records can compromise data integrity.
upvoted 1 times
5b56aae 3 months, 3 weeks ago
Selected Answer: D
My answer is D
upvoted 1 times
Olatoyimika 4 months ago
The answer is D
upvoted 1 times
fori12 4 months, 2 weeks ago
Selected Answer: D
It is critical that database integrity and availability are maintained. This is ensured through the following controls:
• Establish controls to handle concurrent access problems, such as multiple users desiring to updatethe same data elements at the same time
upvoted 1 times
Bodooh 9 months, 1 week ago
Data Intergrity
upvoted 1 times
PC2323 10 months, 4 weeks ago
Multiple simultaneous edits to a record will create data integrity challenges
upvoted 1 times
kertyce 1 year, 6 months ago
D is correct
upvoted 3 times
tapsshore 1 year, 6 months ago
The greatest risk if two users have concurrent access to the same database record is Data Integrity. This is because concurrent access to the same
record can lead to conflicts and inconsistencies in the data, resulting in data being lost or corrupted. Data integrity is the assurance that the data
stored in the database is accurate, consistent, and reliable.
upvoted 3 times
AWS56 1 year, 10 months ago
Selected Answer: D
D is correct
upvoted 2 times
Victor83516 1 year, 11 months ago
Selected Answer: D
D is correct.
https://www.examtopics.com/exams/isaca/cisa/custom-view/ 7/10
�8/5/24, 5:45 PM CISA Exam - Free Actual Q&As, Page 1 | ExamTopics
upvoted 1 times
Question #4 Topic 1
Which of the following is the MOST effective way for an organization to help ensure agreed-upon action plans from an IS audit will be
implemented?
A. Ensure ownership is assigned.
B. Test corrective actions upon completion.
C. Ensure sufficient audit resources are allocated.
D. Communicate audit results organization-wide.
Correct Answer: A
Community vote distribution
A (100%)
scriptkiddie 2 weeks, 4 days ago
Selected Answer: A
Assigning ownership is crucial to ensure that the agreed-upon action plans are implemented.
upvoted 1 times
5b56aae 3 months, 3 weeks ago
Selected Answer: A
ownership makes accountability
upvoted 1 times
Bodooh 9 months, 1 week ago
Ownership
upvoted 2 times
Mutekeri 1 year, 1 month ago
Assign Responsibility: Assign clear ownership and responsibility for each action item to the appropriate individuals or teams within the
organization. Designate an accountable person who will be responsible for overseeing the implementation process and ensuring timely execution
of the action plans.
upvoted 1 times
Victor83516 1 year, 11 months ago
I am so confuse with A or B, who can explain it? thanks.
upvoted 2 times
Wakazdave 1 year, 11 months ago
B Wants to test the corrective action that has been applied whereas A wants to ensure that corrective action will be done. So, B can only happen
if corrective action has been taken.
upvoted 4 times
Glowrhea 1 month, 1 week ago
i so much love this explanation. APT. I chose B at first, until i read this
upvoted 1 times
Zephaniah 1 year, 11 months ago
ownership comes with accountability, so ownership takes precedence
upvoted 5 times
https://www.examtopics.com/exams/isaca/cisa/custom-view/ 8/10
�8/5/24, 5:45 PM CISA Exam - Free Actual Q&As, Page 1 | ExamTopics
Question #5 Topic 1
Which of the following issues associated with a data center's closed circuit television (CCTV) surveillance cameras should be of MOST concern to
an IS auditor?
A. CCTV recordings are not regularly reviewed.
B. CCTV records are deleted after one year.
C. CCTV footage is not recorded 24 x 7.
D. CCTV cameras are not installed in break rooms.
Correct Answer: A
Community vote distribution
A (59%) C (41%)
cidigi Highly Voted 1 year, 5 months ago
This is a typiclal ISACA thinking. : The most concerning issue with regards to CCTV surveillance cameras is that CCTV recordings are not regularly
reviewed. It is essential for an IS auditor to ensure that recordings are frequently reviewed to ensure that the security of the data center is properly
maintained. Additionally, the IS auditor should ensure that CCTV footage is recorded 24 x 7, and records should not be deleted until all necessary
procedures are taken. Lastly, CCTV cameras should be installed in break rooms, as these are areas where confidential information may be
discussed.
upvoted 5 times
scriptkiddie Most Recent 2 weeks, 4 days ago
Selected Answer: A
The lack of regular review of CCTV recordings means that security incidents may not be detected in a timely manner.
upvoted 1 times
B1990 1 month ago
Among the given options, the issue that should be of MOST concern to an IS auditor when reviewing a data center's closed circuit television (CCTV
surveillance cameras is:
C. CCTV footage is not recorded 24 x 7.
The continuous recording of CCTV footage is crucial for maintaining security and ensuring that any security incidents or breaches can be properly
investigated. If the CCTV cameras are not recording 24 x 7, there can be significant gaps in the surveillance coverage, leaving the data center
vulnerable to undetected security incidents or unauthorized access.
upvoted 1 times
a84n 3 months, 1 week ago
Selected Answer: A
Answer: A
upvoted 1 times
5b56aae 3 months, 3 weeks ago
Selected Answer: A
not being reviewed is the most concern for me
upvoted 1 times
Olatoyimika 4 months ago
Answer is C
upvoted 1 times
[Removed] 5 months, 2 weeks ago
Answer is A
CISA Manual has this verbiage- Video cameras, including motion-activated models, should be located at strategic points and monitored by securit
guards. The video surveillance
recording should be retained for possible future playback, and it should be recorded in sufficient resolution to permit enlarging the image to
identify an intruder.
upvoted 1 times
Sibsankar 6 months, 3 weeks ago
recording 24 x 7 of course a concern, but have you ever reviewed the CCTV recording even if the recording is done 8 hours ?
upvoted 1 times
angelina_smith 7 months, 1 week ago
dumpschool.com
https://www.examtopics.com/exams/isaca/cisa/custom-view/ 9/10
�8/5/24, 5:45 PM CISA Exam - Free Actual Q&As, Page 1 | ExamTopics
Answer C
upvoted 1 times
crowsaint 8 months, 1 week ago
Selected Answer: A
You don't need to record everything in your data center 24 hours a day. To reduce the amount of review, you can install a motion detector to
record only when motion occurs. So the answer is A.
upvoted 1 times
Makacha 8 months, 2 weeks ago
Only if review of recordings means the live viewing by security can A be the correct answer. Otherwise, the correct answer is C.
upvoted 1 times
IsaacMyo 9 months, 1 week ago
Why is review more important than the records?
upvoted 1 times
VizVibhor 9 months ago
because even if it is been recorded it has to be reviewed otherwise it wont hold any importance
upvoted 1 times
BA27 9 months, 3 weeks ago
C. CCTV footage is not recorded 24 x 7
upvoted 1 times
[Removed] 10 months, 1 week ago
Selected Answer: C
Who regulary revie recordings from CCTV? Only live viewing by security make sens and then 24/7 is crucial, or reviewing after incident when also
24/7 is crucial.
upvoted 1 times
victorchan 10 months, 3 weeks ago
Even I thought C is correct answer until I realized that without a monitor / review, recording 24 x 7 is of no use as it cannot detect any intrusions. A
best it would be a deterrent without monitoring / review but not a detective control which is more effective form of control.
upvoted 2 times
PC2323 10 months, 4 weeks ago
24 X 7 recording if not available, reviews cannot take place
upvoted 1 times
fernz 11 months, 3 weeks ago
Selected Answer: C
I believe the answer is C
upvoted 2 times
Get IT Certification
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
Start Learning for free
https://www.examtopics.com/exams/isaca/cisa/custom-view/ 10/10
