Online Access Free ISACA.CISA.v2021-11-29.q567 Practice Test (Page 53)

CISA Exam Question 256

Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits vulnerability in a protocol?

A.Install the vendor's security fix for the vulnerability.

B.Block the protocol traffic in the perimeter firewall.

C.Block the protocol traffic between internal network segments.

D.Stop the service until an appropriate security fix is installed.

CISA Exam Question 257

Who is mainly responsible for protecting information assets they have been entrusted with on a daily basis by defining who can access the data, it's sensitivity level, type of access, and adhering to corporate information security policies?

A.Data Owner

B.Security Officer

C.Senior Management

D.End User

Correct Answer: A

Section: Information System Acquisition, Development and Implementation Explanation:
The Data Owner is the person who has been entrusted with a data set that belong to the company. As such they are responsible to classify the data according to it's value and sensitivity. The Data Owner decides who will get access to the data, what type of access would be granted. The Data Owner will tell the Data Custodian or System Administrator what access to configure within the systems.
A business executive or manager is typically responsible for an information asset. These are the individuals that assign the appropriate classification to information assets. They ensure that the business information is protected with appropriate controls. Periodically, the information asset owners need to review the classification and access rights associated with information assets. The owners, or their delegates, may be required to approve access to the information. Owners also need to determine the criticality, sensitivity, retention, backups, and safeguards for the information. Owners or their delegates are responsible for understanding the risks that exist with regards to the information that they control.
The following answers are incorrect:
Executive Management/Senior Management - Executive management maintains the overall responsibility for protection of the information assets. The business operations are dependent upon information being available, accurate, and protected from individuals without a need to know.
Security Officer - The security officer directs, coordinates, plans, and organizes information security activities throughout the organization. The security officer works with many different individuals, such as executive management, management of the business units, technical staff, business partners, auditors, and third parties such as vendors. The security officer and his or her team are responsible for the design, implementation, management, and review of the organization's security policies, standards, procedures, baselines, and guidelines.
End User - The end user does not decide on classification of the data
Reference:
CISA review manual 2014 page number 108
Official ISC2 guide to CISSP CBK 3rd Edition Page number 342

CISA Exam Question 258

An e-commerce enterprise's disaster recovery (DR) site has 30% less processing capability than the primary site. Based on this information, which of the following presents the GREATEST risk?

A.The DR site is in a shared location that hosts multiple other enterprises.

B.The DR site has not undergone testing to confirm its effectiveness.

C.Network firewalls and database firewalls at the DR site do not provide high availability.

D.No disaster recovery plan (DRP) testing has been performed during the last six months.

CISA Exam Question 259

An IS auditor reviewing an incident management process identifies client information was lost due to ransomware attacks. Which of the following would MOST effectively minimize the impact of future occurrences?

A.Back up client data more frequently.

B.Improve the ransomware awareness program.

C.Monitor all client data changes.

D.Change access to client data to read-only.

CISA Exam Question 260

An IS audit had identified that default passwords for a newly implemented application were not changed. During the follow-up audit which of the following would provide the BEST evidence that the finding was effectively addressed?

A.System-generated emails requiring application users to change passwords

B.Application log files that record the password changes

C.Screenshots of system parameters requiring password changes on next login

D.Written confirmation from management that the passwords were changed

Premium Bundle

Newest CISA Exam PDF Dumps shared by Actual4test.com for Helping Passing CISA Exam! Actual4test.com now offer the updated CISA exam dumps, the Actual4test.com CISA exam questions have been updated and answers have been corrected get the latest Actual4test.com CISA pdf dumps with Exam Engine here:

Access CISA Premium Version

(1435 Q&As Dumps, 30%OFF Special Discount: Freepdfdumps)

Other Version: 5884ISACA.CISA.v2025-06-20.q647; 1869ISACA.CISA.v2025-06-11.q606; 2260ISACA.CISA.v2023-03-04.q272; 2353ISACA.CISA.v2022-10-31.q203; 2452ISACA.CISA.v2022-03-29.q126; 123ISACA.Examprepaway.CISA.v2022-02-10.by.barret.126q.pdf; 36ISACA.Actualvce.CISA.v2021-08-31.by.ralap.101q.pdf

Latest Upload: 117Microsoft.SC-400.v2025-09-20.q290; 368ISACA.CGEIT.v2025-09-19.q537; 157Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62; 158Scrum.SAFe-Practitioner.v2025-09-18.q63; 154Workday.Workday-Prism-Analytics.v2025-09-17.q17; 134Oracle.1Z0-1055-24.v2025-09-17.q28; 131Oracle.1Z1-182.v2025-09-17.q32; 256Nutanix.NCP-US-6.5.v2025-09-16.q73; 275Oracle.1z0-071.v2025-09-16.q232; 205Oracle.1Z1-922.v2025-09-16.q125