Certs Vault
See all results for ""
Home Exams
CRISC ISACA CISSP ISC2 200-301 Cisco SY0-701 CompTIA AZ-104 Microsoft AI-900 Microsoft AIGP IAPP 1Z0-1067-26 Oracle View All Exams →
Sign in Create account

Certified Information Systems Auditor CISA Exam Questions

Preparing for the CISA exam is simple with Certs Vault. We offer easy-to-understand study materials that help you learn the most important exam topics. You can study using our PDF questions, practice online with a real exam-style test, or use the desktop practice software. Choose the study method that works best for you and prepare at your own pace.

At Certs Vault, we keep our CISA practice questions up to date. Whenever the exam syllabus or objectives change, we update our study materials so you always learn the latest topics. This helps you save time, avoid outdated content, and feel more confident when you take your exam.

Download Exam View Entire Exam
Page: 2 / 2
Question #6 (Topic: Demo Questions)

Which of the following BEST helps to determine an organization’s data availability approach in the event of a disaster?

A.

Maximum tolerable outage (MTO).

B.

Recovery point objective (RPO).

C.

Cost-benefit analysis.

D.

Service delivery objective (SDO).

Correct Answer: B
Explanation:

The correct answer is B. Recovery point objective (RPO).

RPO is the best answer because the question focuses on data availability. RPO defines the point in time to which data must be recoverable after a disruption. In practical terms, it determines how much data loss the organization can tolerate and therefore influences the data backup, replication, synchronization, and recovery approach.

ISACA’s contingency planning guidance states that RPO represents the point in time before a disruption to which business process data can be recovered, based on the most recent backup copy. ISACA also explains that RPO is a factor of how much data loss the mission or business process can tolerate during recovery.

Option A is not the best answer because MTO addresses how long a critical function or system can be disrupted before significant harm occurs. It is more focused on outage duration than data currency. Option C is not the best answer because cost-benefit analysis helps choose among recovery options, but it does not define the data recovery requirement. Option D is not the best answer because SDO refers to the level of service required during alternate processing until normal operations are restored. ISACA’s glossary distinguishes MTO and SDO from RPO.

This question maps to Information Systems Operations and Business Resilience, because ISACA’s CISA Exam Content Outline includes business continuity, disaster recovery, data backup, storage, and restoration under Domain 4.

[References: ISACA CISA Exam Content Outline, Domain 4; ISACA Journal, Information System Contingency Planning Guidance; ISACA Interactive Glossary, “Maximum tolerable outage” and “Service delivery objective.”, ===================, ]
Question #7 (Topic: Demo Questions)

Which of the following is the BEST detective control for a job scheduling process involving data transmission?

A.

Metrics denoting the volume of monthly job failures are reported and reviewed by senior management.

B.

Jobs are scheduled to be completed daily and data is transmitted using a Secure File Transfer Protocol (SFTP).

C.

Jobs are scheduled and a log of this activity is retained for subsequent review.

D.

Job failure alerts are automatically generated and routed to support personnel.

Correct Answer: D
Explanation:

The best detective control for a job scheduling process involving data transmission is job failure alerts that are automatically generated and routed to support personnel. Job failure alerts are notifications that indicate when a scheduled job or task fails to execute or complete successfully, such as due to errors, interruptions, or delays. Job failure alerts can help detect and correct any issues or anomalies in the job scheduling process involving data transmission by informing and alerting the support personnel who can investigate and resolve the problem. The other options are not as effective as job failure alerts in detecting issues or anomalies in the job scheduling process involving data transmission, as they do not provide timely or specific information or feedback. Metrics denoting the volume of monthly job failures are reported and reviewed by senior management is a reporting technique that can help measure and improve the performance and reliability of the job scheduling process, but it does not provide immediate or detailed information on individual job failures. Jobs are scheduled to be completed daily and data is transmitted using a Secure File Transfer Protocol (SFTP) is a preventive control that can help ensure the timeliness and security of the job scheduling process involving data transmission, but it does not detect any issues or anomalies that may occur during the process. Jobs are scheduled and a log of this activity is retained for subsequent review is a logging technique that can help record and track the status and results of the job scheduling process involving data transmission, but it does not provide real-time or proactive information on job failures. References: CISA Review Manual (Digital Version), Chapter 3, Section 3.2

Download Exam
« Prev Page: 2 / 2
Next Page