Free CISA Exam Sample Questions 

 

 

1) In general, disgruntled employees, or employees with financial/emotional problems, hackers, contractors, past employees, maintenance, cleaning and security are involved in theft, abuse, theft of copyright, embezzlement and crime. For the prevention of these actions it is necessary:
A. Network Access Controls;
B. Prevention Access Controls;
C. Criminal Employees Controls;
D. Physical Access Controls;
E. Theft and Abuse Controls.

Answer: D.
Explanation: Physical Access Controls – Prevention of theft, abuse, theft of copyright, embezzlement and crime: From: disgruntled employees, employees with financial/emotional problems, hackers, contractors, past employees, maintenance, cleaning, security.

2) To the external organization users, such as customers, passwords, restrictions, signed agreements and security audits must be passed through physical controls, such as physical locks, ID badges, guards, logging, electronic locks, cameras and sign ins. What are the most recommended places to put physical locks?
A. Warehouse, supply areas, waste areas;
B. Disposal areas, warehouse, power areas;
C. Disposal areas, supply areas, power areas;
D. Warehouse, waste areas, audits areas;
E. Disposal areas, supply areas, audits areas.

Answer: C.
Explanation: External organization users – Customers : passwords, restrictions, signed agreements, security audits. Use Physical controls: physical locks, ID badges, guards, logging, electronic locks, cameras, sign ins. Places to put physical locks – Disposal areas, supply areas, power areas.

3) Physical controls, such as physical locks, ID badges, guards, logging, electronic locks, cameras and sign ins are in general in places like disposal areas, supply areas and power areas. And Passwords, restrictions, signed agreements and security audits are used by?
A. Internal organization users – customers;
B. Physical organization users – customers;
C. Security organization users – customers;
D. External organization users – customers;
E. Management organization users – management;

Answer: D.
Explanation: External organization users – Customers : passwords, restrictions, signed agreements, security audits. Use Physical controls: physical locks, ID badges, guards, logging, electronic locks, cameras, sign ins. Places to put physical locks – Disposal areas, supply areas, power areas.

4) Considering the brownouts, drop in voltage, dimming lights, temporary voltage increases and/or decreases, such as physical failures like blackouts, earthquake, flood, we can say Environmental Attacks can cause damage to equipment. To reduce likelihood of electrical damage to these related problems, what should be done?
A. Blackmails, Test environment, smoke and fire alert;
B. Chemical, smoke, test environment, and monitors alert;
C. Chemical, smoke, fire and flood alert monitors and fire interrupting systems;
D. Blackmails, fire and food alert monitors and smoke interrupting systems;
E. Chemical, smoke, fire and flood alert monitors and fire suppressing systems.

Answer: E.
Explanation: Environmental Attacks can cause damage to equipment – Physical failures – blackouts, earthquake, flood, Brownouts – drop in voltage (dimming lights), temporary voltage increases and/or decreases; Reduce likelihood of electrical damage related problems. Chemical, smoke, fire and flood alert monitors and fire suppressing systems.

5) When a complete failure happens, without having perspective of fixing it is necessary to betake surge protection systems for uninterrupted power and supply emergency power in the event of a failure, also to add multiple and backup sources of power. What else is necessary?
A. To add a backup and an interrupted protection system;
B. To add backup and power supply;
C. To add secondary storage systems and emergency power;
D. To add backup and secondary storage systems;
E. Nothing else is necessary.

Answer: D.
Explanation: Add backup and secondary storage systems. Add surge protection systems for uninterrupted power supply and emergency power in the event of a failure. Add multiple and backup sources of power.

6) If a failure problem happens, backup and secondary storage systems are added, also is added multiple and backup sources of power. What is the surge protection systems are added for?
A. For secondary storage systems and emergency power in the event of a failure;
B. For uninterrupted power supply and emergency power in the event of a failure;
C. For security protection and uninterrupted power supply;
D. For systems emergency power supply and uninterrupted event of failure;
E. For protection and emergency power in the event of failure.

Answer: B.
Explanation: Add backup and secondary storage systems. Add surge protection systems for uninterrupted power supply and emergency power in the event of a failure. Add multiple and backup sources of power.


7) Considering a possible failure, and the multiple backup sources of power, how must proceed the backing up systems?
A. Scheduled, systematic, update frequently using RPO as a guide, with appropriate documentation;
B. Scheduled, synchronic, update frequently using RPO as a guide, with appropriate documentation;
C. Synchronic, systematic, outdated frequently using RPO as a guide, with appropriate documentation;
D. Scheduled, systematic, outdated frequently using RPO as a guide, with appropriate documentation;
E. Scheduled, systematic, synchronic, outdated frequently using RPO as a guide, with appropriate documentation;

Answer: A.
Explanation: Backing up systems: Scheduled, systematic, update frequently using RPO as a guide, with appropriate documentation.

8) Procedure guides, documentation, sources, reports and detailed descriptions of inventory are part of what kind of storage?
A. Insite Storage;
B. Outside Storage;
C. Stand-up Storage;
D. Offsite Storage;
E. Outstanding Storage.

Answer: B.
Explanation: Offsite storage – procedure guides, documentation, sources, reports and through detailed descriptions of inventory.

9) Regarding the Offsite storage, we can consider the documentation, the sources and the reports through detailed descriptions. What is missing on that list?
A. Data Storage;
B. Offsite Security;
C. Offsite Synchronicity;
D. Procedure Guides;
E. Offsite Sources.

Answer: D.
Explanation: Offsite storage – procedure guides, documentation, sources, reports and through detailed descriptions of inventory.

10) What needs to be compatible, to have a secure media and transfer to data banks for storage, and then secure dispose in accordance with laws of outdated data?
A. Data Storage;
B. Data Resources;
C. Data Security;
D. Data Media;
E. Data Backup.

Answer: E.
Explanation: Data Backup: Compatible, secure media and transfer to data banks for storage. Then secure dispose in accordance with laws of outdated data.

11) Considering the actions when an incident occurs, such as plan, detect, record, contain, remove, recovery, report and review, and the Contract Provisions, such as change management, availability, insurance, time usage, warranties, testing and reliability, how must be the insurance?
A. Available, accurately shows the complete cost for organization to recover;
B. Clear, accurately shows the complete cost for organization to recover;
C. Clear, available to complete the cost for organization to recover;
D. Accurately shows the complete cost for organization to outbreak;
E. Clear, available to complete the cost for organization to outbreak.

Answer: B.
Explanation: Incidents – Plan, detect, record, contain, remove, recovery, report, review. Contract Provisions – Change management, availability, insurance, time usage, warranties, testing and reliability. Insurance – clear, accurately shows the complete cost for organization to recover.


12) How is called the actions of change management, availability, insurance, time usage, warranties, testing and reliability?
A. Incidents;
B. Insurance;
C. Contract Provisions;
D. Management;
E. Incidents Provisions;

Answer: C.
Explanation: Incidents – Plan, detect, record, contain, remove, recovery, report, review. Contract Provisions – Change management, availability, insurance, time usage, warranties, testing and reliability. Insurance – clear, accurately shows the complete cost for organization to recover.

13) What is clear and accurately shows the complete cost for organization to recover, if a failure case happens?
A. Incidents;
B. Insurance;
C. Contract Provisions;
D. Management;
E. Incidents Provisions;

Answer: B.
Explanation: Incidents – Plan, detect, record, contain, remove, recovery, report, review. Contract Provisions – Change management, availability, insurance, time usage, warranties, testing and reliability. Insurance – clear, accurately shows the complete cost for organization to recover.

14) How is called the business risks that can stop de business from performing essential business services, losing assets, and damage employees or property?
A. Business Continuity Disaster Recovery;
B. Business Continuity Planning;
C. Business Planning Disaster Recovery;
D. Business Disaster Recovery Continuity;
E. Business Disaster Recovery Planning.

Answer: A.
Explanation: Business Continuity Disaster Recovery; Business risks that can stop the business from performing essential business services, losing assets, damage, employees or property.

15) The idea of decreasing impact to business when there is a disruption effecting business critical functions or long term company goals, and to assemble all events that can impact the continuation of business if they were to occur, is a part of:
A. Business Continuity Disaster Recovery;
B. Business Planning Disaster Recovery;
C. Business Continuity Planning;
D. Business Disaster Planning;
E. Business Disaster Recovery;

Answer: C.
Explanation: Business Continuity Planning: Decrease impact to business when there is a disruption effecting business critical functions or long term company goals. All events that can impact the continuation of business if they were to occur.

16) When there is a disruption effecting business critical functions or long term company goals, all events that can impact the continuation of business must be regarded, if they were to occur; What should be done?
A. Increase impact to business;
B. Continue impact to business;
C. Plan impact to business;
D. Prevent impact to business;
E. Decrease impact to business;

Answer: E.
Explanation: Business Continuity Planning: Decrease impact to business when there is a disruption effecting business critical functions or long term company goals. All events that can impact the continuation of business if they were to occur.


17) Considering Business Continuity Planning, how to gather data to detail all events that can impact business operations?
A. Using network and security;
B. Using data and questionnaire;
C. Using data, network and security;
D. Using questionnaire and interviews;
E. Using interviews and security;

Answer: D.
Explanation: Use questionnaire and interviews to gather data to detail all events that can impact business operations.


18) Regarding the Risk Assessment, of what is most critical of being at risk if it were to fail, the entire business would fail. For that not to happen, what should be done?
A. Design the business authority and disaster recovery continuity;
B. Design the business continuity and disaster recovery authority;
C. Design the business continuity and disaster being at risk;
D. Design the business risk and most critical recovery policy;
E. Design the business continuity and disaster recovery policy;

Answer: E.
Explanation: Risk Assessment of what is most critical of being at risk if it were to fail, the entire business would fail. Design the business continuity and disaster recovery policy.

19) Senior management after analysis of data related to impact of the loss of a resource related to overall business functions, prioritizing which systems are most critical if they were to be affected are activities of:
A. Business Network Analysis;
B. Business Employees Analysis;
C. Business Impact Analysis;
D. Business Senior Analysis;
E. Business Data Related Analysis.

Answer: C.
Explanation: Business impact analysis – senior management after analysis of data related to impact of the loss of a resource related to overall business functions. Loss can be financial or human. Prioritize which systems are most critical if they were to be affected.

20) Regarding the Business Impact analysis, senior management after analysis of data relates it to the impact of the loss of a resource related to overall business functions. What kind of loss it can be?
A. System or human loss;
B. Financial or system loss;
C. Impact or system loss;
D. Human or impact loss;
E. Financial or human loss;

Answer: E.
Explanation: Business impact analysis – senior management after analysis of data related to impact of the loss of a resource related to overall business functions. Loss can be financial or human. Prioritize which systems are most critical if they were to be affected.