CISA Exam - Free Sample Questions & Answers
Preparing for the CISA exam is simple with Certs Blitz. We offer easy-to-understand study materials that help you learn the most important exam topics. You can study using our PDF questions, practice online with a real exam-style test, or use the desktop practice software. Choose the study method that works best for you and prepare at your own pace.
At Certs Blitz, we keep our CISA practice questions up to date. Whenever the exam syllabus or objectives change, we update our study materials so you always learn the latest topics. This helps you save time, avoid outdated content, and feel more confident when you take your exam.
Which of the following BEST helps to determine an organization’s data availability approach in the event of a disaster?
Correct Answer: B
The correct answer is B. Recovery point objective (RPO).
RPO is the best answer because the question focuses on data availability. RPO defines the point in time to which data must be recoverable after a disruption. In practical terms, it determines how much data loss the organization can tolerate and therefore influences the data backup, replication, synchronization, and recovery approach.
ISACA’s contingency planning guidance states that RPO represents the point in time before a disruption to which business process data can be recovered, based on the most recent backup copy. ISACA also explains that RPO is a factor of how much data loss the mission or business process can tolerate during recovery.
Option A is not the best answer because MTO addresses how long a critical function or system can be disrupted before significant harm occurs. It is more focused on outage duration than data currency. Option C is not the best answer because cost-benefit analysis helps choose among recovery options, but it does not define the data recovery requirement. Option D is not the best answer because SDO refers to the level of service required during alternate processing until normal operations are restored. ISACA’s glossary distinguishes MTO and SDO from RPO.
This question maps to Information Systems Operations and Business Resilience, because ISACA’s CISA Exam Content Outline includes business continuity, disaster recovery, data backup, storage, and restoration under Domain 4.
Which of the following is the BEST detective control for a job scheduling process involving data transmission?
Correct Answer: D
The best detective control for a job scheduling process involving data transmission is job failure alerts that are automatically generated and routed to support personnel. Job failure alerts are notifications that indicate when a scheduled job or task fails to execute or complete successfully, such as due to errors, interruptions, or delays. Job failure alerts can help detect and correct any issues or anomalies in the job scheduling process involving data transmission by informing and alerting the support personnel who can investigate and resolve the problem. The other options are not as effective as job failure alerts in detecting issues or anomalies in the job scheduling process involving data transmission, as they do not provide timely or specific information or feedback. Metrics denoting the volume of monthly job failures are reported and reviewed by senior management is a reporting technique that can help measure and improve the performance and reliability of the job scheduling process, but it does not provide immediate or detailed information on individual job failures. Jobs are scheduled to be completed daily and data is transmitted using a Secure File Transfer Protocol (SFTP) is a preventive control that can help ensure the timeliness and security of the job scheduling process involving data transmission, but it does not detect any issues or anomalies that may occur during the process. Jobs are scheduled and a log of this activity is retained for subsequent review is a logging technique that can help record and track the status and results of the job scheduling process involving data transmission, but it does not provide real-time or proactive information on job failures. References: CISA Review Manual (Digital Version), Chapter 3, Section 3.2