Domain 2 ISACA Questions & 100% Correct Answers

1 | P a g e | © copyright 2024/2025 | Grade A+




Domain 2 ISACA Questions & 100%
Correct Answers
As results of profitability pressure, senior management of an enterprise decided to

keep investments in information security at an inadequate level, which of the

following is the BEST recommendation of an auditor? Request that the senior

management accept the risk

✓ :~~ Senior management determines resource allocations. Having

established that the level of security is inadequate, it is imperative that the

senior management accepts the risk resulting from their decisions.




To support an organizations goals, and IT department should have: long and short

term plans

✓ :~~ to ensure contribution to the realization of an organizations overall

goals, the IT department should have long and short term range plans that

are consistent with the organizations broader strategic plans for attaining its

goals.




Which of the following is the BEST reference for an auditor to determine a vendors

ability to meet SLA agreement requirements for a critical IT security service?

Agreed on key performance indicators




Master01 | September, 2024/2025 | Latest update

, 2 | P a g e | © copyright 2024/2025 | Grade A+


✓ :~~ KPI's are metrics that allow for a means to measure performance. SLAs

are statements related to an expected service level. For ex- an internet

service provider may guarantee that their service will be available 99% of

the time




- results of a BCP tests typically are included as part of due dilligance review




When implementing an IT governance framework in an organization the MOST

important objective is: IT alignment with business

✓ :~~ The goals of IT governance are to improve IT performance, deliver

optimum business value, and ensure regulatory compliance. The key

practice in support of these goals is the strategic alignment of IT with the

business. To achieve alignment, all other choices need to be tied to business

practices and strategies.




When reviewing the development of information security policies, the PRIMARY

focus of an auditor should be on assuring that these policies: strike a balance

between business and security requirements


✓ :~~ Because information security policies must be aligned with an

organizations business and security objectives, this is the primary focus of

the IS auditor when reviewing the development of information security

policies.




Master01 | September, 2024/2025 | Latest update

, 3 | P a g e | © copyright 2024/2025 | Grade A+


- its essential that the policies are approved; however, that is not the primary

focus during the development of the policies




Which of the following is responsible for the approval of an information security

policy? board of directors

✓ :~~ normally approval of an information systems security policy is the

responsibility of top management or the board of directors.




Which of the following is the most important element for the successful

implementation of IT governance? identifying organizational strategies

✓ :~~ The key objective of an IT governance program is to support the

business; therefore, the identification of organizations strategies is

necessary to ensure alignment between IT and corporate governance.

Without identification of organizational strategies the other choices would

be ineffective.




- a formal sec policy is a key part of sec program implementation, but even the

policy must be based on organizational strategies.




By evaluating application development projects against the capability maturity

model, an auditor should be able to verify that: predictable software processes are

followed




Master01 | September, 2024/2025 | Latest update