1 | P a g e | © copyright 2024/2025 | Grade A+
Domain 2 ISACA Questions & 100%
Correct Answers
As results of profitability pressure, senior management of an enterprise decided to
keep investments in information security at an inadequate level, which of the
following is the BEST recommendation of an auditor? Request that the senior
management accept the risk
✓ :~~ Senior management determines resource allocations. Having
established that the level of security is inadequate, it is imperative that the
senior management accepts the risk resulting from their decisions.
To support an organizations goals, and IT department should have: long and short
term plans
✓ :~~ to ensure contribution to the realization of an organizations overall
goals, the IT department should have long and short term range plans that
are consistent with the organizations broader strategic plans for attaining its
goals.
Which of the following is the BEST reference for an auditor to determine a vendors
ability to meet SLA agreement requirements for a critical IT security service?
Agreed on key performance indicators
Master01 | September, 2024/2025 | Latest update
, 2 | P a g e | © copyright 2024/2025 | Grade A+
✓ :~~ KPI's are metrics that allow for a means to measure performance. SLAs
are statements related to an expected service level. For ex- an internet
service provider may guarantee that their service will be available 99% of
the time
- results of a BCP tests typically are included as part of due dilligance review
When implementing an IT governance framework in an organization the MOST
important objective is: IT alignment with business
✓ :~~ The goals of IT governance are to improve IT performance, deliver
optimum business value, and ensure regulatory compliance. The key
practice in support of these goals is the strategic alignment of IT with the
business. To achieve alignment, all other choices need to be tied to business
practices and strategies.
When reviewing the development of information security policies, the PRIMARY
focus of an auditor should be on assuring that these policies: strike a balance
between business and security requirements
✓ :~~ Because information security policies must be aligned with an
organizations business and security objectives, this is the primary focus of
the IS auditor when reviewing the development of information security
policies.
Master01 | September, 2024/2025 | Latest update
, 3 | P a g e | © copyright 2024/2025 | Grade A+
- its essential that the policies are approved; however, that is not the primary
focus during the development of the policies
Which of the following is responsible for the approval of an information security
policy? board of directors
✓ :~~ normally approval of an information systems security policy is the
responsibility of top management or the board of directors.
Which of the following is the most important element for the successful
implementation of IT governance? identifying organizational strategies
✓ :~~ The key objective of an IT governance program is to support the
business; therefore, the identification of organizations strategies is
necessary to ensure alignment between IT and corporate governance.
Without identification of organizational strategies the other choices would
be ineffective.
- a formal sec policy is a key part of sec program implementation, but even the
policy must be based on organizational strategies.
By evaluating application development projects against the capability maturity
model, an auditor should be able to verify that: predictable software processes are
followed
Master01 | September, 2024/2025 | Latest update
Domain 2 ISACA Questions & 100%
Correct Answers
As results of profitability pressure, senior management of an enterprise decided to
keep investments in information security at an inadequate level, which of the
following is the BEST recommendation of an auditor? Request that the senior
management accept the risk
✓ :~~ Senior management determines resource allocations. Having
established that the level of security is inadequate, it is imperative that the
senior management accepts the risk resulting from their decisions.
To support an organizations goals, and IT department should have: long and short
term plans
✓ :~~ to ensure contribution to the realization of an organizations overall
goals, the IT department should have long and short term range plans that
are consistent with the organizations broader strategic plans for attaining its
goals.
Which of the following is the BEST reference for an auditor to determine a vendors
ability to meet SLA agreement requirements for a critical IT security service?
Agreed on key performance indicators
Master01 | September, 2024/2025 | Latest update
, 2 | P a g e | © copyright 2024/2025 | Grade A+
✓ :~~ KPI's are metrics that allow for a means to measure performance. SLAs
are statements related to an expected service level. For ex- an internet
service provider may guarantee that their service will be available 99% of
the time
- results of a BCP tests typically are included as part of due dilligance review
When implementing an IT governance framework in an organization the MOST
important objective is: IT alignment with business
✓ :~~ The goals of IT governance are to improve IT performance, deliver
optimum business value, and ensure regulatory compliance. The key
practice in support of these goals is the strategic alignment of IT with the
business. To achieve alignment, all other choices need to be tied to business
practices and strategies.
When reviewing the development of information security policies, the PRIMARY
focus of an auditor should be on assuring that these policies: strike a balance
between business and security requirements
✓ :~~ Because information security policies must be aligned with an
organizations business and security objectives, this is the primary focus of
the IS auditor when reviewing the development of information security
policies.
Master01 | September, 2024/2025 | Latest update
, 3 | P a g e | © copyright 2024/2025 | Grade A+
- its essential that the policies are approved; however, that is not the primary
focus during the development of the policies
Which of the following is responsible for the approval of an information security
policy? board of directors
✓ :~~ normally approval of an information systems security policy is the
responsibility of top management or the board of directors.
Which of the following is the most important element for the successful
implementation of IT governance? identifying organizational strategies
✓ :~~ The key objective of an IT governance program is to support the
business; therefore, the identification of organizations strategies is
necessary to ensure alignment between IT and corporate governance.
Without identification of organizational strategies the other choices would
be ineffective.
- a formal sec policy is a key part of sec program implementation, but even the
policy must be based on organizational strategies.
By evaluating application development projects against the capability maturity
model, an auditor should be able to verify that: predictable software processes are
followed
Master01 | September, 2024/2025 | Latest update
