CISA Questions (101-200) With Correct
And Verified Answers
Sharing vrisk vis va vkey vfactor vin vwhich vof vthe vfollowing vmethods vof vmanaging vrisk?
Select van vanswer:
A. v
Transferring vrisk
B. v
Tolerating vrisk
C. v
Terminating vrisk
D. v
Treating vrisk v- vCORRECT✅✅CORRECT vA. vTransferring vrisk v(e.g., vby vtaking van
vinsurance vpolicy) vis va vway vto vshare vrisk.
B. vTolerating vrisk vmeans vthat vthe vrisk vis vaccepted, vbut vnot vshared.
C. vTerminating vrisk vwould vnot vinvolve vsharing vthe vrisk vbecause vthe vorganization
vhas vchosen vto vterminate vthe vprocess vassociated vwith vthe vrisk.
D. vThere vare vseveral vways vof vtreating vor vcontrolling vthe vrisk, vwhich vmay vinvolve
vreducing vor vsharing vthe vrisk, vbut vthis vis vnot vas vprecise van vanswer vas vtransferring
vthe vrisk.
The vMOST vlikely veffect vof vthe vlack vof vsenior vmanagement vcommitment vto vIT
vstrategic vplanning vis:
Select van vanswer:
A. v
a vlack vof vinvestment vin vtechnology.
B. v
a vlack vof va vmethodology vfor vsystems vdevelopment.
C. v
technology vnot valigning vwith vorganization vobjectives.
D. v
,an vabsence vof vcontrol vover vtechnology vcontracts. v- vCORRECT✅✅A. vLack vof
vmanagement vcommitment vwill valmost vcertainly vaffect vinvestment, vbut vthe vprimary
vloss vwill vbe vthe vlack vof valignment vof vIT vstrategy vwith vthe vstrategy vof vthe
vbusiness.
B. vSystems vdevelopment vmethodology vis va vprocess-related vfunction vand vnot va vkey
vconcern vof vmanagement.
CORRECT vC. vA vsteering vcommittee vshould vexist vto vensure vthat vthe vIT vstrategies
vsupport vthe vorganization's vgoals. vThe vabsence vof van vinformation vtechnology
vcommittee vor va vcommittee vnot vcomposed vof vsenior vmanagers vwould vbe van
vindication vof va vlack vof vtop-level vmanagement vcommitment. vThis vcondition vwould
vincrease vthe vrisk vthat vIT vwould vnot vbe valigned vwith vorganization vstrategy.
D. vApproval vfor vcontracts vis va vbusiness vprocess vand vwould vbe vcontrolled vthrough
vfinancial vprocess vcontrols. vThis vis vnot vapplicable vhere.
Which vof vthe vfollowing vis va vfunction vof van vIT vsteering vcommittee?
Select van vanswer:
A. v
Monitoring vvendor-controlled vchange vcontrol vand vtesting
B. v
Ensuring va vseparation vof vduties vwithin vthe vinformation's vprocessing venvironment
C. v
Approving vand vmonitoring vmajor vprojects, vsuch vas vthe vstatus vof vIT vplans vand
vbudgets
D. v
Liaising vbetween vthe vIT vdepartment vand vend vusers v- vCORRECT✅✅A. vVendor
vchange vcontrol vis va vsourcing vissue vand vshould vbe vmonitored vby vIT vmanagement.
B. vEnsuring va vseparation vof vduties vwithin vthe vinformation's vprocessing venvironment
vis van vIT vmanagement vresponsibility.
CORRECT vC. vThe vIT vsteering vcommittee vtypically vserves vas va vgeneral vreview
vboard vfor vmajor vIT vprojects vand vshould vnot vbecome vinvolved vin vroutine
voperations; vtherefore, vone vof vits vfunctions vis vto vapprove vand vmonitor vmajor
vprojects, vsuch vas vthe vstatus vof vIT vplans vand vbudgets.
D. vLiaising vbetween vthe vIT vdepartment vand vend vusers vis va vfunction vof vthe
vindividual vparties vand vnot va vcommittee vresponsibility.
An vIT vsteering vcommittee vshould:
,Select van vanswer:
A. v
include va vmix vof vmembers vfrom vdifferent vdepartments vand vstaff vlevels.
B. v
ensure vthat vIS vsecurity vpolicies vand vprocedures vhave vbeen vexecuted vproperly.
C. v
maintain vminutes vof vits vmeetings vand vkeep vthe vboard vof vdirectors vinformed.
D. v
be vbriefed vabout vnew vtrends vand vproducts vat veach vmeeting vby va vvendor. v-
vCORRECT✅✅A. vOnly vsenior vmanagement vor vhigh-level vstaff vmembers vshould
vbe von vthis vcommittee vbecause vof vits vstrategic vmission.
B. vEnsuring vthat vinformation vsecurity vpolicies vand vprocedures vhave vbeen vexecuted
vproperly vis vnot va vresponsibility vof vthis vcommittee, vbut vthe vresponsibility vof vIT
vmanagement vand vthe vsecurity vadministrator.
CORRECT vC. vIt vis vimportant vto vkeep vdetailed vIT vsteering vcommittee vminutes vto
vdocument vthe vdecisions vand vactivities vof vthe vIT vsteering vcommittee, vand vthe
vboard vof vdirectors vshould vbe vinformed vabout vthose vdecisions von va vtimely vbasis.
D. vA vvendor vshould vbe vinvited vto vmeetings vonly vwhen vappropriate.
IT vgovernance vis vPRIMARILY vthe vresponsibility vof vthe:
Select van vanswer:
A. v
chief vexecutive vofficer v(CEO).
B. v
board vof vdirectors.
C. v
IT vsteering vcommittee.
D. v
audit vcommittee. v- vCORRECT✅✅A. vThe vchief vexecutive vofficer v(CEO) vis
vinstrumental vin vimplementing vIT vgovernance vaccording vto vthe vdirections vof vthe
vboard vof vdirectors.
CORRECT vB. vIT vgovernance vis vprimarily vthe vresponsibility vof vthe vexecutives vand
vshareholders v(as vrepresented vby vthe vboard vof vdirectors).
, C. vThe vIT vsteering vcommittee vmonitors vand vfacilitates vdeployment vof vIT vresources
vfor vspecific vprojects vin vsupport vof vbusiness vplans. vThe vIT vsteering vcommittee
venforces vgovernance von vbehalf vof vthe vboard vof vdirectors.
D. vThe vaudit vcommittee vreports vto vthe vboard vof vdirectors vand vexecutes
vgovernance-related vaudits. vThe vaudit vcommittee vshould vmonitor vthe
vimplementation vof vaudit vrecommendations.
An vIS vauditor vreviewing vthe vIT vorganization vwould vbe vMOST vconcerned vif vthe vIT
vsteering vcommittee:
Select van vanswer:
A. v
is vresponsible vfor vproject vapproval vand vprioritization.
B. v
is vresponsible vfor vdeveloping vthe vlong-term vIT vplan.
C. v
reports vthe vstatus vof vIT vprojects vto vthe vboard vof vdirectors.
D. v
is vresponsible vfor vdetermining vbusiness vgoals. v- vCORRECT✅✅A. vThe vIT vsteering
vcommittee vis vresponsible vfor vproject vapproval vand vprioritization.
B. vThe vIT vsteering vcommittee vis vresponsible vfor voversight vof vthe vdevelopment vof
vthe vlong-term vIT vplan.
C. vThe vIT vsteering vcommittee vadvises vthe vboard vof vdirectors von vthe vstatus vof
vdevelopments vin vIT.
CORRECT vD. vDetermining vthe vbusiness vgoals vis vthe vresponsibility vof vsenior
vmanagement vand vnot vof vthe vIT vsteering vcommittee. vIT vshould vsupport vbusiness
vgoals vand vbe vdriven vby vthe vbusiness—not vthe vother vway varound
As van voutcome vof vinformation vsecurity vgovernance, vstrategic valignment vprovides:
Select van vanswer:
A. v
security vrequirements vdriven vby venterprise vrequirements.
B. v
baseline vsecurity vfollowing vgood vpractices.
C. v
institutionalized vand vcommoditized vsolutions.
And Verified Answers
Sharing vrisk vis va vkey vfactor vin vwhich vof vthe vfollowing vmethods vof vmanaging vrisk?
Select van vanswer:
A. v
Transferring vrisk
B. v
Tolerating vrisk
C. v
Terminating vrisk
D. v
Treating vrisk v- vCORRECT✅✅CORRECT vA. vTransferring vrisk v(e.g., vby vtaking van
vinsurance vpolicy) vis va vway vto vshare vrisk.
B. vTolerating vrisk vmeans vthat vthe vrisk vis vaccepted, vbut vnot vshared.
C. vTerminating vrisk vwould vnot vinvolve vsharing vthe vrisk vbecause vthe vorganization
vhas vchosen vto vterminate vthe vprocess vassociated vwith vthe vrisk.
D. vThere vare vseveral vways vof vtreating vor vcontrolling vthe vrisk, vwhich vmay vinvolve
vreducing vor vsharing vthe vrisk, vbut vthis vis vnot vas vprecise van vanswer vas vtransferring
vthe vrisk.
The vMOST vlikely veffect vof vthe vlack vof vsenior vmanagement vcommitment vto vIT
vstrategic vplanning vis:
Select van vanswer:
A. v
a vlack vof vinvestment vin vtechnology.
B. v
a vlack vof va vmethodology vfor vsystems vdevelopment.
C. v
technology vnot valigning vwith vorganization vobjectives.
D. v
,an vabsence vof vcontrol vover vtechnology vcontracts. v- vCORRECT✅✅A. vLack vof
vmanagement vcommitment vwill valmost vcertainly vaffect vinvestment, vbut vthe vprimary
vloss vwill vbe vthe vlack vof valignment vof vIT vstrategy vwith vthe vstrategy vof vthe
vbusiness.
B. vSystems vdevelopment vmethodology vis va vprocess-related vfunction vand vnot va vkey
vconcern vof vmanagement.
CORRECT vC. vA vsteering vcommittee vshould vexist vto vensure vthat vthe vIT vstrategies
vsupport vthe vorganization's vgoals. vThe vabsence vof van vinformation vtechnology
vcommittee vor va vcommittee vnot vcomposed vof vsenior vmanagers vwould vbe van
vindication vof va vlack vof vtop-level vmanagement vcommitment. vThis vcondition vwould
vincrease vthe vrisk vthat vIT vwould vnot vbe valigned vwith vorganization vstrategy.
D. vApproval vfor vcontracts vis va vbusiness vprocess vand vwould vbe vcontrolled vthrough
vfinancial vprocess vcontrols. vThis vis vnot vapplicable vhere.
Which vof vthe vfollowing vis va vfunction vof van vIT vsteering vcommittee?
Select van vanswer:
A. v
Monitoring vvendor-controlled vchange vcontrol vand vtesting
B. v
Ensuring va vseparation vof vduties vwithin vthe vinformation's vprocessing venvironment
C. v
Approving vand vmonitoring vmajor vprojects, vsuch vas vthe vstatus vof vIT vplans vand
vbudgets
D. v
Liaising vbetween vthe vIT vdepartment vand vend vusers v- vCORRECT✅✅A. vVendor
vchange vcontrol vis va vsourcing vissue vand vshould vbe vmonitored vby vIT vmanagement.
B. vEnsuring va vseparation vof vduties vwithin vthe vinformation's vprocessing venvironment
vis van vIT vmanagement vresponsibility.
CORRECT vC. vThe vIT vsteering vcommittee vtypically vserves vas va vgeneral vreview
vboard vfor vmajor vIT vprojects vand vshould vnot vbecome vinvolved vin vroutine
voperations; vtherefore, vone vof vits vfunctions vis vto vapprove vand vmonitor vmajor
vprojects, vsuch vas vthe vstatus vof vIT vplans vand vbudgets.
D. vLiaising vbetween vthe vIT vdepartment vand vend vusers vis va vfunction vof vthe
vindividual vparties vand vnot va vcommittee vresponsibility.
An vIT vsteering vcommittee vshould:
,Select van vanswer:
A. v
include va vmix vof vmembers vfrom vdifferent vdepartments vand vstaff vlevels.
B. v
ensure vthat vIS vsecurity vpolicies vand vprocedures vhave vbeen vexecuted vproperly.
C. v
maintain vminutes vof vits vmeetings vand vkeep vthe vboard vof vdirectors vinformed.
D. v
be vbriefed vabout vnew vtrends vand vproducts vat veach vmeeting vby va vvendor. v-
vCORRECT✅✅A. vOnly vsenior vmanagement vor vhigh-level vstaff vmembers vshould
vbe von vthis vcommittee vbecause vof vits vstrategic vmission.
B. vEnsuring vthat vinformation vsecurity vpolicies vand vprocedures vhave vbeen vexecuted
vproperly vis vnot va vresponsibility vof vthis vcommittee, vbut vthe vresponsibility vof vIT
vmanagement vand vthe vsecurity vadministrator.
CORRECT vC. vIt vis vimportant vto vkeep vdetailed vIT vsteering vcommittee vminutes vto
vdocument vthe vdecisions vand vactivities vof vthe vIT vsteering vcommittee, vand vthe
vboard vof vdirectors vshould vbe vinformed vabout vthose vdecisions von va vtimely vbasis.
D. vA vvendor vshould vbe vinvited vto vmeetings vonly vwhen vappropriate.
IT vgovernance vis vPRIMARILY vthe vresponsibility vof vthe:
Select van vanswer:
A. v
chief vexecutive vofficer v(CEO).
B. v
board vof vdirectors.
C. v
IT vsteering vcommittee.
D. v
audit vcommittee. v- vCORRECT✅✅A. vThe vchief vexecutive vofficer v(CEO) vis
vinstrumental vin vimplementing vIT vgovernance vaccording vto vthe vdirections vof vthe
vboard vof vdirectors.
CORRECT vB. vIT vgovernance vis vprimarily vthe vresponsibility vof vthe vexecutives vand
vshareholders v(as vrepresented vby vthe vboard vof vdirectors).
, C. vThe vIT vsteering vcommittee vmonitors vand vfacilitates vdeployment vof vIT vresources
vfor vspecific vprojects vin vsupport vof vbusiness vplans. vThe vIT vsteering vcommittee
venforces vgovernance von vbehalf vof vthe vboard vof vdirectors.
D. vThe vaudit vcommittee vreports vto vthe vboard vof vdirectors vand vexecutes
vgovernance-related vaudits. vThe vaudit vcommittee vshould vmonitor vthe
vimplementation vof vaudit vrecommendations.
An vIS vauditor vreviewing vthe vIT vorganization vwould vbe vMOST vconcerned vif vthe vIT
vsteering vcommittee:
Select van vanswer:
A. v
is vresponsible vfor vproject vapproval vand vprioritization.
B. v
is vresponsible vfor vdeveloping vthe vlong-term vIT vplan.
C. v
reports vthe vstatus vof vIT vprojects vto vthe vboard vof vdirectors.
D. v
is vresponsible vfor vdetermining vbusiness vgoals. v- vCORRECT✅✅A. vThe vIT vsteering
vcommittee vis vresponsible vfor vproject vapproval vand vprioritization.
B. vThe vIT vsteering vcommittee vis vresponsible vfor voversight vof vthe vdevelopment vof
vthe vlong-term vIT vplan.
C. vThe vIT vsteering vcommittee vadvises vthe vboard vof vdirectors von vthe vstatus vof
vdevelopments vin vIT.
CORRECT vD. vDetermining vthe vbusiness vgoals vis vthe vresponsibility vof vsenior
vmanagement vand vnot vof vthe vIT vsteering vcommittee. vIT vshould vsupport vbusiness
vgoals vand vbe vdriven vby vthe vbusiness—not vthe vother vway varound
As van voutcome vof vinformation vsecurity vgovernance, vstrategic valignment vprovides:
Select van vanswer:
A. v
security vrequirements vdriven vby venterprise vrequirements.
B. v
baseline vsecurity vfollowing vgood vpractices.
C. v
institutionalized vand vcommoditized vsolutions.
