CISA Exam Dumps - Certified Information Systems Auditor

Aligning IT strategy with business strategy primarily helps an organization to optimize investments in IT. This is because alignment ensures that IT resources and capabilities are aligned with the business goals and priorities, and that IT delivers value to the business in terms of efficiency, effectiveness, innovation, and competitive advantage12. By aligning IT strategy with business strategy, an organization can avoid wasting money and time on IT projects or services that do not support or contribute to the business outcomes3. Alignment also helps to identify and prioritize the most critical and valuable IT initiatives that can create or optimize business value4.

Therefore, the correct answer to your question is A. optimize investments in IT.

Sending a copy of the transaction logs to offsite storage on a daily basis would minimize the risk of losing transactions as a result of a disaster. This is because offsite storage provides a backup of the data that can be recovered in case of a catastrophic event that destroys or damages the onsite data. Storing a copy of the transaction logs onsite in a fireproof vault (B) would not protect the data from other types of disasters, such as floods, earthquakes, or theft. Encrypting © or signing (D) a copy of the transaction logs and storing them on a local server would not prevent the loss of data if the server is affected by the disaster. Encryption and digital signatures are security measures that protect the confidentiality and integrity of the data, but not the availability.

The most effective way for controlling visitor access to a data center is to ensure that visitors are escorted by an authorized employee, as this prevents unauthorized or malicious actions by the visitors and provides accountability and supervision. Pre-approval of entry requests, visitors signingin at the front desk upon arrival, and closed-circuit television (CCTV) are also useful measures, but they are not as effective as escorting visitors, as theydo not prevent or detect unauthorized or malicious actions by the visitors in real time. References: CISA Review Manual (Digital Version), Chapter 5: Protection of Information Assets, Section 5.1: Physical Access Controls1

 An organization’s audit charter primarily describes the auditors’ authority to conduct audits. The audit charter is a formal document that defines the purpose, scope, responsibilities, and reporting relationships of the internal audit function. It also establishes the auditors’ right of access to information, records, personnel, and physical properties relevant to their work. The audit charter provides the basis for the auditors’ independence and accountability to the governing body and senior management. 

 The finding that should be of greatest concern to an IS auditor assessing the effectiveness of an organization’s vulnerability scanning program is that results are not reported to individuals with authority to ensure resolution. This indicates a lack of accountability and communication for vulnerability management, which may result in unresolved or delayed remediation of identified vulnerabilities. This may expose the organization to increased risk of cyberattacks or breaches. The other findings are also concerning, but not as much as this one, because they may affect the completeness, accuracy or timeliness of the vulnerability scanning process, but not necessarily its effectiveness. References:

ISACA, CISA Review Manual, 27th Edition, chapter 4, section 4.41

ISACA, COBIT 2019 Framework: Introduction and Methodology, section 3.2