ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 07.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 07.09.2025
The PRIMARY benefit of information asset classification is that it:
- A . prevents loss of assets.
- B . helps to align organizational objectives.
- C . facilitates budgeting accuracy.
- D . enables risk management decisions.
Which of the following BEST protects an organization’s proprietary code during a joint-development activity involving a third party?
- A . Statement of work (SOW)
- B . Nondisclosure agreement (NDA)
- C . Service level agreement (SLA)
- D . Privacy agreement
An IS auditor is assessing backup performance and observes that the system administrator manually initiates backups during unexpected peak usage.
Which of the following is the auditor’s BEST course of action?
- A . Review separation of duties documentation.
- B . Verify the load balancer configuration.
- C . Recommend using cloud-based backups.
- D . Inspect logs to verify timely execution of backups.
Which of the following is the MOST important activity in the data classification process?
- A . Labeling the data appropriately
- B . Identifying risk associated with the data
- C . Determining accountability of data owners
- D . Determining the adequacy of privacy controls
Following a merger, a review of an international organization determines the IT steering committee’s decisions do not extend to regional offices as required in the consolidated IT operating model.
Which of the following is the IS auditor’s BEST recommendation?
- A . Create regional centers of excellence.
- B . Engage an IT governance consultant.
- C . Create regional IT steering committees.
- D . Update the IT steering committee’s formal charter.
Which of the following is the PRIMARY basis on which audit objectives are established?
- A . Audit risk
- B . Consideration of risks
- C . Assessment of prior audits
- D . Business strategy
Which of the following is the PRIMARY reason for an IS auditor to conduct post-implementation reviews?
- A . To determine whether project objectives in the business case have been achieved
- B . To ensure key stakeholder sign-off has been obtained
- C . To align project objectives with business needs
- D . To document lessons learned to improve future project delivery
A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification.
Which of the following is the IS auditor’s BEST recommendation to facilitate compliance with the regulation?
- A . Include the requirement in the incident management response plan.
- B . Establish key performance indicators (KPIs) for timely identification of security incidents.
- C . Enhance the alert functionality of the intrusion detection system (IDS).
- D . Engage an external security incident response expert for incident handling.
A secure server room has a badge reader system that records name, date, and time information whenever a staff member uses a badge to enter or exit. When reviewing the system logs, an IS auditor notices records for some employees entering, but not exiting, the room.
Which of the following would be the MOST effective compensating control to recommend?
- A . Installing security cameras at the doors
- B . Changing to a biometric access control system
- C . Implementing a monitored mantrap at entrance and exit points
- D . Requiring two-factor authentication at entrance and exit points
Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?
- A . Assignment of responsibility for each project to an IT team member
- B . Adherence to best practice and industry approved methodologies
- C . Controls to minimize risk and maximize value for the IT portfolio
- D . Frequency of meetings where the business discusses the IT portfolio