ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 08.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 08.09.2025
Which of the following should be of MOST concern to an IS auditor reviewing an organization’s operational log management?
- A . Log file size has grown year over year.
- B . Critical events are being logged to immutable log files.
- C . Applications are logging events into multiple log files.
- D . Data formats have not been standardized across all logs.
Management has requested a post-implementation review of a newly implemented purchasing package to determine to what extent business requirements are being met.
Which of the following is MOST likely to be assessed?
- A . Purchasing guidelines and policies
- B . Implementation methodology
- C . Results of line processing
- D . Test results
Which of the following is the BEST reason to implement a data retention policy?
- A . To establish a recovery point objective (RPO) for disaster recovery procedures
- B . To limit the liability associated with storing and protecting information
- C . To document business objectives for processing data within the organization
- D . To assign responsibility and ownership for data protection outside IT
An IS auditor is reviewing how password resets are performed for users working remotely.
Which type of documentation should be requested to understand the detailed steps required for this activity?
- A . Standards
- B . Guidelines
- C . Policies
- D . Procedures
Which of the following methods BEST enforces data leakage prevention in a multi-tenant cloud environment?
- A . Monitoring tools are configured to alert in case of downtime
- B . A comprehensive security review is performed every quarter.
- C . Data for different tenants is segregated by database schema
- D . Tenants are required to implement data classification polices
Which type of review is MOST important to conduct when an IS auditor is informed that a recent internal exploitation of a bug has been discovered in a business application?
- A . Penetration testing
- B . Application security testing
- C . Forensic audit
- D . Server security audit
An IS auditor found that operations personnel failed to run a script contributing to year-end financial statements.
Which of the following is the BEST recommendation?
- A . Retrain operations personnel.
- B . Implement a closing checklist.
- C . Update the operations manual.
- D . Bring staff with financial experience into operations.
Which of the following BEST indicates the effectiveness of an organization’s risk management program?
- A . Inherent risk is eliminated.
- B . Residual risk is minimized.
- C . Control risk is minimized.
- D . Overall risk is quantified.
Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?
- A . Background checks
- B . User awareness training
- C . Transaction log review
- D . Mandatory holidays
Which of the following would BEST help to ensure that potential security issues are considered by the development team as part of incremental changes to agile-developed software?
- A . Assign the security risk analysis to a specially trained member of the project management office.
- B . Deploy changes in a controlled environment and observe for security defects.
- C . Include a mandatory step to analyze the security impact when making changes.
- D . Mandate that the change analyses are documented in a standard format.