ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 08.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 08.09.2025
An IS auditor finds a segregation of duties issue in an enterprise resource planning (ERP) system.
Which of the following is the BEST way to prevent the misconfiguration from recurring?
- A . Monitoring access rights on a regular basis
- B . Referencing a standard user-access matrix
- C . Granting user access using a role-based model
- D . Correcting the segregation of duties conflicts
An IS auditor follows up on a recent security incident and finds the incident response was not adequate.
Which of the following findings should be considered MOST critical?
- A . The security weakness facilitating the attack was not identified.
- B . The attack was not automatically blocked by the intrusion detection system (IDS).
- C . The attack could not be traced back to the originating person.
- D . Appropriate response documentation was not maintained.
A source code repository should be designed to:
- A . prevent changes from being incorporated into existing code.
- B . provide secure versioning and backup capabilities for existing code.
- C . provide automatic incorporation and distribution of modified code.
Which of the following BEST mitigates the risk of SQL injection attacks against applications exposed to the internet?
- A . Web application firewall (WAF)
- B . SQL server hardening
- C . Patch management program
- D . SQL server physical controls
An IS audit manager is preparing the staffing plan for an audit engagement of a cloud service provider.
What should be the manager’s PRIMARY concern when being made aware that a new auditor in the department previously worked for this provider?
- A . Independence
- B . Professional conduct
- C . Subject matter expertise
- D . Resource availability
An organization’s strategy to source certain IT functions from a Software as a Service (SaaS) provider should be approved by the:
- A . chief financial officer (CFO).
- B . chief risk officer (CRO).
- C . IT steering committee.
- D . IT operations manager.
A finance department has a two-year project to upgrade the enterprise resource planning (ERP) system hosting the general ledger in year one the system version upgrade will be applied and in year two business processes will be updated to implement new system functionality.
Which of the following should be the PRIMARY focus of an IS auditor reviewing the second year of the implementation‘?
- A . Data migration
- B . Sociability testing
- C . User acceptance testing (UAT)
- D . Initial user access provisioning
During a new system implementation, an IS auditor has been assigned to review risk management at each milestone. The auditor finds that several risks to project benefits have not been addressed.
Who should be accountable for managing these risks?
- A . Enterprise risk manager
- B . Project sponsor
- C . Information security officer
- D . Project manager
During the walk-through procedures for an upcoming audit, an IS auditor notes that the key application in scope is part of a Software as a Service (SaaS) agreement.
What should the auditor do NEXT?
- A . Verify whether IT management monitors the effectiveness of the environment.
- B . Verify whether a right-to-audit clause exists.
- C . Verify whether a third-party security attestation exists.
- D . Verify whether service level agreements (SLAs) are defined and monitored.
How is nonrepudiation supported within a public key infrastructure (PKI) environment?
- A . Through the use of elliptical curve cryptography on transmitted messages
- B . Through the use of a certificate issued by a certificate authority (CA)
- C . Through the use of private keys to decrypt data received by a user
- D . Through the use of enterprise key management systems