ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 08.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 08.09.2025
What is the GREATEST concern for an IS auditor reviewing contracts for licensed software that executes a critical business process?
- A . The contract does not contain a right-to-audit clause.
- B . An operational level agreement (OLA) was not negotiated.
- C . Several vendor deliverables missed the commitment date.
- D . Software escrow was not negotiated.
An IS auditor is reviewing a network diagram.
Which of the following would be the BEST location for placement of a firewall?
- A . Between each host and the local network switch/hub
- B . Between virtual local area networks (VLANs)
- C . Inside the demilitarized zone (DMZ)
- D . At borders of network segments with different security levels
Which of the following is the MOST important responsibility of data owners when implementing a data classification process?
- A . Reviewing emergency changes to data
- B . Authorizing application code changes
- C . Determining appropriate user access levels
- D . Implementing access rules over database tables
An IS auditor is planning an audit of an organization’s accounts payable processes.
Which of the following controls is MOST important to assess in the audit?
- A . Segregation of duties between issuing purchase orders and making payments.
- B . Segregation of duties between receiving invoices and setting authorization limits
- C . Management review and approval of authorization tiers
- D . Management review and approval of purchase orders
Which of the following BEST indicates that an incident management process is effective?
- A . Decreased number of calls to the help desk
- B . Decreased time for incident resolution
- C . Increased number of incidents reviewed by IT management
- D . Increased number of reported critical incidents
Which of the following is the BEST testing approach to facilitate rapid identification of application interface errors?
- A . Integration testing
- B . Regression testing
- C . Automated testing
- D . User acceptance testing (UAT)
When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor’s BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:
- A . the organization’s network.
- B . the demilitarized zone (DMZ).
- C . the Internet.
- D . the organization’s web server.
Which of the following tests would provide the BEST assurance that a health care organization is handling patient data appropriately?
- A . Compliance with action plans resulting from recent audits
- B . Compliance with local laws and regulations
- C . Compliance with industry standards and best practice
- D . Compliance with the organization’s policies and procedures
An IS auditor learns a server administration team regularly applies workarounds to address repeated failures of critical data processing services.
Which of the following would BEST enable the organization to resolve this issue?
- A . Problem management
- B . Incident management
- C . Service level management
- D . Change management
Which of the following is the BEST approach for determining the overall IT risk appetite of an organization when business units use different methods for managing IT risks?
- A . Average the business units’ IT risk levels
- B . Identify the highest-rated IT risk level among the business units
- C . Prioritize the organization’s IT risk scenarios
- D . Establish a global IT risk scoring criteria