ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 08.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 08.09.2025
When planning an audit to assess application controls of a cloud-based system, it is MOST important tor the IS auditor to understand the.
- A . architecture and cloud environment of the system.
- B . business process supported by the system.
- C . policies and procedures of the business area being audited.
- D . availability reports associated with the cloud-based system.
Which of the following should be the GREATEST concern to an IS auditor reviewing the information security framework of an organization?
- A . The information security policy has not been updated in the last two years.
- B . Senior management was not involved in the development of the information security policy.
- C . A list of critical information assets was not included in the information security policy.
- D . The information security policy is not aligned with regulatory requirements.
Which of the following would be an appropriate rote of internal audit in helping to establish an organization’s privacy program?
- A . Analyzing risks posed by new regulations
- B . Designing controls to protect personal data
- C . Defining roles within the organization related to privacy
- D . Developing procedures to monitor the use of personal data
Which of the following findings would be of GREATEST concern to an IS auditor reviewing the security architecture of an organization that has just implemented a Zero Trust solution?
- A . An increase in security-related costs
- B . User complaints about the new mode of working
- C . An increase in user identification errors
- D . A noticeable drop in the performance of IT systems
During a closing meeting, the IT manager disagrees with a valid audit finding presented by the IS auditor and requests the finding be excluded from the final report.
Which of the following is the auditor’s BEST course of action?
- A . Request that the IT manager be removed from the remaining meetings and future audits.
- B . Modify the finding to include the IT manager’s comments and inform the audit manager of the changes.
- C . Remove the finding from the report and continue presenting the remaining findings.
- D . Provide the evidence which supports the finding and keep the finding in the report.
Which of the following is the MOST efficient way to identify segregation of duties violations in a new system?
- A . Review a report of security rights in the system.
- B . Observe the performance of business processes.
- C . Develop a process to identify authorization conflicts.
- D . Examine recent system access rights violations.
What is the MAIN reason to use incremental backups?
- A . To improve key availability metrics
- B . To reduce costs associates with backups
- C . To increase backup resiliency and redundancy
- D . To minimize the backup time and resources
An IS auditor has found that a vendor has gone out of business and the escrow has an older version of the source code.
What is the auditor’s BEST recommendation for the organization?
- A . Analyze a new application that moots the current re
- B . Perform an analysis to determine the business risk
- C . Bring the escrow version up to date.
- D . Develop a maintenance plan to support the application using the existing code
Which of the following poses the GREATEST risk to an organization related to system interfaces?
- A . There is no process documentation for some system interfaces.
- B . Notifications of data transfers through the interfaces are not retained.
- C . Parts of the data transfer process are performed manually.
- D . There is no reliable inventory of system interfaces.
When designing metrics for information security, the MOST important consideration is that the metrics:
- A . conform to industry standards.
- B . apply to all business units.
- C . provide actionable data.
- D . are easy to understand.