ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 09.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 09.09.2025
Capacity management tools are PRIMARILY used to ensure that:
- A . available resources are used efficiently and effectively
- B . computer systems are used to their maximum capacity most of the time
- C . concurrent use by a large number of users is enabled
- D . proposed hardware acquisitions meet capacity requirements
Which of the following is the GREATEST advantage of vulnerability scanning over penetration testing?
- A . The testing produces a lower number of false positive results
- B . Network bandwidth is utilized more efficiently
- C . Custom-developed applications can be tested more accurately
- D . The testing process can be automated to cover large groups of assets
Which of the following is an IS auditor’s BEST course of action when the auditee indicates that a corrective action plan for a high-risk finding will take longer than expected?
- A . Accept the longer target date and document it in the audit system.
- B . Determine if an interim compensating control has been implemented.
- C . Escalate the overdue finding to the audit committee.
- D . Require that remediation is completed in the agreed timeframe.
In a RAO model, which of the following roles must be assigned to only one individual?
- A . Responsible
- B . Informed
- C . Consulted
- D . Accountable
Coding standards provide which of the following?
- A . Program documentation
- B . Access control tables
- C . Data flow diagrams
- D . Field naming conventions
Which of the following BEST enables an IS auditor to prioritize financial reporting spreadsheets for an end-user computing (EUC) audit?
- A . Understanding the purpose of each spreadsheet
- B . Identifying the spreadsheets with built-in macros
- C . Reviewing spreadsheets based on file size
- D . Ascertaining which spreadsheets are most frequently used
An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor’s BEST recommendation would be to:
- A . establish criteria for reviewing alerts.
- B . recruit more monitoring personnel.
- C . reduce the firewall rules.
- D . fine tune the intrusion detection system (IDS).
A new system is being developed by a vendor for a consumer service organization. The vendor will provide its proprietary software once system development is completed Which of the following is the MOST important requirement to include.
In the vendor contract to ensure continuity?
- A . Continuous 24/7 support must be available.
- B . The vendor must have a documented disaster recovery plan (DRP) in place.
- C . Source code for the software must be placed in escrow.
- D . The vendor must train the organization’s staff to manage the new software
An organizations audit charier PRIMARILY:
- A . describes the auditors‘ authority to conduct audits.
- B . defines the auditors‘ code of conduct.
- C . formally records the annual and quarterly audit plans.
- D . documents the audit process and reporting standards.
An IS auditor is tasked to review an organization’s plan-do-check-act (PDCA) method for improving
IT-related processes and wants to determine the accuracy of defined targets to be achieved.
Which of the following steps in the PDCA process should the auditor PRIMARILY focus on in this situation?
- A . Check
- B . Plan
- C . Do
- D . Act