ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 09.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 09.09.2025
Which of the following is a challenge in developing a service level agreement (SLA) for network services?
- A . Establishing a well-designed framework for network servirces.
- B . Finding performance metrics that can be measured properly
- C . Ensuring that network components are not modified by the client
- D . Reducing the number of entry points into the network
Which of the following is the GREATEST risk related to the use of virtualized environments?
- A . The host may be a potential single point of failure within the system.
- B . There may be insufficient processing capacity to assign to guests.
- C . There may be increased potential for session hijacking.
- D . Ability to change operating systems may be limited.
Aligning IT strategy with business strategy PRIMARILY helps an organization to:
- A . Increase involvement of senior management in IT.
- B . Optimize investments in IT.
- C . Create risk awareness across business units.
- D . Monitor the effectiveness of IT.
Which of the following is MOST important for an IS auditor to examine when reviewing an organization’s privacy policy?
- A . Whether there is explicit permission from regulators to collect personal data
- B . The organization’s legitimate purpose for collecting personal data
- C . Whether sharing of personal information with third-party service providers is prohibited
- D . The encryption mechanism selected by the organization for protecting personal data
When auditing the closing stages of a system development protect which of the following should be the MOST important consideration?
- A . Control requirements
- B . Rollback procedures
- C . Functional requirements documentation
- D . User acceptance lest (UAT) results
An IS auditor observes that a large number of departed employees have not been removed from the accounts payable system.
Which of the following is MOST important to determine in order to assess the risk1?
- A . The frequency of user access reviews performed by management
- B . The frequency of intrusion attempts associated with the accounts payable system
- C . The process for terminating access of departed employees
- D . The ability of departed employees to actually access the system
Which of the following should be the PRIMARY consideration when incorporating user training and awareness into a data loss prevention (DLP) strategy?
- A . Avoiding financial penalties and reputational risk
- B . Ensuring data availability
- C . Promoting secure data handling practices
- D . Adhering to data governance policies
An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities.
Which of the following is the BEST recommendation by the IS auditor?
- A . Improve the change management process
- B . Establish security metrics.
- C . Perform a penetration test
- D . Perform a configuration review
Which of the following is the STRONGEST indication of a mature risk management program?
- A . Risk assessment results are used for informed decision-making.
- B . All attributes of risk are evaluated by the risk owner.
- C . A metrics dashboard has been approved by senior management.
- D . The risk register is regularly updated by risk practitioners.
A now regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification.
Which of the following is the IS auditor’s BEST recommendation to facilitate compliance with the regulation?
- A . Establish key performance indicators (KPls) for timely identification of security incidents.
- B . Engage an external security incident response expert for incident handling.
- C . Enhance the alert functionality of the intrusion detection system (IDS).
- D . Include the requirement in the incident management response plan.