ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 09.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 09.09.2025
Which of the following is the MOST important consideration of any disaster response plan?
- A . Lost revenue
- B . Personnel safety
- C . IT asset protection
- D . Adequate resource capacity
An IT balanced scorecard is the MOST effective means of monitoring:
- A . governance of enterprise IT.
- B . control effectiveness.
- C . return on investment (ROI).
- D . change management effectiveness.
During the review of a system disruption incident, an IS auditor notes that IT support staff were put in a position to make decisions beyond their level of authority.
Which of the following is the BEST recommendation to help prevent this situation in the future?
- A . Introduce escalation protocols.
- B . Develop a competency matrix.
- C . Implement fallback options.
- D . Enable an emergency access ID.
An IS auditor identifies that a legacy application to be decommissioned in three months cannot meet the security requirements established by the current policy.
What is the BEST way (or the auditor to address this issue?
- A . Recommend the application be patched to meet requirements.
- B . Inform the IT director of the policy noncompliance.
- C . Verify management has approved a policy exception to accept the risk.
- D . Take no action since the application will be decommissioned in three months.
An IS auditor has been asked to advise on measures to improve IT governance within the organization.
Which of the following IS the BEST recommendation?
- A . Benchmark organizational performance against industry peers
- B . Implement key performance indicators (KPIs).
- C . Require executive management to draft IT strategy
- D . Implement annual third-party audits.
Which of the following is the BEST security control to validate the integrity of data communicated between production databases and a big data analytics system?
- A . Hashing in-scope data sets
- B . Encrypting in-scope data sets
- C . Running and comparing the count function within the in-scope data sets
- D . Hosting a digital certificate for in-scope data sets
Which of the following are used in a firewall to protect the entity’s internal resources?
- A . Remote access servers
- B . Secure Sockets Layers (SSLs)
- C . Internet Protocol (IP) address restrictions
- D . Failover services
An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system. End users indicated concerns with the accuracy of critical automatic calculations made by the system.
The auditor’s FIRST course of action should be to:
- A . review recent changes to the system.
- B . verify completeness of user acceptance testing (UAT).
- C . verify results to determine validity of user concerns.
- D . review initial business requirements.
Which of the following BEST ensures the quality and integrity of test procedures used in audit analytics?
- A . Developing and communicating test procedure best practices to audit teams
- B . Developing and implementing an audit data repository
- C . Decentralizing procedures and Implementing periodic peer review
- D . Centralizing procedures and implementing change control
An IS auditor discovers that validation controls m a web application have been moved from the server side into the browser to boost performance.
This would MOST likely increase the risk of a successful attack by.
- A . phishing.
- B . denial of service (DoS)
- C . structured query language (SQL) injection
- D . buffer overflow