ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 09.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 09.09.2025
Which of the following is a social engineering attack method?
- A . An unauthorized person attempts to gam access to secure premises by following an authonzed person through a secure door.
- B . An employee is induced to reveal confidential IP addresses and passwords by answering questions over the phone.
- C . A hacker walks around an office building using scanning tools to search for a wireless network to gain access.
- D . An intruder eavesdrops and collects sensitive information flowing through the network and sells it to third parties.
A characteristic of a digital signature is that it
- A . is under control of the receiver
- B . is unique to the message
- C . is validated when data are changed
- D . has a reproducible hashing algorithm
Which of the following staff should an IS auditor interview FIRST to obtain a general overview of the various technologies used across different programs?
- A . Technical architect
- B . Enterprise architect
- C . Program manager
- D . Solution architect
An IS auditor reviewing the throat assessment for a data cantor would be MOST concerned if:
- A . some of the identified threats are unlikely to occur.
- B . all identified threats relate to external entities.
- C . the exercise was completed by local management.
- D . neighboring organizations‘ operations have been included.
Which of the following is the GREATEST risk of project dashboards being set without sufficiently defined criteria?
- A . Adverse findings from internal and external auditors
- B . Lack of project portfolio status oversight
- C . Lack of alignment of project status reports
- D . Inadequate decision-making and prioritization
A web application is developed in-house by an organization.
Which of the following would provide the BEST evidence to an IS auditor that the application is secure from external attack?
- A . Web application firewall (WAF) implementation
- B . Penetration test results
- C . Code review by a third party
- D . Database application monitoring logs
What is the PRIMARY reason to adopt a risk-based IS audit strategy?
- A . To achieve synergy between audit and other risk management functions
- B . To prioritize available resources and focus on areas with significant risk
- C . To reduce the time and effort needed to perform a full audit cycle
- D . To identify key threats, risks, and controls for the organization
Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simulation test administered for staff members?
- A . Staff members who failed the test did not receive follow-up education
- B . Test results were not communicated to staff members.
- C . Staff members were not notified about the test beforehand.
- D . Security awareness training was not provided prior to the test.
An IS auditor has discovered that a software system still in regular use is years out of date and no longer supported. The auditee has stated that it will take six months until the software is running on the current version.
Which of the following is the BEST way to reduce the immediate risk associated with using an unsupported version of the software?
- A . Verify all patches have been applied to the software system’s outdated version.
- B . Close all unused ports on the outdated software system.
- C . Monitor network traffic attempting to reach the outdated software system.
- D . Segregate the outdated software system from the main network.
External audits have identified recurring exceptions in the user termination process, despite similar internal audits having reported no exceptions in the past.
Which of the following is the IS auditor’s BEST course of action to improve the internal audit process in the future?
- A . Include the user termination process in all upcoming audits.
- B . Review user termination process changes.
- C . Review the internal audit sampling methodology.
- D . Review control self-assessment (CSA) results.