ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 10.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 10.09.2025
As part of business continuity planning, which of the following is MOST important to assess when conducting a business impact analysis (B1A)?
- A . Risk appetite
- B . Critical applications m the cloud
- C . Completeness of critical asset inventory
- D . Recovery scenarios
Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported.
Which of the following is the IS auditor’s BEST recommendation?
- A . Ensure corrected program code is compiled in a dedicated server.
- B . Ensure change management reports are independently reviewed.
- C . Ensure programmers cannot access code after the completion of program edits.
- D . Ensure the business signs off on end-to-end user acceptance test (UAT) results.
During a review, an IS auditor discovers that corporate users are able to access cloud-based applications and data from any Internet-connected web browser.
Which of the following is the auditor’s BEST recommendation to help prevent unauthorized access?
- A . Utilize strong anti-malware controls on all computing devices.
- B . Update security policies and procedures.
- C . Implement an intrusion detection system (IDS).
- D . Implement multi-factor authentication.
An IS auditor reviewing security incident processes realizes incidents are resolved and closed, but root causes are not investigated.
Which of the following should be the MAJOR concern with this situation?
- A . Abuses by employees have not been reported.
- B . Lessons learned have not been properly documented
- C . vulnerabilities have not been properly addressed
- D . Security incident policies are out of date.
Which of the following is MOST useful for determining the strategy for IT portfolio management?
- A . IT metrics dashboards
- B . IT roadmap
- C . Capability maturity model
- D . Life cycle cost-benefit analysis
Which of the following backup methods is MOST appropriate when storage space is limited?
- A . Incremental backups
- B . Mirror backups
- C . Full backups
- D . Annual backups
During the evaluation of controls over a major application development project, the MOST effective use of an IS auditor’s time would be to review and evaluate:
- A . application test cases.
- B . acceptance testing.
- C . cost-benefit analysis.
- D . project plans.
Cross-site scripting (XSS) attacks are BEST prevented through:
- A . application firewall policy settings.
- B . a three-tier web architecture.
- C . secure coding practices.
- D . use of common industry frameworks.
Which of the following is MOST important to consider when assessing the scope of privacy concerns for an IT project?
- A . Data ownership
- B . Applicable laws and regulations
- C . Business requirements and data flows
- D . End-user access rights
Which of the following should be an IS auditor’s GREATEST concern when assessing an IT service configuration database?
- A . The database is read-accessible for all users.
- B . The database is write-accessible for all users.
- C . The database is not encrypted at rest.
- D . The database is executable for all users.