ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 10.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 10.09.2025
An IS auditor finds that the process for removing access for terminated employees is not documented What is the MOST significant risk from this observation?
- A . Procedures may not align with best practices
- B . Human resources (HR) records may not match system access.
- C . Unauthorized access cannot he identified.
- D . Access rights may not be removed in a timely manner.
Which of the following is the GREATEST concern associated with a high number of IT policy
exceptions approved by management?
- A . The exceptions are likely to continue indefinitely.
- B . The exceptions may result in noncompliance.
- C . The exceptions may elevate the level of operational risk.
- D . The exceptions may negatively impact process efficiency.
During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS).
Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?
- A . Sampling risk
- B . Detection risk
- C . Control risk
- D . Inherent risk
Which of the following metrics is the BEST indicator of the performance of a web application?
- A . Server thread count
- B . Server uptime
- C . Average response time
- D . HTTP server error rate
An IS auditor is evaluating an enterprise resource planning (ERP) migration from local systems to the cloud.
Who should be responsible for the data
classification in this project?
- A . Information security officer
- B . Database administrator (DBA)
- C . Information owner
- D . Data architect
Which of the following is the BEST disposal method for flash drives that previously stored confidential data?
- A . Destruction
- B . Degaussing
- C . Cryptographic erasure
- D . Overwriting
An IS auditor is reviewing an organization’s information asset management process.
Which of the following would be of GREATEST concern to the auditor?
- A . The process does not require specifying the physical locations of assets.
- B . Process ownership has not been established.
- C . The process does not include asset review.
- D . Identification of asset value is not included in the process.
During an audit of an organization’s risk management practices, an IS auditor finds several documented IT risk acceptances have not been renewed in a timely manner after the assigned expiration date.
When assessing the seventy of this finding, which mitigating factor would MOST significantly minimize the associated impact?
- A . There are documented compensating controls over the business processes.
- B . The risk acceptances were previously reviewed and approved by appropriate senior management
- C . The business environment has not significantly changed since the risk acceptances were approved.
- D . The risk acceptances with issues reflect a small percentage of the total population
Which of the following should be GREATEST concern to an IS auditor reviewing data conversion and migration during the implementation of a new application system?
- A . Data conversion was performed using manual processes.
- B . Backups of the old system and data are not available online.
- C . Unauthorized data modifications occurred during conversion.
- D . The change management process was not formally documented
When classifying information, it is MOST important to align the classification to:
- A . business risk
- B . security policy
- C . data retention requirements
- D . industry standards