ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 10.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 10.09.2025
Which of the following should be of GREATEST concern for an IS auditor when reviewing user account policies?
- A . There is no policy to revoke an employee’s system access upon termination.
- B . There is no policy in place for ongoing security awareness training.
- C . There is no policy requiring employees to sign nondisclosure agreements (NDAs).
- D . There is no policy to revoke previous access rights when employees change roles.
An IS auditor is assessing the adequacy of management’s remediation action plan.
Which of the following should be the MOST important consideration?
- A . Plan approval by the audit committee
- B . Impacts on future audit work
- C . Criticality of audit findings
- D . Potential cost savings
Which of the following is MOST important for an IS auditor to confirm when reviewing an organization’s plans to implement robotic process automation (RPA> to automate routine business tasks?
- A . The end-to-end process is understood and documented.
- B . Roles and responsibilities are defined for the business processes in scope.
- C . A benchmarking exercise of industry peers who use RPA has been completed.
- D . A request for proposal (RFP) has been issued to qualified vendors.
Which of the following Is the BEST way to ensure payment transaction data is restricted to the appropriate users?
- A . Implementing two-factor authentication
- B . Restricting access to transactions using network security software
- C . implementing role-based access at the application level
- D . Using a single menu tor sensitive application transactions
When reviewing an organization’s enterprise architecture (EA), which of the following is an IS auditor MOST likely to find within the EA documentation?
- A . Contact information for key resources within the IT department
- B . Detailed encryption standards
- C . Roadmaps showing the evolution from current state to future state
- D . Protocols used to communicate between systems
An IS auditor reviewing the system development life cycle (SDLC) finds there is no requirement for business cases.
Which of the following should be off GREATEST concern to the organization?
- A . Vendor selection criteria are not sufficiently evaluated.
- B . Business resources have not been optimally assigned.
- C . Business impacts of projects are not adequately analyzed.
- D . Project costs exceed established budgets.
Which of the following would be the BEST criteria for monitoring an IT vendor’s service levels?
- A . Service auditor’s report
- B . Performance metrics
- C . Surprise visit to vendor
- D . Interview with vendor
In a public key cryptographic system, which of the following is the PRIMARY requirement to address the risk of man-in-the-middle attacks through spoofing?
- A . Strong encryption algorithms
- B . Kerberos authentication
- C . Registration authority
- D . Certificate authority (CA)
Which of the following is the MOST effective way for an organization to help ensure agreed-upon action plans from an IS audit will be implemented?
- A . Ensure sufficient audit resources are allocated,
- B . Communicate audit results organization-wide.
- C . Ensure ownership is assigned.
- D . Test corrective actions upon completion.
Which of the following is the MOST effective way for an organization to help ensure agreed-upon action plans from an IS audit will be implemented?
- A . Ensure sufficient audit resources are allocated,
- B . Communicate audit results organization-wide.
- C . Ensure ownership is assigned.
- D . Test corrective actions upon completion.