ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 10.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 10.09.2025
An IS auditor performs a follow-up audit and learns the approach taken by the auditee to fix the findings differs from the agreed-upon approach confirmed during the last audit.
Which of the following should be the auditor’s NEXT course of action?
- A . Evaluate the appropriateness of the remedial action taken.
- B . Conduct a risk analysis incorporating the change.
- C . Report results of the follow-up to the audit committee.
- D . Inform senior management of the change in approach.
Which of the following provides an IS auditor the BEST evidence that a third-party service provider’s information security controls are effective?
- A . Documentation of the service provider’s security configuration controls
- B . A review of the service provider’s policies and procedures
- C . An audit report of the controls by an external auditor
- D . An interview with the service provider’s senior management
Which of the following is MOST important to include in forensic data collection and preservation procedures?
- A . Assuring the physical security of devices
- B . Preserving data integrity
- C . Maintaining chain of custody
- D . Determining tools to be used
A post-implementation review was conducted by issuing a survey to users.
Which of the following should be of GREATEST concern to an IS auditor?
- A . The survey results were not presented in detail lo management.
- B . The survey questions did not address the scope of the business case.
- C . The survey form template did not allow additional feedback to be provided.
- D . The survey was issued to employees a month after implementation.
A senior auditor is reviewing work papers prepared by a junior auditor indicating that a finding was removed after the auditee said they corrected the problem.
Which of the following is the senior auditor s MOST appropriate course of action?
- A . Ask the auditee to retest
- B . Approve the work papers as written
- C . Have the finding reinstated
- D . Refer the issue to the audit director
Which of the following is an effective way to ensure the integrity of file transfers in a peer-to-peer (P2P) computing environment?
- A . Associate a message authentication code with each file transferred.
- B . Ensure the files are transferred through an intrusion detection system (IDS).
- C . Encrypt the packets shared between peers within the environment.
- D . Connect the client computers in the environment to a jump server.
The PRIMARY benefit lo using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:
- A . is more effective at suppressing flames.
- B . allows more time to abort release of the suppressant.
- C . has a decreased risk of leakage.
- D . disperses dry chemical suppressants exclusively.
Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
- A . Audit cycle defined in the audit plan
- B . Complexity of management’s action plans
- C . Recommendation from executive management
- D . Residual risk from the findings of previous audits
Which of the following is the BEST way to sanitize a hard disk for reuse to ensure the organization’s information cannot be accessed?
- A . Re-partitioning
- B . Degaussing
- C . Formatting
- D . Data wiping
Which of the following should be the GREATEST concern for an IS auditor assessing an organization’s disaster recovery plan (DRP)?
- A . The DRP was developed by the IT department.
- B . The DRP has not been tested during the past three years.
- C . The DRP has not been updated for two years.
- D . The DRP does not include the recovery the time objective (RTO) for a key system.