ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 11.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 11.09.2025
A warehouse employee of a retail company has been able to conceal the theft of inventory items by entering adjustments of either damaged or lost stock items lo the inventory system.
Which control would have BEST prevented this type of fraud in a retail environment?
- A . Separate authorization for input of transactions
- B . Statistical sampling of adjustment transactions
- C . Unscheduled audits of lost stock lines
- D . An edit check for the validity of the inventory transaction
The business case for an information system investment should be available for review until the:
- A . information system investment is retired.
- B . information system has reached end of life.
- C . formal investment decision is approved.
- D . benefits have been fully realized.
Which of the following is MOST useful for determining whether the goals of IT are aligned with the organization’s goals?
- A . Balanced scorecard
- B . Enterprise dashboard
- C . Enterprise architecture (EA)
- D . Key performance indicators (KPIs)
When physical destruction IS not practical, which of the following is the MOST effective means of disposing of sensitive data on a hard disk?
- A . Overwriting multiple times
- B . Encrypting the disk
- C . Reformatting
- D . Deleting files sequentially
An organization saves confidential information in a file with password protection and the file is placed in a shared folder. An attacker has stolen this information by obtaining the password through social engineering.
Implementing which of the following would BEST enable the organization to prevent this type of incident in the future?
- A . Multi-factor authentication (MFA)
- B . Security awareness programs for employees
- C . Access history log review by the business manager
- D . File encryption along with password protection
An IS auditor is conducting a review of a data center.
Which of the following observations could indicate an access control Issue?
- A . Security cameras deployed outside main entrance
- B . Antistatic mats deployed at the computer room entrance
- C . Muddy footprints directly inside the emergency exit
- D . Fencing around facility is two meters high
Which of the following is the BEST performance indicator for the effectiveness of an incident management program?
- A . Average time between incidents
- B . Incident alert meantime
- C . Number of incidents reported
- D . Incident resolution meantime
Which of the following features of a library control software package would protect against unauthorized updating of source code?
- A . Required approvals at each life cycle step
- B . Date and time stamping of source and object code
- C . Access controls for source libraries
- D . Release-to-release comparison of source code
An IS auditor is following up on prior period items and finds management did not address an audit finding.
Which of the following should be the IS auditor’s NEXT course of action?
- A . Note the exception in a new report as the item was not addressed by management.
- B . Recommend alternative solutions to address the repeat finding.
- C . Conduct a risk assessment of the repeat finding.
- D . Interview management to determine why the finding was not addressed.
Which of the following would be of GREATEST concern to an IS auditor reviewing an IT-related customer service project?
- A . The project risk exceeds the organization’s risk appetite.
- B . Executing the project will require additional investments.
- C . Expected business value is expressed in qualitative terms.
- D . The organization will be the first to offer the proposed services.