ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 11.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 11.09.2025
An IS auditor notes that IT and the business have different opinions on the availability of their application servers.
Which of the following should the IS auditor review FIRST in order to understand the problem?
- A . The exact definition of the service levels and their measurement
- B . The alerting and measurement process on the application servers
- C . The actual availability of the servers as part of a substantive test
- D . The regular performance-reporting documentation
Which of the following would be the GREATEST concern during a financial statement audit?
- A . A backup has not been identified for key approvers.
- B . System capacity has not been tested.
- C . The procedures for generating key reports have not been approved.
- D . The financial management system is cloud based.
Which of the following is the BEST way to verify the effectiveness of a data restoration process?
- A . Performing periodic reviews of physical access to backup media
- B . Performing periodic complete data restorations
- C . Validating off ne backups using software utilities
- D . Reviewing and updating data restoration policies annually
Which of the following BEST helps data loss prevention (DLP) tools detect movement of sensitive data m transit?
- A . Network traffic logs
- B . Deep packet inspection
- C . Data inventory
- D . Proprietary encryption
An organization has assigned two now IS auditors to audit a now system implementation. One of the auditors has an IT-related degree, and one has a business degree.
Which of the following is MOST important to meet the IS audit standard for proficiency?
- A . The standard is met as long as one member has a globally recognized audit certification.
- B . Technical co-sourcing must be used to help the new staff.
- C . Team member assignments must be based on individual competencies.
- D . The standard is met as long as a supervisor reviews the new auditors‘ work.
Which of the following is the PRIMARY benefit of introducing business impact analyses (BIAs) to business resiliency strategies?
- A . It identifies legal obligations that may be incurred as a result of business service disruptions
- B . It provides updates on the risk level of disasters that may occur
- C . It delineates employee responsibilities that the organization must fulfill in a crisis
- D . It helps prioritize the restoration of systems and applications
Which of the following is the MOST important course of action to ensure a cloud access security broker (CASB) effectively detects and responds to threats?
- A . Monitoring data movement
- B . Implementing a long-term CASB contract
- C . Reviewing the information security policy
- D . Evaluating firewall effectiveness
Which of the following approaches would present the GREATEST concern for the implementation of a quality assurance (QA) function?
- A . Developers introducing the changes will review the work, as they are most familiar with them.
- B . Peer developers from the same development team who are unfamiliar with the changes will review them.
- C . Developers from a separate development team in the organization will review the submitted changes.
- D . Reviewers outside the development group who do not have development roles will review the changes.
An IS auditor is reviewing a data conversion project.
Which of the following is the auditor’s BEST recommendation prior to go-live?
- A . Conduct a mock conversion test.
- B . Review test procedures and scenarios.
- C . Automate the test scripts.
- D . Establish a configuration baseline.
Which of the following is the BEST source of information tor an IS auditor to use when determining whether an organization’s information security policy is adequate?
- A . Information security program plans
- B . Penetration test results
- C . Risk assessment results
- D . Industry benchmarks