ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 11.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 11.09.2025
An organization requires the use of a key card to enter its data center. Recently, a control was implemented that requires biometric authentication for each employee.
Which type of control has been added?
- A . Corrective
- B . Compensating
- C . Preventive
- D . Detective
Which of the following is an IS auditor’s BEST approach when prepanng to evaluate whether the IT strategy supports the organization’s vision and mission?
- A . Review strategic projects tor return on investments (ROls)
- B . Solicit feedback from other departments to gauge the organization’s maturity
- C . Meet with senior management to understand business goals
- D . Review the organization’s key performance indicators (KPls)
A third-party consultant is managing the replacement of an accounting system.
Which of the following should be the IS auditor’s GREATEST concern?
- A . Data migration is not part of the contracted activities.
- B . The replacement is occurring near year-end reporting
- C . The user department will manage access rights.
- D . Testing was performed by the third-party consultant
Which of the following is MOST important for an IS auditor to confirm when reviewing an organization’s incident response management program?
- A . All incidents have a severity level assigned.
- B . All identified incidents are escalated to the CEO and the CISO.
- C . Incident response is within defined service level agreements (SLAs).
- D . The alerting tools and incident response team can detect incidents.
In reviewing the IT strategic plan, the IS auditor should consider whether it identifies the:
- A . allocation of IT staff.
- B . project management methodologies used.
- C . major IT initiatives.
- D . links to operational tactical plans.
During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization.
Which of the following should be recommended as the PRIMARY factor to determine system criticality?
- A . Key performance indicators (KPIs)
- B . Mean time to restore (MTTR)
- C . Maximum allowable downtime (MAD)
- D . Recovery point objective (RPO)
Which of the following should be an IS auditor’s GREATEST concern when an international organization intends to roll out a global data privacy policy?
- A . Requirements may become unreasonable.
- B . Local regulations may contradict the policy.
- C . The policy may conflict with existing application requirements.
- D . Local management may not accept the policy.
Which of the following is MOST effective for controlling visitor access to a data center?
- A . Visitors are escorted by an authorized employee
- B . Pre-approval of entry requests
- C . Visitors sign in at the front desk upon arrival
- D . Closed-circuit television (CCTV) is used to monitor the facilities
Which of the following is the MAIN objective of enterprise architecture (EA) governance?
- A . To ensure new processes and technologies harmonize with existing processes
- B . To ensure the EA can adapt to emerging technology trends
- C . To ensure the EA is compliant with local laws and regulations
- D . To ensure new initiatives produce an acceptable return on investment (ROI)
Which of the following audit procedures would be MOST conclusive in evaluating the effectiveness of an e-commerce application system’s edit routine?
- A . Review of program documentation
- B . Use of test transactions
- C . Interviews with knowledgeable users
- D . Review of source code