ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 12.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 12.09.2025
An IS auditor finds that the cost of developing an application is now projected to significantly exceed the budget.
Which of the following is the GREATEST risk to communicate to senior management?
- A . Noncompliance with project methodology
- B . Inability to achieve expected benefits
- C . Increased staff turnover
- D . Project abandonment
An organization that operates an e-commerce website wants to provide continuous service to its customers and is planning to invest in a hot site due to service criticality.
Which of the following is the MOST important consideration when making this decision?
- A . Maximum tolerable downtime (MTD)
- B . Recovery time objective (RTO)
- C . Recovery point objective (RPO)
- D . Mean time to repair (MTTR)
What is the PRIMARY purpose of performing a parallel run of a now system?
- A . To train the end users and supporting staff on the new system
- B . To verify the new system provides required business functionality
- C . To reduce the need for additional testing
- D . To validate the new system against its predecessor
A vendor requires privileged access to a key business application.
Which of the following is the BEST recommendation to reduce the risk of data leakage?
- A . Implement real-time activity monitoring for privileged roles
- B . Include the right-to-audit in the vendor contract
- C . Perform a review of privileged roles and responsibilities
- D . Require the vendor to implement job rotation for privileged roles
A telecommunications company has recently created a new fraud department with three employees and acquired a fraud detection system that uses artificial intelligence (AI) modules.
Which of the following would be of GREATEST concern to an IS auditor reviewing the system?
- A . A very large number of true negatives
- B . A small number of false negatives
- C . A small number of true positives
- D . A large number of false positives
Which of the following would be MOST effective in detecting the presence of an unauthorized wireless access point on an internal network?
- A . Continuous network monitoring
- B . Periodic network vulnerability assessments
- C . Review of electronic access logs
- D . Physical security reviews
A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization.
Which of the following is MOST effective in detecting such an intrusion?
- A . Periodically reviewing log files
- B . Configuring the router as a firewall
- C . Using smart cards with one-time passwords
- D . Installing biometrics-based authentication
When reviewing an organization’s information security policies, an IS auditor should verify that the policies have been defined PRIMARILY on the basis of:
- A . a risk management process.
- B . an information security framework.
- C . past information security incidents.
- D . industry best practices.
Which of the following is the BEST way to prevent social engineering incidents?
- A . Ensure user workstations are running the most recent version of antivirus software.
- B . Maintain an onboarding and annual security awareness program.
- C . Include security responsibilities in job descriptions and require signed acknowledgment.
- D . Enforce strict email security gateway controls.
An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes.
Which of the following recommendations would BEST help to reduce the risk of data leakage?
- A . Requiring policy acknowledgment and nondisclosure agreements (NDAs) signed by employees
- B . Establishing strong access controls on confidential data
- C . Providing education and guidelines to employees on use of social networking sites
- D . Monitoring employees‘ social networking usage