ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 12.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 12.09.2025
Which of the following BEST enables an organization to improve the effectiveness of its incident response team?
- A . Conducting periodic testing and incorporating lessons learned
- B . Increasing the mean resolution time and publishing key performance indicator (KPI) metrics
- C . Disseminating incident response procedures and requiring signed acknowledgment by team members
- D . Ensuring all team members understand information systems technology
Which of the following activities provides an IS auditor with the MOST insight regarding potential single person dependencies that might exist within the organization?
- A . Reviewing vacation patterns
- B . Reviewing user activity logs
- C . Interviewing senior IT management
- D . Mapping IT processes to roles
Which of the following is the BEST source of information for assessing the effectiveness of IT process monitoring?
- A . Real-time audit software
- B . Performance data
- C . Quality assurance (QA) reviews
- D . Participative management techniques
Which of the following is the BEST detective control for a job scheduling process involving data transmission?
- A . Metrics denoting the volume of monthly job failures are reported and reviewed by senior management.
- B . Jobs are scheduled to be completed daily and data is transmitted using a Secure File Transfer Protocol (SFTP).
- C . Jobs are scheduled and a log of this activity is retained for subsequent review.
- D . Job failure alerts are automatically generated and routed to support personnel.
During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor’s NEXT step should be to:
- A . note the noncompliance in the audit working papers.
- B . issue an audit memorandum identifying the noncompliance.
- C . include the noncompliance in the audit report.
- D . determine why the procedures were not followed.
Which of the following is the MOST effective way for an organization to project against data loss?
- A . Limit employee internet access.
- B . Implement data classification procedures.
- C . Review firewall logs for anomalies.
- D . Conduct periodic security awareness training.
Which of the following is the GREATEST risk associated with storing customer data on a web server?
- A . Data availability
- B . Data confidentiality
- C . Data integrity
- D . Data redundancy
Which of the following is the BEST sampling method to use when relatively few errors are expected to be found in a population?
- A . Variable sampling
- B . Judgmental sampling
- C . Stop-or-go sampling
- D . Discovery sampling
During planning for a cloud service audit, audit management becomes aware that the assigned IS
auditor is unfamiliar with the technologies in use and their associated risks to the business. To ensure audit quality, which of the following actions should audit management consider FIRST?
- A . Conduct a follow-up audit after a suitable period has elapsed.
- B . Reschedule the audit assignment for the next financial year.
- C . Reassign the audit to an internal audit subject matter expert.
- D . Extend the duration of the audit to give the auditor more time.
Which of the following would MOST effectively help to reduce the number of repealed incidents in an organization?
- A . Testing incident response plans with a wide range of scenarios
- B . Prioritizing incidents after impact assessment.
- C . Linking incidents to problem management activities
- D . Training incident management teams on current incident trends