ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 12.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 12.09.2025
The GREATEST concern for an IS auditor reviewing vulnerability assessments by the auditee would be if the assessments are:
- A . Conducted once per year just before system audits are scheduled.
- B . Conducted by the internal technical team instead of external experts.
- C . Performed for critical systems, not for the entire infrastructure.
- D . Performed using open-source testing tools.
Which of the following is the PRIMARY reason an IS auditor would recommend offsite backups although critical data is already on a redundant array of inexpensive disks (RAID)?
- A . Disks of the array cannot be hot-swapped for quick recovery.
- B . The array cannot offer protection against disk corruption.
- C . The array relies on proper maintenance.
- D . The array cannot recover from a natural disaster.
Which of the following would provide the MOST important input during the planning phase for an audit on the implementation of a bring your own device (BYOD) program?
- A . Findings from prior audits
- B . Results of a risk assessment
- C . An inventory of personal devices to be connected to the corporate network
- D . Policies including BYOD acceptable user statements
A new regulation has been enacted that mandates specific information security practices for the protection of customer data.
Which of the following is MOST useful for an IS auditor to review when auditing against the regulation?
- A . Compliance gap analysis
- B . Customer data protection roles and responsibilities
- C . Customer data flow diagram
- D . Benchmarking studies of adaptation to the new regulation
During the audit of an enterprise resource planning (ERP) system, an IS auditor found an application patch was applied to the production environment. It is MOST important for the IS auditor to verify approval from the:
- A . information security officer.
- B . system administrator.
- C . information asset owner.
- D . project manager.
Due to advancements in technology and electronic records, an IS auditor has completed an engagement by email only.
Which of the following did the IS auditor potentially compromise?
- A . Proficiency
- B . Due professional care
- C . Sufficient evidence
- D . Reporting
A credit card company has decided to outsource the printing of customer statements It Is MOST important for the company to verify whether:
- A . the provider has alternate service locations.
- B . the contract includes compensation for deficient service levels.
- C . the provider’s information security controls are aligned with the company’s.
- D . the provider adheres to the company’s data retention policies.
During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period.
Which of the following is the auditor’s MOST important course of action?
- A . Document the finding and present it to management.
- B . Determine if a root cause analysis was conducted.
- C . Confirm the resolution time of the incidents.
- D . Validate whether all incidents have been actioned.
Which of the following should be of GREATEST concern to an |$ auditor reviewing data conversion and migration during the implementation of a new application system?
- A . The change management process was not formally documented
- B . Backups of the old system and data are not available online
- C . Unauthorized data modifications occurred during conversion,
- D . Data conversion was performed using manual processes
An IS auditor has been tasked to review the processes that prevent fraud within a business expense claim system.
Which of the following stakeholders is MOST important to involve in this review?
- A . Information security manager
- B . Quality assurance (QA) manager
- C . Business department executive
- D . Business process owner