ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 12.09.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 12.09.2025
An IS auditor is reviewing an organization that performs backups on local database servers every two weeks and does not have a formal policy to govern data backup and restoration procedures.
Which of the following findings presents the GREATEST risk to the organization?
- A . Lack of offsite data backups
- B . Absence of a data backup policy
- C . Lack of periodic data restoration testing
- D . Insufficient data backup frequency
Which of the following procedures for testing a disaster recovery plan (DRP) is MOST effective?
- A . Testing at a secondary site using offsite data backups
- B . Performing a quarterly tabletop exercise
- C . Reviewing recovery time and recovery point objectives
- D . Reviewing documented backup and recovery procedures
Which of the following is the BEST reason for an organization to use clustering?
- A . To decrease system response time
- B . To Improve the recovery lime objective (RTO)
- C . To facilitate faster backups
- D . To improve system resiliency
Which of the following should be given GREATEST consideration when implementing the use of an open-source product?
- A . Support
- B . Performance
- C . Confidentiality
- D . Usability
The IS auditor has recommended that management test a new system before using it in production mode.
The BEST approach for management in developing a test plan is to use processing parameters that are:
- A . randomly selected by a test generator.
- B . provided by the vendor of the application.
- C . randomly selected by the user.
- D . simulated by production entities and customers.
An IS auditor is reviewing the perimeter security design of a network.
Which of the following provides the GREATEST assurance outgoing Internet traffic is controlled?
- A . Intrusion detection system (IDS)
- B . Security information and event management (SIEM) system
- C . Stateful firewall
- D . Load balancer
Which of the following is an example of a preventive control for physical access?
- A . Keeping log entries for all visitors to the building
- B . Implementing a fingerprint-based access control system for the building
- C . Installing closed-circuit television (CCTV) cameras for all ingress and egress points
- D . Implementing a centralized logging server to record instances of staff logging into workstations
An external audit firm was engaged to perform a validation and verification review for a systems implementation project. The IS auditor identifies that regression testing is not part of the project plan and was not performed by the systems implementation team. According to the team, the parallel testing being performed is sufficient, making regression testing unnecessary.
What should be the auditor’s NEXT step?
- A . Evaluate the extent of the parallel testing being performed
- B . Recommend integration and stress testing be conducted by the systems implementation team
- C . Conclude that parallel testing is sufficient and regression testing is not needed
- D . Recommend regression testing be conducted by the systems implementation team
Stress testing should ideally be earned out under a:
- A . test environment with production workloads.
- B . production environment with production workloads.
- C . production environment with test data.
- D . test environment with test data.
Which of the following should be the PRIMARY purpose of conducting tabletop exercises when re-viewing a security incident response plan?
- A . To provide efficiencies for alignment with incident response test scenarios
- B . To determine process improvement options for the incident response plan
- C . To gather documentation for responding to security audit inquiries
- D . To confirm that technology is in place to support the incident response plan