Browse Exams Pricing

ExamsCISAQuestions

CISA Exam Questions

650 real CISA exam questions with expert-verified answers and explanations. Page 10 of 13.

Question #452Protection of Information Assets
An IS auditor reviewing database security should be MOST concerned if the database administrator (DBA):
Segregation of DutiesDatabase SecurityAccess ControlDBA Responsibilities
Question #453Information Systems Acquisition, Development, and Implementation
Which of the following is the PRIMARY function of an internal IS auditor when the organization acquires a new IT system to support its business strategy?
IS Auditor RoleSystem AcquisitionIT Risk ManagementControl Assessment
Question #454Information Systems Operations and Business Resilience
An organization has alternative links in its wide area network (WAN) to provide redundancy. However, each time there is a problem with a link, network administrators have to update...
WAN RedundancyRouting ProtocolsAutomatic FailoverNetwork Resilience
Question #455Protection of Information Assets
What should an IS auditor ensure when a financial organization intends to utilize production data in the testing environment?
Data privacyData securityTest data managementDe-identification
Question #456Information System Auditing Process
A financial accounting system audit determined that audit logging of transactions had been disabled by a finance employee. The IS auditor recommended that finance personnel no long...
Audit follow-upLeast privilegeAccess controlRemediation verification
Question #457Information Systems Auditing Process
Which of the following is MOST important for an IS auditor to consider when using an integrated test facility (ITF) to evaluate an application after a system migration?
Integrated Test Facility (ITF)Audit TestingData SegregationProduction Environment Controls
Question #458Protection of Information Assets
When conducting an audit of an organization's use of AI in its customer service chatbots, an IS auditor should PRIMARILY focus on the:
AI auditingData privacyPersonal data protectionIS audit priorities
Question #459Information Systems Operations and Business Resilience
Which of the following is the BEST control to help ensure the completeness of outbound transactions?
Application controlsTransaction completenessOutbound processingSequential numbering
Question #460Protection of Information Assets
When reviewing the monitoring and prevention of sensitive data moving out of an organization's network, which of the following is MOST important for an IS auditor to verify?
Data Loss Prevention (DLP)Deep Packet Inspection (DPI)Data ExfiltrationNetwork Security
Question #461Governance and Management of IT
When reviewing an organization's enterprise architecture (EA), which of the following is an IS auditor MOST likely to find within the EA documentation?
Enterprise Architecture (EA)IT GovernanceStrategic PlanningRoadmaps
Question #462Information System Auditing Process
The PRIMARY reason for an IS auditor to perform a functional walk-through of a business process during the preliminary phase of an audit assignment is to:
Audit planningPreliminary audit proceduresBusiness process understanding
Question #463Protection of Information Assets
Which of the following is the MOST important consideration to facilitate prosecution of a perpetrator after a cyber crime?
Evidence CollectionCybercrime ForensicsLegal AdmissibilityIncident Response
Question #464Protection of Information Assets
Which of the following should be of GREATEST concern to an IS auditor reviewing an organization's mobile device policies and controls in its corporate environment?
Mobile Device ManagementMobile SecurityInformation Security ControlsRisk Assessment
Question #465Governance and Management of IT
When conducting a post-implementation review, which of the following is the BEST way to determine whether the value from an IT project has been achieved?
Post-implementation reviewReturn on investment (ROI)IT project evaluationValue realization
Question #466Information Systems Operations and Business Resilience
An IS auditor is reviewing a decision to consolidate processing for multiple applications onto a single large server. Which of the following is the MOST significant impact from thi...
Server ConsolidationRisk ManagementSingle Point of FailureBusiness Resilience
Question #467Information System Auditing Process
When reviewing results of a risk assessment process, the IS auditor should focus efforts on risk items and scenarios with the highest level of:
Risk assessmentResidual riskIS auditor roleAudit planning
Question #468Information System Auditing Process
An organization is concerned about duplicate vendor payments on a complex system with a high volume of transactions. Which of the following would be MOST helpful to an IS auditor t...
Computer-Assisted Audit TechniquesData AnalyticsDuplicate Payment DetectionAudit Tools
Question #469Information Systems Acquisition, Development, and Implementation
Reviewing which of the following would provide the BEST indication that a project is progressing as planned?
Earned Value AnalysisProject ManagementProject Progress Tracking
Question #470Governance and Management of IT
An organization is deciding whether to move on-premise workloads to a third-party Infrastructure as a Service (IaaS) platform. Which of the following is MOST important for an IS au...
Risk ManagementRisk AppetiteCloud ComputingIS Audit Considerations
Question #471Information System Auditing Process
Which of the following is the PRIMARY purpose of utilizing data analytics tools in audits?
Data analyticsAudit toolsTargeted audit proceduresRisk identification
Question #472Information System Auditing Process
Which of the following is the MOST important reason for an IS auditor to conduct a risk assessment when developing a risk-based audit strategy?
Risk-based auditingAudit planningRisk assessmentAudit strategy
Question #473Information Systems Acquisition, Development and Implementation
An organization is integrating two systems for real-time API communication. Which of the following is the BEST approach to ensure secure authentication between the two applications...
Penetration TestingAPI SecurityAuthenticationApplication Security Testing
Question #474Information System Auditing Process
An IS auditor discovers there are no documented security procedures. What should be the NEXT step?
Audit methodologySecurity documentationControl evaluationAudit findings
Question #475Information System Auditing Process
When conducting a follow-up of previous audit findings, an IS auditor is told by management that a recommendation to make security changes to an application has not been implemente...
Audit follow-upRisk assessmentAudit recommendationsIS audit process
Question #476Information Systems Operations and Business Resilience
Which of the following types of risk would MOST likely be associated with recent vendor configuration updates that have negatively impacted internal job schedules, causing disrupti...
Data integrityRisk identificationVendor riskIT operations
Question #477Protection of Information Assets
Which of the following is an example of a vulnerability?
Vulnerability managementInformation security conceptsPatch managementRisk components
Question #478Protection of Information Assets
A computer belonging to an organization's CEO has been infected with malware. Which of the following should be done FIRST?
Malware Incident ResponseSecurity Incident HandlingContainmentNetwork Security
Question #479Information Systems Operations and Business Resilience
When auditing the error handling process of job scheduling, it is MOST important for the IS auditor to ensure:
Error handlingJob schedulingIncident resolutionOperational efficiency
Question #480Information System Auditing Process
Which of the following is MOST important to determine when conducting an audit of an organization's data privacy practices?
Data Privacy AuditData InventoryAudit PlanningPersonal Data Protection
Question #481Governance and Management of IT
Which of the following is the PRIMARY reason for an IT department to establish operational level agreements (OLAs) in pursuit of improving management of IT service levels?
Operational Level Agreements (OLAs)Service Level Management (SLM)IT Service Management (ITSM)Internal IT Coordination
Question #482Governance and Management of IT
An outsourced recruitment vendor processes personally identifiable information (PII) related to an organization's new hires. Which of the following would be the GREATEST concern to...
Third-party risk managementVendor due diligencePII protectionIT governance
Question #483Governance and Management of IT
Which of the following is MOST important for an IS auditor to ensure when evaluating an organization's end-user computing (EUC) policy as part of an IT governance audit?
End-User Computing (EUC)IT Governance AuditControl IdentificationIS Auditor Role
Question #484Information Systems Acquisition, Development, and Implementation
Which of the following is the PRIMARY purpose of conducting a stage gate review process after each phase of the software development life cycle?
Stage-gate reviewSDLCProject managementQuality assurance
Question #485Protection of Information Assets
Standard operating procedures for dealing with a compromised private key are found in which element of a public key infrastructure (PKI)?
PKICertification Practice StatementKey ManagementIncident Response
Question #486Protection of Information Assets
Which of the following is the MOST important consideration to ensure the integrity of encrypted data?
EncryptionData IntegrityCryptographic AlgorithmsInformation Security Controls
Question #487Information Systems Operations and Business Resilience
Which of the following would BEST help an organization maintain a configuration management system for IT inventory?
Configuration ManagementIT InventoryAsset Life CycleSystem Maintenance
Question #488Information Systems Acquisition, Development, and Implementation
Which of the following is the PRIMARY responsibility of quality control (QC) in the context of software development and application systems?
Quality ControlSoftware Development LifecycleDefect ManagementQuality Assurance
Question #489Governance and Management of IT
An IS auditor evaluating a policy should be MOST concerned about the lack of a:
Policy ManagementIS Audit ConcernsAccountabilityIT Governance
Question #490Protection of Information Assets
Which of the following would be of GREATEST concern to an IS auditor when assessing the effectiveness of log management?
Log ManagementInformation SecurityData IntegrityAudit Concerns
Question #491Information Systems Operations and Business Resilience
Data restoration tests the effectiveness of an organization's ability to:
Data RecoveryBackup TestingBusiness ResilienceIT Operations
Question #492Protection of Information Assets
Which of the following should be of MOST concern to an IS auditor when reviewing the protection of data?
Data ClassificationData ProtectionIS Audit ConcernsSecurity Controls
Question #493Information Systems Operations and Business Resilience
A core system fails a week after a scheduled update, causing an outage that impacts service. Which of the following is MOST important for incident management to focus on when addre...
Incident ManagementService RestorationOutage ResponseIT Operations
Question #494Information System Auditing Process
When planning an audit to assess controls for an application in the cloud environment, it is MOST important for an IS auditor to understand:
Cloud auditingShared responsibility modelAudit planningControl assessment
Question #495Protection of Information Assets
When auditing an organization's implementation of Zero Trust principles within its identity and access management (IAM) framework, which of the following is MOST important to revie...
Zero TrustIdentity and Access Management (IAM)Information Security PolicyAudit Review
Question #496Protection of Information Assets
Which of the following MOST significantly limits a hacker's ability to use brute force attacks to compromise an encryption scheme?
CryptographyBrute force attacksKey generationEncryption security
Question #497Information Systems Operations and Business Resilience
Which of the following is MOST important for an IS auditor to verify when reviewing an organization's business continuity plan (BCP)?
Business Continuity PlanningRecovery Time ObjectiveRecovery Point ObjectiveIS Audit Review
Question #498Governance and Management of IT
During audit planning for the review of an Internet of Things (IoT) implementation program, an IS auditor requests the organization's information risk policy. Which of the followin...
Information Risk PolicyRisk AppetiteIT GovernanceRisk Management
Question #499Protection of Information Assets
Which of the following is the BEST way to ensure personal data used for a data analytics project cannot be identified?
Data privacyData anonymizationPersonal data protectionData identification
Question #500Protection of Information Assets
An organization is using Internet of Things (IoT) technology to support its business processes. Which of the following is the BEST approach for the use of IoT to ensure compliance...
IoT SecurityPassword ManagementDefault CredentialsSecurity Best Practices
Question #501Protection of Information Assets
Which of the following recommendations by an IS auditor is the BEST control to protect an organization's corporate network from the guest wireless network?
Network SecurityVLANNetwork SegmentationWireless Security

PreviousPage 10 of 13Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.