Browse Exams Pricing

ExamsCISAQuestions

CISA Exam Questions

650 real CISA exam questions with expert-verified answers and explanations. Page 11 of 13.

Question #502Information Systems Acquisition, Development, and Implementation
Which of the following practices is MOST helpful in preventing incidents as a result of implemented software changes?
Change ManagementSoftware TestingIncident PreventionQuality Assurance
Question #503Governance and Management of IT
An organization's email service is hosted by a third party, and the service level agreement (SLA) requires 99.9% availability. An IS auditor finds that the service has not met its...
SLA monitoringVendor managementService provider relationshipAudit recommendations
Question #504Protection of Information Assets
Which of the following should be of GREATEST concern to an IS auditor reviewing security standards implemented in an organization?
Security StandardsPatch ManagementVulnerability ManagementIS Audit Concerns
Question #505Protection of Information Assets
If not properly secured, which of the following could result in the hijacking of HTTP traffic during a transaction between a user and a web application, allowing an attacker to imp...
Session HijackingWeb Application SecurityAuthentication SecurityHTTP Security
Question #506Information System Auditing Process
Which of the following is the PRIMARY benefit of leveraging an IT-related framework when conducting an audit?
IT FrameworksAudit MethodologyAudit CriteriaStandardization
Question #507Information Systems Operations and Business Resilience
Which of the following types of logs would provide the MOST useful information to improve application performance?
Log analysisApplication performanceSystem logsMonitoring
Question #508Protection of Information Assets
Which of the following is the PRIMARY benefit of enabling database audit trails?
Database securityAudit trailsAccountabilitySecurity controls
Question #509Protection of Information Assets
Which of the following controls would BEST protect against internet sniffers conducting a replay attack?
Replay AttackNetwork Security ControlsTimestampingData Protection
Question #510Information System Auditing Process
Which of the following would MOST likely be detailed in an audit charter?
Audit CharterAudit AuthorityAudit PlanningInternal Audit Function
Question #511Information Systems Acquisition, Development, and Implementation
Which of the following steps of the change management process can be automated by implementing a continuous integration/continuous deployment (CI/CD) tool?
CI/CDChange ManagementAutomationSoftware Development Lifecycle
Question #512Protection of Information Assets
When reviewing network security configurations, which of the following would pose the GREATEST risk of unauthorized access?
Network SecurityAccess ControlRisk AssessmentSecurity Configuration Review
Question #513Information Systems Acquisition, Development, and Implementation
For a software development team using Agile methodology, which type of testing is MOST important to ensure that operational controls continue to function as expected as changes are...
Agile methodologySoftware testingRegression testingOperational controls
Question #514Information System Auditing Process
Which of the following should be the MOST important consideration when determining which information system application to audit?
Audit planningRisk-based auditingBusiness impact analysisAudit prioritization
Question #515Information Systems Acquisition, Development and Implementation
When reviewing an ongoing business process reengineering project, which of the following should be an IS auditor's GREATEST concern?
Business Process ReengineeringControl GapsIS Audit ConcernsRisk Management
Question #516Protection of Information Assets
An IS auditor is reviewing the security of corporate databases holding customer data. A decentralized model is used, and remote queries are necessary. Which of the following should...
Database SecurityRemote Access SecurityRisk PrioritizationData Confidentiality
Question #517Information System Auditing Process
In which of the following situations would an IS auditor MOST likely utilize data analytics?
Data AnalyticsAudit TechniquesAudit TestingPopulation Analysis
Question #518Information Systems Acquisition, Development, and Implementation
An IS auditor is reviewing an organization's transition to DevSecOps. Which of the following is the BEST indication that security is integrated throughout the software development...
DevSecOpsSDLC SecurityAutomated Security TestingCI/CD
Question #519Information Systems Acquisition, Development, and Implementation
In a post-implementation review, an IS auditor observes that management did not define operational log requirements for key integrations. Which of the following controls is MOST im...
Log managementOperational loggingControl implementationPost-implementation review
Question #520Information System Auditing Process
In which of the following sampling methodologies does each population subgroup have a probability of being selected?
Sampling methodsStratified samplingAudit techniques
Question #521Protection of Information Assets
Which of the following controls BEST helps to prevent sensitive data leakage when using APIs?
API SecurityData Leakage PreventionEndpoint AuthenticationAccess Control
Question #522Protection of Information Assets
A payroll manager discovers that fields in certain payroll reports have been modified without authorization. Which of the following is the MOST likely reason for this control weakn...
Separation of DutiesIT ControlsProduction AccessData Integrity
Question #523Governance and Management of IT
Which of the following should be the MOST important consideration in IT portfolio management?
IT Portfolio ManagementStrategic AlignmentCorporate StrategyIT Governance
Question #524Protection of Information Assets
A healthcare facility offers patients health tracking devices that can be monitored remotely by healthcare professionals. Which of the following is the BEST way to protect patient...
Data Exfiltration PreventionDevice SecurityDigital CertificatesInformation Protection
Question #525Protection of Information Assets
Which of the following is stored during enrollment in a biometric access control system using fingerprints for identification?
Biometric SystemsAccess ControlFingerprint TechnologyBiometric Templates
Question #526Information Systems Operations and Business Resilience
An organization wants an independent measure of an outsourced system's availability. This measure is directly related to contractual payment obligations. Which of the following pro...
Availability MonitoringService Level Agreements (SLA)Outsourcing ManagementContractual Compliance
Question #527Information Systems Operations and Business Resilience
Which of the following is MOST useful for determining the appropriate system recovery time?
Business Impact Analysis (BIA)Recovery Time Objective (RTO)Business ContinuityDisaster Recovery Planning
Question #528Governance and Management of IT
A small startup organization does not have the resources to implement separation of duties. Which of the following is the MOST effective compensating control?
Compensating ControlsSeparation of DutiesInternal ControlsResource Constraints
Question #529Protection of Information Assets
Which of the following is the MOST important area of focus for an IS auditor reviewing an organization's privacy policy and practices?
Privacy auditData protectionIS auditor focusPrivacy policy
Question #530Protection of Information Assets
Which of the following is MOST important for an IS auditor to verify when reviewing security processes related to employee terminations?
Access ControlTermination SecurityOffboarding ProcessesAudit Verification
Question #531Information Systems Operations and Business Resilience
An IS auditor is assessing backup performance and observes that the system administrator manually initiates backups during unexpected peak usage. Which of the following is the audi...
Backup performanceAudit proceduresLog reviewOperations management
Question #532Governance and Management of IT
In a large organization, IT deadlines on important projects have been missed because IT resources are not prioritized properly. Which of the following is the BEST recommendation to...
Project Portfolio ManagementResource PrioritizationIT GovernanceStrategic Alignment
Question #533Protection of Information Assets
Which of the following is an IS auditor's MOST important area of focus when assessing the security of wireless Internet of Things (IoT) devices for a healthcare company?
IoT SecurityData EncryptionWireless SecurityHealthcare Security
Question #534Governance and Management of IT
An IS auditor discovers that various departments within an organization have started using unauthorized cloud-based collaboration tools to manage their projects. Which of the follo...
Shadow ITIT GovernanceCloud security risksData security
Question #535Information System Auditing Process
Which of the following sampling methods is BEST suited for situations where even a single error is not acceptable?
Audit samplingDiscovery samplingError detectionSampling methods
Question #536Governance and Management of IT
IT management is interested in an ongoing comparison of each unit's performance with that of other similar organizations. Which of the following approaches should the IS auditor re...
BenchmarkingPerformance MeasurementIT GovernanceStrategic Planning
Question #537Protection of Information Assets
Which of the following encryption methods offers the BEST wireless security?
Wireless securityWPA3Network security protocolsEncryption standards
Question #538Protection of Information Assets
During an audit of a project that involves a large number of records containing personal information, which of the following would BEST enable an IS auditor to analyze the associat...
Data Privacy Impact Assessment (DPIA)Privacy Risk AnalysisIS Audit TechniquesPersonal Information Protection
Question #539Information Systems Operations and Business Resilience
From a systems availability perspective, which of the following is the GREATEST benefit of modern cloud environments?
Cloud ComputingSystems AvailabilityCapacity ManagementIT Operations
Question #540Protection of Information Assets
Which of the following is the MOST important regulatory consideration for an organization determining whether to use its customer data to train AI algorithms?
Data PrivacyRegulatory ComplianceAI Data UsageConsent Management
Question #541Information Systems Operations and Business Resilience
Which of the following is the PRIMARY objective of capacity management in an environment with extensive use of blockchain technology?
Capacity ManagementBlockchain TechnologyNetwork PerformanceIT Operations
Question #542Governance and Management of IT
Which of the following should be of GREATEST concern to an IS auditor reviewing an organization's newly established enterprise architecture (EA)?
Enterprise ArchitectureIT GovernanceStakeholder ManagementBusiness-IT Alignment
Question #543Governance and Management of IT
An organization has identified critical vulnerabilities on its information system platforms and has initiated a vulnerability remediation program. Which of the following is an IS a...
Vulnerability PreventionSecurity StandardsIS Auditor RoleProactive Security
Question #544Information Systems Operations and Business Resilience
An IS auditor is reviewing an organization's business continuity plan (BCP) following a change in organizational structure with significant impact to business processes. Which of t...
Business Continuity Plan (BCP)Business Impact Analysis (BIA)IS Audit FindingsOrganizational Change Impact
Question #545Information System Auditing Process
Which of the following would BEST enable an IS auditor to evaluate an organization's level of compliance with a new cryptographic regulatory requirement?
Compliance AuditingRegulatory ComplianceGap AssessmentAudit Procedures
Question #546Governance and Management of IT
An IS auditor learns that individual teams are allowed to implement and manage their use of robotic process automation (RPA). Which of the following controls would BEST enable the...
RPAEnd-User Computing (EUC)IT GovernanceControl Effectiveness Monitoring
Question #547Protection of Information Assets
A requirement for biometric access to physical facilities is an example of which type of control?
Security controlsPreventive controlsPhysical securityBiometric access
Question #548Protection of Information Assets
Which of the following is MOST important for an IS auditor to recommend when corporate mobile devices are being replaced?
Mobile device securityData sanitizationAsset disposalData protection
Question #549Governance and Management of IT
An IS auditor is reviewing an organization's risk management program. Which of the following should be the PRIMARY driver of the enterprise IT risk appetite?
Risk AppetiteStrategic AlignmentEnterprise Risk Management
Question #550Information Systems Auditing Process
The BEST way for an IS auditor to validate that separation of duties has been implemented is to perform:
Separation of DutiesAudit ProceduresControl TestingOperational Controls
Question #551Protection of Information Assets
What is the main objective when implementing security controls within an application?
Security controlsRisk managementCost-benefit analysisApplication security

PreviousPage 11 of 13Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.