Browse Exams Pricing

ExamsCISAQuestions

CISA Exam Questions

650 real CISA exam questions with expert-verified answers and explanations. Page 13 of 13.

Question #602Protection of Information Assets
During a database security audit, an IS auditor is reviewing the process used to input data. Which of the following is the MOST significant risk area for the auditor to focus on?
Database security auditData integrityData input processRisk assessment
Question #603Information System Auditing Process
An IS auditor decides to review a data inventory list captured directly from a system instead of relying on an interview with the system owner. Which of the following provides the...
Audit Evidence ReliabilityEvidence GatheringIS Audit Process
Question #604Information Systems Acquisition, Development, and Implementation
Which of the following is the BEST compensating control against separation of duties conflicts in new code development?
Separation of DutiesCompensating ControlsSDLCChange Management
Question #605Governance and Management of IT
A global company has been using a publicly available AI tool to obtain information about global laws and regulations that could impact the business. Which of the following should b...
AI riskData accuracyInformation qualityRegulatory compliance
Question #606Governance and Management of IT
An external IS auditor is reviewing the continuous monitoring system for a large bank and notes several potential issues. Which of the following would present the GREATEST concern...
Change ManagementContinuous MonitoringSystem ReliabilityIT Controls
Question #607Information Systems Acquisition, Development and Implementation
An organization uses an automated continuous integration/continuous deployment (CI/CD) tool to deploy changes to production. Which of the following would be an IS auditor's GREATES...
CI/CD risksAutomated testingSoftware qualityIS audit concerns
Question #608Information Systems Acquisition, Development, and Implementation
Which of the following is MOST important to ensure successful implementation when an organization decides to purchase software from available products on the market?
Software acquisitionRequirements definitionImplementation successProject planning
Question #609Information Systems Operations and Business Resilience
Job scheduling impacts system availability and reliability by:
Job SchedulingSystem AvailabilitySystem ReliabilityResource Utilization
Question #610Information System Auditing Process
An IS auditor is assigned to perform a post-implementation review of an application system. Which of the following would impair the auditor's independence?
Auditor independenceProfessional ethicsConflict of interestPost-implementation review
Question #611Protection of Information Assets
Which of the following BEST describes the process of creating a digital envelope?
Digital EnvelopesCryptographySymmetric EncryptionAsymmetric Encryption
Question #612Information Systems Operations and Business Resilience
During a review of an organization's IT capacity management process, an IS auditor should be MOST concerned if capacity planning:
Capacity PlanningIT OperationsBusiness AlignmentAudit Concerns
Question #613Information System Auditing Process
Which of the following BEST indicates an effective internal audit quality assurance and improvement program?
Internal Audit QualityContinuous ImprovementQuality Assurance and Improvement ProgramAudit Effectiveness
Question #614Information System Auditing Process
An IS auditor is auditing the operating effectiveness of weekly user access reviews. Of the five weekly reviews sampled, one has not been signed or dated. What is the MAIN reason t...
User access reviewsAudit evidenceControl effectivenessDocumentation
Question #615Protection of Information Assets
Which of the following is the MOST effective way for an IS auditor to ensure information is preserved when conducting a forensic investigation?
Forensic InvestigationEvidence PreservationDigital ForensicsIS Auditing Best Practices
Question #616Protection of Information Assets
How does the emergence of quantum computing impact traditional data encryption methods?
Quantum computingEncryptionCryptographyInformation security threats
Question #617Information Systems Acquisition, Development, and Implementation
When evaluating whether the expected benefits of a project have been achieved, it is MOST important for an IS auditor to review:
Benefit realizationBusiness caseProject post-implementation reviewProject evaluation
Question #618Protection of Information Assets
Which of the following is the PRIMARY objective of data loss prevention (DLP) mechanisms?
Data Loss PreventionInformation Security ControlsData ProtectionSensitive Data Handling
Question #619Information System Auditing Process
When determining the quality of evidence collected during an audit, it is MOST important to ensure the evidence is:
Audit evidenceEvidence qualityAudit processAudit objectives
Question #620Information System Auditing Process
Which of the following would provide the BEST evidence that a cloud provider's change management process is effective?
Audit EvidenceThird-Party AssuranceChange ManagementVendor Management
Question #621Information Systems Acquisition, Development, and Implementation
When developing software with incomplete requirements, the MOST appropriate methodology to use is:
Agile methodologiesSoftware developmentRequirements managementProject management
Question #622Information Systems Acquisition, Development, and Implementation
Which of the following is MOST important to ensure successful implementation when an organization decides to purchase software from available products on the market?
Software acquisitionRequirements definitionSystem implementationProject success factors
Question #623Protection of Information Assets
An IS auditor has identified that as users change departments or leave the company, their access is not adjusted. Which of the following would BEST help to address this situation?
Access ManagementUser Access ReviewIdentity and Access Management
Question #624Protection of Information Assets
Which of the following is the MOST important requirement in an organization's incident management response plan?
Incident ManagementIncident Response PlanEscalation ProceduresInformation Security
Question #625Protection of Information Assets
Which of the following should be an IS auditor's PRIMARY focus when auditing a file-sharing system used for collaboration among remote teams?
Data SecurityAccess ControlEncryptionAudit Focus
Question #626Information Systems Acquisition, Development, and Implementation
An IS auditor performed tests to evaluate the readiness of developed software for implementation. Which of the following test results BEST indicates that the software meets securit...
Software securityRole-Based Access ControlAuthorizationApplication security
Question #627Governance and Management of IT
An international organization collects customer data through internet-enabled fitness devices. Which of the following would be of GREATEST concern to an IS auditor reviewing the or...
Privacy PolicyInternational Data RegulationsJurisdictionIS Audit Concerns
Question #628Information System Auditing Process
Which of the following is the PRIMARY responsibility of an IS auditor in a control self-assessment (CSA) activity?
Control Self-Assessment (CSA)IS Auditor RolesAudit MethodologiesRisk and Control Facilitation
Question #629Information System Auditing Process
Which of the following BEST indicates an effective internal audit quality assurance and improvement program?
Internal Audit Quality AssuranceContinuous ImprovementAudit Program Effectiveness
Question #630Protection of Information Assets
Which of the following would be of GREATEST concern to an IS auditor observing public key infrastructures (PKIs) deployed in the production business environment?
PKICryptographyAlgorithm ObsolescenceInformation Security Auditing
Question #631Governance and Management of IT
Which of the following should be of MOST concern to an IS auditor who has identified several end-user computing (EUC) applications within an organization?
EUC governanceIT policyIS audit concernsRisk management
Question #632Information Systems Acquisition, Development, and Implementation
Outsourcing the development of business systems is MOST likely to result in the loss of:
OutsourcingIT competenciesSystem developmentRisk management
Question #633Information Systems Operations and Business Resilience
During a review of an organization's IT capacity management process, an IS auditor should be MOST concerned if capacity planning:
Capacity managementCapacity planningBusiness alignmentIT operations audit
Question #634Governance and Management of IT
IT management wants transferred staff to have current and previous role access to facilitate transitioning and training of new staff. Which of the following is the GREATEST risk to...
Access ManagementSegregation of Duties (SoD)Internal ControlsFraud Risk
Question #636Governance and Management of IT
Which of the following information should be included in a data privacy statement displayed on a website used to process transactions?
Data PrivacyPrivacy StatementInformation UsageTransparency
Question #637Information Systems Operations and Business Resilience
Which of the following should be an IS auditor's MOST important consideration when auditing an organization's system capacity management processes?
System Capacity ManagementPerformance MonitoringIT OperationsIS Auditing
Question #638Information Systems Operations and Business Resilience
An IS auditor is reviewing backup media inventory and finds the media have not been tested in seven years. Which of the following is the GREATEST risk to data retrieval?
Backup and RecoveryMedia ManagementObsolescenceData Retrieval Risks
Question #639Protection of Information Assets
What would be an IS auditor's BEST recommendation upon discovering that customer records in a database have not been protected?
Data protectionEncryptionDatabase securityConfidentiality
Question #640Information System Auditing Process
Which of the following is the MOST important control consideration when planning the audit of an information system that uses a large language model?
LLM securityTraining data integrityLogical access controlsAudit planning
Question #641Governance and Management of IT
Which of the following is MOST important to consider when developing a service level agreement (SLA)?
Service Level Agreement (SLA)Client RequirementsIT Service ManagementService Delivery
Question #642Information Systems Acquisition, Development, and Implementation
Which of the following controls should an IS auditor recommend for a small organization where a single employee performs the combined functions of server operator and application p...
Separation of DutiesDetective ControlsRisk MitigationChange Management
Question #643Information Systems Operations and Business Resilience
Storing backup drives at an offsite location is an example of which type of control?
Control TypesPreventive ControlsBackup and RecoveryBusiness Resilience
Question #644Protection of Information Assets
Which of the following BEST describes the process of creating a digital envelope?
Digital EnvelopeSymmetric EncryptionAsymmetric EncryptionCryptography
Question #645Information Systems Operations and Business Resilience
During the review of a system disruption incident, an IS auditor notes that IT support staff were put in a position to make decisions beyond their level of authority. Which of the...
Incident ManagementEscalation ProceduresRoles and ResponsibilitiesOperational Efficiency
Question #646Governance and Management of IT
An organization-wide review shows poor employee adherence to IT access control policies. Which of the following is PRIMARILY responsible for establishing the appropriate control cu...
Control cultureTone at the topIT governanceOrganizational responsibility
Question #647Governance and Management of IT
Which of the following would be of GREATEST concern to an IS auditor reviewing an organization's enterprise architecture (EA) by examining its EA management tool?
Enterprise Architecture (EA)IT GovernanceAccountabilityBusiness-IT Alignment
Question #648Information Systems Acquisition, Development and Implementation
Which of the following would be of concern to an IS auditor reviewing development practices for sensitive proprietary code?
Secure Software DevelopmentData LeakageThird-Party RiskProprietary Information Protection
Question #649Protection of Information Assets
An IS auditor is reviewing an AI system utilized by a healthcare organization for patient pre- diagnosis. Which of the following would pose the GREATEST concern?
Access ControlAI System SecurityInformation SecurityRisk Management
Question #650Information Systems Acquisition, Development, and Implementation
Which of the following is the PRIMARY benefit of Infrastructure as Code (IaC) to configuration management practices?
Infrastructure as Code (IaC)Configuration ManagementIT AutomationSystem Provisioning
Question #651Information Systems Operations and Business Resilience
Which of the following is the BEST indication of an effective problem management process?
Problem ManagementIT Service Management (ITSM)IT Operations EffectivenessIncident Management
Question #652Information Systems Acquisition, Development and Implementation
Which of the following would be of MOST concern to an IS auditor reviewing a data loss prevention (DLP) solution implementation for endpoints?
Data Loss PreventionSecurity implementationRisk analysisEndpoint security

PreviousPage 13 of 13

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.