Browse Exams Pricing

ExamsCISAQuestions

CISA Exam Questions

650 real CISA exam questions with expert-verified answers and explanations. Page 2 of 13.

Question #51Information System Auditing Process
A senior auditor is reviewing work papers prepared by a junior auditor indicating that a finding was removed after the auditee said they corrected the problem. Which of the followi...
Audit reviewAudit findingsAudit evidenceAuditor supervision
Question #52Protection of Information Assets
Which of the following is MOST important to ensure when developing an effective security awareness program?
Security Awareness ProgramProgram EffectivenessMetricsInformation Security Management
Question #53Information Systems Acquisition, Development, and Implementation
Which of the following is the MOST important reason to implement version control for an end-user computing (EUC) application?
Version ControlEUC ApplicationsChange ManagementApplication Integrity
Question #54Governance and Management of IT
Which of the following provides the BEST evidence that outsourced provider services are being properly managed?
Outsourcing ManagementVendor ManagementSLA ManagementPerformance Monitoring
Question #55Information Systems Acquisition, Development, and Implementation
Which of the following would BEST help to ensure that potential security issues are considered by the development team as part of incremental changes to agile-developed software?
Agile SecuritySecure Development LifecycleSecurity Impact AnalysisChange Management
Question #56Information Systems Acquisition, Development, and Implementation
The waterfall life cycle model of software development is BEST suited for which of the following situations?
SDLC modelsWaterfall methodologyProject requirements
Question #57Protection of Information Assets
Which of the following is the GREATEST impact as a result of the ongoing deterioration of a detective control?
Detective ControlsControl EffectivenessFalse NegativesSecurity Monitoring
Question #58Information Systems Operations and Business Resilience
During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization. Which of the following should be recommended a...
System CriticalityBusiness Impact AnalysisMaximum Allowable DowntimeBusiness Resilience
Question #59Information Systems Acquisition, Development, and Implementation
Which of the following environments is BEST used for copying data and transformation into a compatible data warehouse format?
Staging environmentData warehousingETL processData transformation
Question #60Information System Auditing Process
What is the PRIMARY purpose of documenting audit objectives when preparing for an engagement?
Audit PlanningAudit ObjectivesRisk AssessmentEngagement Preparation
Question #61Protection of Information Assets
Which of the following should be the IS auditor's PRIMARY focus when evaluating an organization's offsite storage facility?
Offsite StoragePhysical SecurityEnvironmental ControlsIS Audit Focus
Question #62Information System Auditing Process
An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the following should be the auditor's NEXT course of action?
IS audit processRisk assessmentVulnerability managementSecurity controls
Question #63Protection of Information Assets
An IS auditor is conducting a physical security audit of a healthcare facility and finds closed-circuit television (CCTV) systems located in a patient care area. Which of the follo...
Physical SecurityPrivacyLegal & Regulatory ComplianceRisk Prioritization
Question #64Governance and Management of IT
An organization that has decided to approve the use of end-user computing (EUC) should FIRST ensure:
End-User Computing (EUC)IT PolicyIT GovernanceRisk Management
Question #65Protection of Information Assets
Data from a system of sensors located outside of a network is received by the open ports on a server. Which of the following is the BEST way to ensure the integrity of the data bei...
Data IntegrityHashingSecurity Controls
Question #66Information Systems Operations and Business Resilience
Which of the following is a core functionality of a configuration and release management system?
Configuration ManagementRelease ManagementChange ManagementImpact Analysis
Question #67Governance and Management of IT
Which of the following is the MOST important consideration when evaluating the data retention policy for a global organization with regional offices in multiple countries?
Data retention policyRegulatory complianceGlobal IT governanceLegal requirements
Question #68Protection of Information Assets
Which of the following is the GREATEST advantage of vulnerability scanning over penetration testing?
Vulnerability ScanningPenetration TestingSecurity TestingAutomation
Question #69Information Systems Acquisition, Development, and Implementation
An organization has introduced a capability maturity model to the system development life cycle (SDLC) to measure improvements. Which of the following is the BEST indication of suc...
Process ImprovementCapability Maturity ModelSDLCBusiness Alignment
Question #70Governance and Management of IT
Which of the following is the MOST important factor when an organization is developing information security policies and procedures?
Information Security PoliciesComplianceRegulatory RequirementsIT Governance
Question #71Information System Auditing Process
Which of the following is a threat to IS auditor independence?
Auditor independenceAudit ethicsSelf-review threatProfessional standards
Question #72Protection of Information Assets
Which of the following should be an IS auditor's GREATEST concern when assessing an IT service configuration database?
Configuration ManagementAccess ControlInformation IntegrityRisk Assessment
Question #73Information Systems Operations and Business Resilience
An organization is permanently transitioning from onsite to fully remote business operations. When should the existing business impact analysis (BIA) be reviewed?
Business Impact AnalysisBusiness Continuity PlanningOperational ResilienceChange Management
Question #74Protection of Information Assets
Which of the following threats is mitigated by a firewall?
FirewallNetwork securityThreat mitigationIntrusion prevention
Question #75Information System Auditing Process
Which of the following is the GREATEST advantage of maintaining an internal IS audit function within an organization?
Internal AuditIS Audit FunctionAudit BenefitsBusiness Understanding
Question #76Information Systems Acquisition, Development, and Implementation
An organization has decided to purchase a web-based email service from a third-party vendor and eliminate its own email server infrastructure. What type of cloud computing environm...
Cloud ComputingSaaSService ModelsEmail Services
Question #77Information Systems Operations and Business Resilience
Which of the following is the GREATEST advantage of utilizing guest operating systems in a virtual environment?
VirtualizationGuest OSSystem IsolationIT Operations
Question #78Information Systems Auditing Process
During a routine internal software licensing review, an IS auditor discovers instances where employees shared license keys to critical pieces of business software. Which of the fol...
Software LicensingComplianceAudit ProceduresContract Review
Question #79Information Systems Acquisition, Development, and Implementation
When building or upgrading enterprise cryptographic infrastructure, which of the following is the MOST critical requirement for growing business environments?
ScalabilityCryptographic InfrastructureSystem Design RequirementsEnterprise Architecture
Question #80Information Systems Operations and Business Resilience
An organization's business continuity plan (BCP) should be:
Business Continuity Plan (BCP)BCP MaintenanceBCP UpdatingOrganizational Changes
Question #81Governance and Management of IT
An organization's IT risk assessment should include the identification of:
IT Risk AssessmentVulnerability IdentificationRisk Management
Question #82Information System Auditing Process
Which of the following BEST enables an IS auditor to prioritize financial reporting spreadsheets for an end-user computing (EUC) audit?
EUC AuditAudit PrioritizationFinancial Reporting ControlsRisk-Based Auditing
Question #83Information System Auditing Process
Which of the following should be of GREATEST concern to an IS auditor when using data analytics?
Data IntegrityAudit Evidence ReliabilityData Analytics (CAATs)
Question #84Information Systems Acquisition, Development, and Implementation
Which of the following is the BEST control to help ensure that security requirements are considered throughout the life cycle of an agile software development project?
Agile developmentSecurity integrationSDLC securityProject team roles
Question #85Protection of Information Assets
Which of the following is the BEST disposal method for flash drives that previously stored confidential data?
Data sanitizationFlash drive disposalConfidential dataInformation asset protection
Question #86Governance and Management of IT
Which of the following is MOST helpful for understanding an organization's key driver to modernize application platforms?
Application ModernizationSoftware Lifecycle ManagementIT Asset ManagementRisk Drivers
Question #87Information System Auditing Process
Which of the following BEST describes the role of the IS auditor in a control self-assessment (CSA)?
Control Self-Assessment (CSA)IS Auditor RolesAudit Methodologies
Question #88Information Systems Operations and Business Resilience
Which of the following is the PRIMARY objective of cyber resiliency?
Cyber resiliencyBusiness continuityOperational resilienceIncident management
Question #89Information Systems Operations and Business Resilience
Which of the following is MOST important to define within a disaster recovery plan (DRP)?
Disaster Recovery Plan (DRP)Business Continuity Planning (BCP)Risk PrioritizationIT Resilience
Question #90Information Systems Operations and Business Resilience
Which of the following provides the BEST evidence that all elements of a business continuity plan (BCP) are operating effectively?
Business Continuity Plan (BCP)Disaster Recovery TestingOperational EffectivenessBCP Validation
Question #91Information Systems Operations and Business Resilience
An IS auditor is reviewing the service management of an outsourced help desk. Which of the following is the BEST indicator of how effectively the service provider is performing thi...
IS AuditingService ManagementOutsourced ServicesPerformance Measurement
Question #92Protection of Information Assets
Which of the following is the BEST preventive control to protect the confidentiality of data on a corporate smartphone in the event it is lost?
Mobile Device SecurityData ConfidentialityPreventive ControlsEncryption
Question #93Information System Auditing Process
Which of the following would be MOST important to include in an IS audit report?
IS audit reportRisk reportingBusiness impactUnmitigated risk
Question #94Information Systems Operations and Business Resilience
Which of the following should be an IS auditor's PRIMARY focus when evaluating the response process for cyber crimes?
Cyber crime responseIncident responseEvidence collectionIS auditor focus
Question #95Governance and Management of IT
Which of the following is the PRIMARY objective of implementing privacy-related controls within an organization?
Privacy controlsRegulatory complianceData privacyLegal requirements
Question #96Protection of Information Assets
A database administrator (DBA) should be prevented from:
Segregation of Duties (SoD)Access ControlDatabase SecurityLeast Privilege
Question #97Information System Auditing Process
Which of the following BEST enables an IS auditor to combine and compare access control lists from various applications and devices?
Data AnalyticsAccess Control ListsAudit TechniquesSecurity Auditing
Question #98Information Systems Operations and Business Resilience
An organization is migrating its HR application to an Infrastructure as a Service (IaaS) model in a private cloud. Who is PRIMARILY responsible for the security configurations of t...
Cloud computingIaaSShared responsibility modelSecurity responsibilitiesOperating system security
Question #99Protection of Information Assets
Which type of device sits on the perimeter of a corporate or home network, where it obtains a public IP address and then generates private IP addresses internally?
Networking BasicsNetwork ArchitectureRoutersIP Addressing
Question #100Protection of Information Assets
An IS auditor observes that a large number of departed employees have not been removed from the accounts payable system. Which of the following is MOST important to determine in or...
Access controlRisk assessmentUser deprovisioningInformation security audit

PreviousPage 2 of 13Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.