Browse Exams Pricing

ExamsCISAQuestions

CISA Exam Questions

650 real CISA exam questions with expert-verified answers and explanations. Page 3 of 13.

Question #101Information Systems Operations and Business Resilience
Transaction records from a business database were inadvertently deleted, and system operators decided to restore from a snapshot copy. Which of the following provides the BEST assu...
Data RecoveryAudit VerificationSystem LogsBusiness Resilience
Question #102Governance and Management of IT
Which of the following concerns is MOST effectively addressed by implementing an IT framework for alignment between IT and business objectives?
IT-Business AlignmentIT Governance FrameworksIT Portfolio ManagementIT Strategy
Question #103Protection of Information Assets
An organization uses public key infrastructure (PKI) to provide email security. Which of the following would be the MOST efficient method to determine whether email messages have b...
Digital SignaturesMessage IntegrityPKIEmail Security
Question #104Governance and Management of IT
The MOST important measure of the effectiveness of an organization's security program is the:
Security Program EffectivenessSecurity MetricsBusiness Impact AnalysisIncident Management
Question #105Protection of Information Assets
Which of the following should be the FIRST consideration when deciding whether data should be moved to a cloud provider for storage?
Data classificationCloud storageData governanceInformation security
Question #106Information Systems Acquisition, Development, and Implementation
A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following is audit procedures will BEST determine...
Program change managementAudit proceduresUnauthorized changesChange control
Question #107Governance and Management of IT
An organization is enhancing the security of a client-facing web application following a proposal to acquire personal information for a business purpose. Which of the following is...
Data privacyRegulatory compliancePersonal informationIT governance
Question #108Information System Auditing Process
Which of the following should be done FIRST when planning to conduct internal and external penetration testing for a client?
Penetration Testing PlanningRules of EngagementSecurity AssessmentAudit Planning
Question #109Governance and Management of IT
Which of the following provides the BEST evidence of effective IT portfolio management?
IT Portfolio ManagementIT GovernanceStrategic AlignmentValue Realization
Question #110Protection of Information Assets
Which of the following is an IS auditor's BEST recommendation to mitigate the risk of eavesdropping associated with an application programming interface (API) integration implement...
API SecurityEavesdropping MitigationTLSData in Transit Protection
Question #111Information Systems Acquisition, Development, and Implementation
Which of the following should be used to evaluate an IT development project before an investment is committed?
Earned Value AnalysisProject Performance MeasurementProject MonitoringProject Management
Question #112Governance and Management of IT
A small business unit is implementing a control self-assessment (CSA) program and leveraging the internal audit function to test its internal controls annually. Which of the follow...
Control Self-Assessment (CSA)Internal ControlsRisk ManagementInternal Audit
Question #113Protection of Information Assets
Which of the following BEST protects evidence in a forensic investigation?
Forensic InvestigationEvidence PreservationSystem ImagingIncident Response
Question #114Information Systems Acquisition, Development, and Implementation
An IS auditor is providing input to an RFP to acquire a financial application system. Which of the following is MOST important for the auditor to recommend?
System AcquisitionRFPRequirements DefinitionIS Auditor Role
Question #115Information Systems Operations and Business Resilience
Which of the following BEST ensures that effective change management is in place in an IS environment?
Change ManagementProduction ControlsSource Code ControlIT General Controls
Question #116Protection of Information Assets
Effective separation of duties in an online environment can BEST be achieved by utilizing:
Separation of DutiesAccess ControlInternal ControlsInformation Security
Question #117Information Systems Acquisition, Development, and Implementation
Which of the following is the BEST reason for software developers to use automated testing versus manual testing?
Automated TestingRegression TestingSoftware DevelopmentTesting Benefits
Question #118Information Systems Acquisition, Development, and Implementation
A bank performed minor changes to the interest calculation computer program. Which of the following techniques would provide the STRONGEST evidence to determine whether the interes...
Audit TechniquesApplication TestingData IntegrityParallel Simulation
Question #119Information System Auditing Process
An IS auditor has been asked to review an event log aggregation system to ensure risk management practices have been applied. Which of the following should be of MOST concern to th...
Event Log AuditingData CompletenessRisk ManagementIS Audit Concerns
Question #120Information Systems Operations and Business Resilience
Which of the following is the MOST important consideration for patching mission critical business application servers against known vulnerabilities?
Patch ManagementChange ManagementMission-Critical SystemsRisk Mitigation
Question #121Information Systems Operations and Business Resilience
An IS auditor found that operations personnel failed to run a script contributing to year-end financial statements. Which of the following is the BEST recommendation?
IT Operations ControlsAudit RecommendationsProcess ManagementPreventative Controls
Question #122Governance and Management of IT
During an audit, the IS auditor finds that in many cases excessive rights were not removed from a system. Which of the following is the auditor's BEST recommendation?
Access Control ReviewUser Access ManagementRoles and ResponsibilitiesInformation Security Governance
Question #123Protection of Information Assets
Which of the following is the BEST way to ensure email confidentiality in transit?
Email securityConfidentialityEnd-to-end encryptionData in transit
Question #124Protection of Information Assets
Which of the following BEST describes a digital signature?
Digital SignaturesCryptographyNon-repudiation
Question #125Information Systems Operations and Business Resilience
Which of the following responsibilities associated with a disaster recovery plan (DRP) can be outsourced to a Disaster Recovery as a Service (DRaaS) provider?
Disaster Recovery PlanDRaaSOutsourcingSystem Recovery
Question #126Information System Auditing Process
An IS auditor finds that irregularities have occurred and that auditee management has chosen to ignore them. If reporting to external authorities is required, which of the followin...
Reporting IrregularitiesAudit Reporting LinesIS Auditor ResponsibilitiesProfessional Ethics
Question #127Governance and Management of IT
Which of the following issues identified during a formal review of an organization's information security policies presents the GREATEST potential risk to the organization?
Information security policiesRisk appetiteIT governanceRisk management
Question #128Governance and Management of IT
Which of the following should be the GREATEST concern to an IS auditor reviewing the information security framework of an organization?
Information Security PolicyRegulatory ComplianceIT GovernanceIS Auditor Concerns
Question #129Protection of Information Assets
Which of the following is the GREATEST benefit of an effective data classification process?
Data ClassificationData ProtectionInformation SensitivitySecurity Controls
Question #130Information Systems Acquisition, Development, and Implementation
Management has learned the implementation of a new IT system will not be completed on time and has requested an audit. Which of the following audit findings should be of GREATEST c...
Project ManagementCritical PathResource AllocationIT Project Implementation
Question #131Protection of Information Assets
The purpose of a checksum on an amount field in an electronic data interchange (EDI) communication of financial transactions is to ensure:
ChecksumData IntegrityEDISecurity Controls
Question #132Information Systems Operations and Business Resilience
Which of the following BEST enables an IS auditor to confirm the batch processing to post transactions from an input source is successful?
Batch processing controlsData integrityAudit proceduresHash totals
Question #133Governance and Management of IT
Which of the following would be MOST useful to an IS auditor when making recommendations to enable continual improvement of IT processes over time?
Continual improvementMaturity modelsIT process improvementIS auditor recommendations
Question #134Governance and Management of IT
What should be the PRIMARY focus during a review of a business process improvement project?
Business Process ImprovementProject ReviewBusiness ValueIT Governance
Question #135Information Systems Acquisition, Development and Implementation
A post-implementation review was conducted by issuing a survey to users. Which of the following should be of GREATEST concern to an IS auditor?
Post-implementation reviewBusiness case alignmentAudit relevanceSystem evaluation
Question #136Information System Auditing Process
To help determine whether a controls-reliant approach to auditing financial systems in a company should be used, which sequence of IS audit work is MOST appropriate?
IS audit methodologyControls-reliant approachGeneral controlsApplication controls
Question #137Information Systems Operations and Business Resilience
In an area susceptible to unexpected increases in electrical power, which of the following would MOST effectively protect the system?
Power protectionEnvironmental controlsPhysical controlsSystem resilience
Question #138Governance and Management of IT
An organization is implementing a data loss prevention (DLP) system in response to a new regulatory requirement. Reviewing which of the following would be MOST helpful in evaluatin...
Enterprise Architecture (EA)System Design EvaluationRegulatory ComplianceDLP Implementation
Question #139Governance and Management of IT
Which of the following is MOST useful for determining the strategy for IT portfolio management?
IT portfolio managementIT strategyIT roadmapStrategic planning
Question #140Protection of Information Assets
Which of the following BEST enables an organization to determine the effectiveness of its information security awareness program?
Security Awareness ProgramProgram Effectiveness MeasurementSocial Engineering TestingSecurity Controls Evaluation
Question #141Information Systems Acquisition, Development, and Implementation
Which of the following tests is MOST likely to detect an error in one subroutine resulting from a recent change in another subroutine?
Software testingRegression testingSystem development lifecycleChange management
Question #142Information Systems Operations and Business Resilience
Which of the following is the BEST approach to validate whether a streaming site can continue to provide service during a period of live streaming with an anticipated high volume o...
Load testingPerformance testingSystem validationBusiness resilience
Question #143Information Systems Acquisition, Development, and Implementation
Which of the following should be an IS auditor's PRIMARY focus when auditing the implementation of a new IT operations performance monitoring system?
IT Operations MonitoringPerformance BaselinesSystem Implementation AuditAuditor Focus
Question #144Governance and Management of IT
Which of the following is the GREATEST risk of project dashboards being set without sufficiently defined criteria?
Project dashboardsRisk managementDecision makingPerformance criteria
Question #145Protection of Information Assets
In a public key cryptographic system, which of the following is the PRIMARY requirement to address the risk of man-in-the-middle attacks through spoofing?
Public Key Infrastructure (PKI)Certificate Authority (CA)Man-in-the-middle attackCryptography
Question #146Protection of Information Assets
Which of the following is the PRIMARY benefit of operational log management?
Log ManagementSecurity MonitoringOperational Security
Question #147Protection of Information Assets
Which of the following system attack methods is executed by entering malicious code into the search box of a vulnerable website, causing the server to reveal restricted information...
SQL injectionWeb application securityVulnerabilityInformation disclosure
Question #148Information System Auditing Process
An IS auditor has been asked to review the integrity of data transfer between two business-critical systems that have not been tested since implementation. Which of the following w...
Audit PlanningAudit EvidenceData Transfer IntegritySystem Interfaces
Question #149Information Systems Acquisition, Development, and Implementation
Which of the following is the PRIMARY benefit of benchmarking an organization's software development life cycle practices against a capability maturity model?
Capability Maturity Model (CMM)Software Development Life Cycle (SDLC)Process MaturityProcess Improvement
Question #150Information Systems Acquisition, Development, and Implementation
Which type of testing is used to identify security vulnerabilities in source code in the development environment?
Application Security TestingStatic Analysis Security TestingSDLC SecurityVulnerability Identification

PreviousPage 3 of 13Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.