Browse Exams Pricing

ExamsCISAQuestions

CISA Exam Questions

650 real CISA exam questions with expert-verified answers and explanations. Page 4 of 13.

Question #151Information Systems Auditing Process
An IS auditor evaluating the change management process must select a sample from the change log. What is the BEST way for the auditor to confirm the change log is complete?
IS audit proceduresCompleteness testingChange management auditAudit sampling
Question #152Information Systems Operations and Business Resilience
Which of the following is the PRIMARY benefit of monitoring IT operational logs?
IT operationsLog monitoringError detectionSystem resilience
Question #153Protection of Information Assets
Which of the following is MOST useful to an IS auditor performing a review of access controls for a document management system?
Access controlsAudit evidenceLogical accessDocument management system
Question #154Information Systems Acquisition, Development, and Implementation
Which of the following is the BEST metric to measure the quality of software developed in an organization?
Software qualityQuality metricsDefect managementPost-implementation review
Question #155Information System Auditing Process
When testing the accuracy of transaction data, which of the following situations BEST justifies the use of a smaller sample size?
Audit SamplingSample Size DeterminationExpected Error RateTransaction Testing
Question #156Information System Auditing Process
Which of the following staff should an IS auditor interview FIRST to obtain a general overview of the various technologies used across different programs?
IS Audit PlanningInformation GatheringOrganizational RolesEnterprise Architecture
Question #157Information Systems Operations and Business Resilience
When drafting a disaster recovery strategy, what should be the MOST important outcome of a business impact analysis (BIA)?
Business Impact Analysis (BIA)Disaster Recovery PlanningRecovery PrioritiesBusiness Resilience
Question #158Governance and Management of IT
Which of the following is MOST important for an IS auditor to validate when reviewing the controls for an organization's quality management system (QMS)?
Quality Management System (QMS)Continuous ImprovementIS Audit ValidationIT Controls Review
Question #159Information System Auditing Process
An IS auditor finds a user account where privileged access is not appropriate for the user's role. Which of the following would provide the BEST evidence to determine whether the r...
Audit EvidenceActivity LogsPrivileged AccessRisk Exploitation
Question #160Governance and Management of IT
Which of the following is the PRIMARY purpose of conducting a control self-assessment (CSA)?
Control Self-Assessment (CSA)Control OwnershipIT Governance
Question #161Protection of Information Assets
How is nonrepudiation supported within a public key infrastructure (PKI) environment?
PKINonrepudiationDigital CertificatesCertificate Authority
Question #162Information System Auditing Process
Which of the following should an IS auditor do FIRST when auditing a robotics process automation (RPA) implementation?
RPA auditAudit planningBusiness process understandingInitial audit steps
Question #163Governance and Management of IT
Which of the following should an IS auditor recommend be done FIRST when an organization is planning to implement an IT compliance program?
IT compliance programRegulatory complianceCompliance frameworkProgram initiation
Question #164Governance and Management of IT
Which of the following BEST enables an organization to standardize its IT infrastructure to align with business goals?
Enterprise Architecture (EA)IT-Business AlignmentIT StrategyIT Infrastructure Standardization
Question #165Information System Auditing Process
An organization is planning to implement a control self-assessment (CSA) program for selected business processes. Which of the following should be the role of the internal audit te...
Control Self-Assessment (CSA)Internal Audit RoleAudit IndependenceAdvisory Services
Question #166Protection of Information Assets
An organization saves confidential information in a file with password protection, and the file is placed in a shared folder. An attacker has stolen this information by obtaining t...
Social EngineeringSecurity AwarenessEmployee TrainingPreventative Controls
Question #167Protection of Information Assets
An organization want to use virtual desktops to deliver corporate applications to its end users. Which of the following should an IS auditor recommend to prevent domain name system...
DNS SecurityDNS PoisoningCloud SecuritySecurity Controls
Question #168Information System Auditing Process
What should an IS auditor do FIRST when a follow-up audit reveals some management action plans have not been initiated?
Follow-up auditsRisk validationAudit proceduresManagement action plans
Question #169Governance and Management of IT
Of the following, who should be responsible for cataloging and inventorying robotic process automation (RPA) processes?
RPAProcess ownershipRoles and responsibilitiesIT governance
Question #170Protection of Information Assets
Which of the following is the BEST recommendation by an IS auditor to prevent unauthorized access to Internet of Things (IoT) devices?
IoT SecurityAccess ControlAuthenticationPreventive Controls
Question #171Protection of Information Assets
Which of the following is the BEST indication that an information security awareness program is effective?
Security AwarenessProgram EffectivenessSocial EngineeringSecurity Metrics
Question #172Protection of Information Assets
Which of the following technologies is BEST suited to fulfill a business requirement for nonrepudiation of business-to-business transactions with external parties without the need...
NonrepudiationBlockchainDistributed Ledger TechnologyTransaction Security
Question #173Protection of Information Assets
Which of the following is MOST important for an IS auditor to verify when evaluating the upgrade of an organization's enterprise resource planning (ERP) application?
ERP upgrade securityApplication security auditSecurity configurationsInformation asset protection
Question #174Protection of Information Assets
Which of the following is the BEST approach to help organizations address risks associated with shadow IT?
Shadow ITRisk ManagementSecurity AssessmentsInformation Asset Protection
Question #175Information Systems Acquisition, Development, and Implementation
Which of the following BEST mitigates the risk associated with the deployment of a new production system?
Release ManagementDeployment RiskIT Service ManagementRisk Mitigation
Question #176Information Systems Operations and Business Resilience
Which of the following system redundancy configurations BEST improves system resiliency and reduces the possibility of a single cause of failure impacting system dependability?
System RedundancySystem ResiliencyDiverse RedundancyCommon Mode Failures
Question #177Protection of Information Assets
Which of the following BEST helps data loss prevention (DLP) tools detect movement of sensitive data in transit?
Data Loss PreventionDeep Packet InspectionData ProtectionNetwork Security
Question #178Information System Auditing Process
An IS auditor is planning a review of an organization's cybersecurity incident response maturity. Which of the following methodologies would provide the MOST reliable conclusions?
Audit methodologiesData analyticsIncident responseMaturity assessment
Question #179Protection of Information Assets
Which of the following features would BEST address risk associated with data at rest when evaluating a data loss prevention (DLP) solution?
DLPData at RestRisk ManagementInformation Security Controls
Question #180Information Systems Operations and Business Resilience
Recovery facilities providing a redundant combination of internet connections to the local communications loop is an example of which type of telecommunications continuity?
Telecommunications continuityNetwork resilienceLast-mile protectionBusiness continuity
Question #181Governance and Management of IT
Which of the following should be used as the PRIMARY basis for prioritizing IT projects and initiatives?
IT Project PrioritizationBusiness ValueIT GovernanceStrategic Alignment
Question #182Information System Auditing Process
Which of the following is the MOST efficient way to identify fraudulent activity on a set of transactions?
Fraud DetectionData AnalyticsAuditing TechniquesBenford's Law
Question #183Information Systems Operations and Business Resilience
Which of the following should be the PRIMARY concern for the IT department head when implementing operational log management?
Log ManagementIT OperationsSystem PerformanceOperational Risk
Question #184Governance and Management of IT
Which of the following should be of GREATEST concern to an IS auditor when auditing an organization's IT strategy development process?
IT Strategy AlignmentBusiness-IT AlignmentStrategic PlanningIT Governance
Question #185Information Systems Operations and Business Resilience
Which of the following BEST enables an IS auditor to assess whether jobs were completed according to the job schedule?
Audit evidenceLog analysisJob schedulingIT operations auditing
Question #186Information Systems Acquisition, Development, and Implementation
Which of the following would MOST likely jeopardize the independence of a quality assurance (QA) team and could lead to conflict of interest?
QA IndependenceConflict of InterestSoftware TestingRoles and Responsibilities
Question #187Information Systems Acquisition, Development, and Implementation
Which of the following is the MOST important task of an IS auditor during an application post- implementation review?
Application AuditPost-Implementation ReviewAccess ControlsIS Auditing
Question #188Information Systems Auditing Process
An IS auditor is supporting a forensic investigation. An image of affected storage media has been captured while collecting digital forensic evidence. Which of the following techni...
Digital forensicsEvidence integrityHashingForensic investigation
Question #189Governance and Management of IT
When planning an internal penetration test, which of the following is the MOST important step prior to finalizing the scope of testing?
Penetration Testing PlanningScope ManagementManagement AuthorizationIT Governance
Question #190Information Systems Acquisition, Development, and Implementation
Which of the following is the MOST likely outcome for an organization that implements cloud computing?
Cloud computingIT cost managementHardware spendingIT acquisition benefits
Question #191Information System Auditing Process
A bank has developed an automated credit decision engine for loan applications based on defined rules. Which of the following is the BEST way to gain assurance for the design and o...
Automated Systems AuditingTesting TechniquesDesign EffectivenessOperating Effectiveness
Question #192Governance and Management of IT
Which of the following is the PRIMARY objective of a control self-assessment (CSA)?
Control Self-Assessment (CSA)Internal ControlsControl MonitoringIT Governance
Question #193Information Systems Operations and Business Resilience
The PRIMARY focus for an IS auditor reviewing a job scheduling process used to manage critical transactions should be to validate which of the following?
Job schedulingCritical transactionsException managementIS audit focus
Question #194Protection of Information Assets
When auditing a virtual IT system, it is MOST important to verify the security of which of the following?
Virtualization securityHypervisor securityIT auditCritical infrastructure
Question #195Information Systems Acquisition, Development, and Implementation
Which of the following is MOST important for an IS auditor to review prior to the migration of acquired software into production?
User Acceptance Testing (UAT)Software ImplementationIS Audit ReviewGo-Live Readiness
Question #196Information System Auditing Process
An auditee has informed the IS auditor that there is not enough funding to implement an agreed- upon recommendation in the audit report and that there is no estimated time frame fo...
Audit follow-upRisk assessmentAudit recommendations
Question #197Information Systems Operations and Business Resilience
Which of the following should be of GREATEST concern to an IS auditor reviewing hardware maintenance practices in an organization whose primary business is e-commerce?
System AvailabilityHardware MaintenanceE-commerceRisk Prioritization
Question #198Protection of Information Assets
A startup organization wants to develop a data loss prevention (DLP) program. The FIRST step should be to implement:
Data Loss PreventionData ClassificationSecurity Program Development
Question #199Governance and Management of IT
Which of the following is the GREATEST benefit of using a capability maturity model to present audit findings related to an organization's cybersecurity posture?
Capability Maturity ModelAudit ReportingCybersecurity PostureContinuous Improvement
Question #200Protection of Information Assets
A healthcare organization is implementing internet of Things (IoT) technology to receive customer health information from medical service providers at the point of data creation. W...
IoT securityData privacyRegulatory complianceHealthcare IT

PreviousPage 4 of 13Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.