Browse Exams Pricing

ExamsCISAQuestions

CISA Exam Questions

650 real CISA exam questions with expert-verified answers and explanations. Page 6 of 13.

Question #251Information System Auditing Process
Which of the following applications has the MOST inherent risk and should be prioritized during audit planning?
Audit PlanningRisk AssessmentInherent RiskApplication Risk
Question #252Information Systems Acquisition, Development, and Implementation
An organization has engaged a third party to implement an application to perform business- critical calculations. Which of the following is the MOST important process to help ensur...
Quality assuranceApplication developmentSystem implementationAccuracy testing
Question #253Information Systems Acquisition, Development, and Implementation
When developing customer-facing IT applications, in which stage of the system development life cycle (SDLC) is it MOST beneficial to consider data privacy principles?
SDLCData PrivacyPrivacy by DesignRequirements Gathering
Question #254Information Systems Acquisition, Development, and Implementation
An organization is implementing a new data loss prevention (DLP) tool. Which of the following will BEST enable the organization to reduce false positive alerts?
DLP (Data Loss Prevention)False positivesSecurity tool implementationRule configuration
Question #255Governance and Management of IT
Following an IT audit, management has decided to accept the risk highlighted in the audit report. Which of the following would provide the MOST assurance to the IS auditor that man...
Risk acceptance criteriaIT risk governanceRisk management processAuditor assurance
Question #256Protection of Information Assets
Which of the following biometric access controls has the HIGHEST rate of false negatives?
BiometricsFalse Rejection Rate (FRR)Access ControlSecurity Controls
Question #257Information Systems Operations and Business Resilience
Which of the following is an IS auditor's BEST recommendation to help an organization increase the efficiency of computing resources?
VirtualizationResource efficiencyIT infrastructureServer consolidation
Question #259Information Systems Acquisition, Development and Implementation
Which of the following presents the GREATEST risk associated with end-user computing (EUC) applications over financial reporting?
End-User ComputingSpreadsheet risksFinancial reportingApplication controls
Question #260Protection of Information Assets
Which of the following is the GREATEST risk if two users have concurrent access to the same database record?
Data integrityDatabase concurrencyConcurrency controlInformation security principles
Question #261Protection of Information Assets
Which of the following provides the BEST assurance of data integrity after file transfers?
Data IntegrityHash ValuesFile TransfersSecurity Controls
Question #262Information Systems Acquisition, Development, and Implementation
Which of the following methods will BEST reduce the risk associated with the transition to a new system using technologies that are not compatible with the old system?
System ImplementationChange ManagementRisk MitigationPilot Testing
Question #263Information Systems Acquisition, Development, and Implementation
A finance department has a two-year project to upgrade the enterprise resource planning (ERP) system hosting the general ledger. In year one, the system version upgrade will be app...
System implementationUser acceptance testingSoftware testingIS audit focus
Question #264Information Systems Operations and Business Resilience
A national bank recently migrated a large number of business-critical applications to the cloud. Which of the following is MOST important to ensuring the resiliency of the applicat...
Cloud computingService Level Agreement (SLA)Application resiliencyVendor management
Question #265Information System Auditing Process
A finance group recently implemented new technologies and processes. Which type of IS audit would provide the GREATEST level of assurance that the department's objectives have been...
IS Audit TypesAssurance LevelsIntegrated AuditAudit Scope
Question #266Protection of Information Assets
An IS auditor is reviewing desktop software profiles and notes that a user has downloaded and installed several games that are not approved by the company. Which of the following i...
MalwareUnauthorized SoftwareSecurity RiskEndpoint Security
Question #267Information Systems Acquisition, Development, and Implementation
A bank wants to outsource a system to a cloud provider residing in another country. Which of the following would be the MOST appropriate IS audit recommendation?
OutsourcingCloud computingThird-party risk managementInternal controlsIS audit recommendations
Question #268Information Systems Operations and Business Resilience
Which of the following approaches will ensure recovery time objectives (RTOs) are met for an organization's disaster recovery plan (DRP)?
Disaster Recovery Plan (DRP)Recovery Time Objective (RTO)DRP TestingBusiness Resilience
Question #269Protection of Information Assets
Which of the following controls helps to ensure that data extraction queries run by the database administrator (DBA) are monitored?
Database securityPrivileged access managementMonitoring controlsAudit logs
Question #270Information Systems Acquisition, Development, and Implementation
Which of the following should be the FIRST step in a data migration project?
Data MigrationProject PlanningSystem ImplementationData Structure
Question #271Information Systems Auditing Process
An IS auditor has been tasked with analyzing an organization's capital expenditures against its repair and maintenance costs. Which of the following is the BEST reason to use a dat...
Data AnalyticsAudit Tools and TechniquesPopulation TestingTransaction Analysis
Question #272Information System Auditing Process
Which of the following would be the GREATEST concern during a financial statement audit?
Financial Reporting ControlsAudit RiskInternal ControlsReporting Reliability
Question #273Information Systems Acquisition, Development, and Implementation
To mitigate the risk of exposing data through application programming interface (API) queries, which of the following design considerations is MOST important?
API SecurityData MinimizationSecure Design PrinciplesRisk Mitigation
Question #274Information System Auditing Process
Which of the following is the MOST important consideration when relying on the work of the prior auditor?
Reliance on prior auditorAuditor qualificationsProfessional competenceAudit planning considerations
Question #275Information Systems Acquisition, Development, and Implementation
Which of the following MOST effectively enables consistency across high-volume software changes?
Software DevelopmentCI/CDChange ManagementAutomation
Question #276Protection of Information Assets
Which of the following is the GREATEST benefit of using file integrity monitoring (FIM) when securing critical systems?
File Integrity MonitoringSystem SecuritySecurity MonitoringIncident Detection
Question #277Information Systems Operations and Business Resilience
Which of the following job scheduling schemes for operating system is MOST likely to adequately balance protection of workstations with user requirements?
Patch ManagementSystem UpdatesWorkstation ProtectionIT Operations
Question #278Information Systems Acquisition, Development, and Implementation
Which of the following is the PRIMARY objective of performing quality assurance (QA) in a system development process?
Quality AssuranceSystem DevelopmentBusiness RequirementsSDLC
Question #279Protection of Information Assets
A checksum is classified as which type of control?
ChecksumsControl typesDetective controlsInformation integrity
Question #280Information Systems Auditing Process
Which of the following is MOST important to consider when determining the usefulness of audit evidence?
Audit evidenceAudit objectivesEvidence usefulness
Question #281Information System Auditing Process
An IS auditor needs to validate business logic execution by tracing through production logs. Which of the following are MOST likely to contain the appropriate entries?
Log analysisBusiness logicAuditing techniquesApplication logs
Question #282Governance and Management of IT
An IS auditor has been asked to advise on measures to improve IT governance within the organization. Which of the following is the BEST recommendation?
IT GovernancePerformance MeasurementKey Performance IndicatorsContinuous Improvement
Question #283Information Systems Acquisition, Development, and Implementation
Which of the following approaches BEST enables an IS auditor to detect security vulnerabilities within an application?
Threat ModelingApplication SecurityVulnerability DetectionIS Audit Techniques
Question #284Information Systems Acquisition, Development, and Implementation
An IS auditor is planning an implementation review of a new accounting system. Which of the following is MOST important to include in this review?
System implementationData conversionAudit reviewData integrity
Question #285Information Systems Operations and Business Resilience
Which of the following should be of GREATEST concern to an IS auditor reviewing operational log management at a large organization with a complex IT infrastructure?
Log ManagementData IntegrityAudit EvidenceWORM Media
Question #286Protection of Information Assets
Which of the following is the MOST likely reason that an adversary would exploit security flaws in an organization's internet-connected humidity monitors?
IoT SecurityDenial of Service (DoS)Cyberattack VectorsVulnerability Exploitation
Question #287Protection of Information Assets
Which of the following metrics MOST effectively measures an organization's security posture?
Security MetricsSecurity PostureIncident DetectionInformation Security Measurement
Question #288Protection of Information Assets
The use of access control lists (ACLs) is the MOST effective method to mitigate security risk for routers because they:
Access Control ListsNetwork SecurityRoutersSecurity Controls
Question #289Information Systems Acquisition, Development, and Implementation
Which of the following should be of GREATEST concern to an IS auditor reviewing controls around an artificial intelligence (AI) system in an organization?
AI system controlsSystem documentationAudit riskDecision logic
Question #290Protection of Information Assets
Which of the following will have the GREATEST influence on the effectiveness of a security awareness training program?
Security AwarenessTraining EffectivenessOrganizational CulturePerformance Management
Question #291Information Systems Acquisition, Development, and Implementation
Which of the following should be the PRIMARY consideration when validating a data analytic algorithm that has never been used before?
Data validationAlgorithm testingData integrityAudit analytics
Question #292Information Systems Operations and Business Resilience
Which of the following is the MOST important consideration when defining the recovery time objective (RTO) for a business-critical system?
Recovery Time Objective (RTO)Business Continuity PlanningDisaster RecoveryUptime requirements
Question #293Information Systems Acquisition, Development, and Implementation
Which of the following would be of GREATEST concern to an is auditor reviewing continuous integration/continuous deployment (CI/CD) practices?
CI/CD SecuritySDLC ControlsApplication Security TestingDeployment Pipeline
Question #294Protection of Information Assets
Which of the following would be of GREATEST concern when testing an organization's controls around social engineering threats?
Social EngineeringSecurity AwarenessIncident ResponseHuman Factors
Question #295Protection of Information Assets
An organization intends to automate the identification of multiple transactions by the same user originating from geographically different IP addresses. Which of following techniqu...
Log analysisSecurity monitoringAnomaly detectionAutomated controls
Question #296Protection of Information Assets
Which of the following controls helps to reduce fraud risk associated with robotic process automation (RPA)?
RPA ControlsFraud Risk ManagementAccess ManagementInformation Security Controls
Question #297Protection of Information Assets
What is the purpose of hashing a document?
HashingData IntegrityCryptographic ControlsInformation Security
Question #298Information System Auditing Process
An IS auditor observes that an organization's systems are being used for cryptocurrency mining on a regular basis. Which of the following is the auditor's FIRST course of action?
Audit methodologyAcceptable Use Policy (AUP)Auditor's initial stepsPolicy compliance
Question #299Protection of Information Assets
Which of the following risk scenarios is BEST mitigated through the use of a data loss prevention (DLP) tool?
Data Loss Prevention (DLP)Information Security ControlsData ProtectionRisk Mitigation
Question #300Information System Auditing Process
Who should be the FIRST to evaluate an audit report prior to issuing it to the project steering committee?
Audit report reviewIS audit managerAudit processQuality control
Question #301Protection of Information Assets
An organization has experienced frequent of malware exploiting vulnerabilities to its network. Which of the following would be an IS auditor's BEST recommendation to address this i...
Malware preventionVulnerability exploitationNetwork securityIntrusion Prevention System (IPS)

PreviousPage 6 of 13Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.