Browse Exams Pricing

ExamsCISAQuestions

CISA Exam Questions

650 real CISA exam questions with expert-verified answers and explanations. Page 7 of 13.

Question #302Governance and Management of IT
An IS auditor wants to gain a better understanding of an organization's selected IT operating system software. Which of the following would be MOST helpful to review?
Enterprise ArchitectureIT GovernanceIS Audit Information GatheringTechnology Architecture
Question #303Information Systems Acquisition, Development, and Implementation
Which of the following is the PRIMARY objective of performing quality assurance (QA) in a system development process?
Quality Assurance (QA)System Development Life Cycle (SDLC)Business RequirementsSystem Development Process
Question #304Information Systems Acquisition, Development, and Implementation
An IS auditor is planning a review of an organization's robotic process automation (RPA) technology. Which of the following MUST be included in the audit work plan?
RPA auditChange managementSystem implementationAudit planning
Question #305Protection of Information Assets
Which of the following is the BEST recommendation to prevent the skimming of debit or credit card data in point of sale (POS) systems?
POS securityPayment card securitySkimming preventionEMV (Chip and PIN)
Question #306Information Systems Operations and Business Resilience
An IS auditor is reviewing how password resets are performed for users working remotely. Which type of documentation should be requested to understand the detailed steps required f...
Documentation typesProceduresIS audit techniquesPassword management
Question #307Protection of Information Assets
Which of the following BEST supports an organization's objective of restricting the use of removable storage devices by users?
Data Loss PreventionRemovable Media ControlInformation Security ControlsData Protection
Question #308Protection of Information Assets
An IS auditor is reviewing the security of a web-based customer relationship management (CRM) system that is directly accessed by customers via the Internet. Which of the following...
Network SecurityDMZNetwork SegmentationSecurity Architecture
Question #309Information Systems Operations and Business Resilience
An IS auditor is reviewing job scheduling software and notes instances of delayed processing time, unexpected job interruption, and out-of-sequence job execution. Which of the foll...
Job schedulingException logsIS audit proceduresProblem diagnosis
Question #310Protection of Information Assets
Which of the following is the BEST way to determine the adequacy of controls for detecting inappropriate network activity in an organization?
SIEMNetwork Security MonitoringDetective ControlsControl Adequacy
Question #311Information Systems Operations and Business Resilience
Which of the following is the PRIMARY purpose of batch processing monitoring?
Batch processingMonitoringIT operationsIncident prevention
Question #312Protection of Information Assets
Which of the following is an organization's BEST defense against malware?
Malware defenseSecurity awareness trainingHuman element in securityPreventative controls
Question #313Governance and Management of IT
Which of the following is the PRIMARY objective of IT quality assurance (QA)?
Quality AssuranceIT GovernanceBusiness RequirementsIT Service Quality
Question #314Information System Auditing Process
The GREATEST concern for an IS auditor reviewing vulnerability assessments by the auditee would be if the assessments are:
Vulnerability AssessmentsIS AuditingVulnerability ManagementAudit Effectiveness
Question #315Information System Auditing Process
Which of the following is the MOST effective way to detect as many abnormalities as possible during an IS audit?
IS Audit TechniquesData AnalyticsAnomaly DetectionAudit Effectiveness
Question #316Information System Auditing Process
An organization has determined that a trusted insider has been able to bypass and embezzle organizational funds. Which type of audit would be MOST helpful when providing evidence t...
Forensic AuditFraud InvestigationAudit TypesEvidence Gathering
Question #317Protection of Information Assets
Which of the following BEST mitigates the risk of SQL injection attacks against applications exposed to the internet?
SQL injectionWeb Application FirewallApplication securityThreat mitigation
Question #318Governance and Management of IT
Which of the following activities would BEST facilitate the improvement of control owner accountability for the expected performance of security controls?
Control Self-AssessmentControl AccountabilityControl MonitoringControl Effectiveness
Question #319Governance and Management of IT
Which of the following is the MOST significant risk related to shadow IT?
Shadow ITIT GovernanceRisk ManagementInternal Controls
Question #320Protection of Information Assets
An IS auditor is reviewing an organization's operational log management. Which of the following should be the auditor's GREATEST concern?
Log managementAccess controlInformation security riskIS Auditing
Question #321Information Systems Operations and Business Resilience
Which of the following establishes the PRIMARY difference between a business continuity plan (BCP) and a disaster recovery plan (DRP)?
Business Continuity Plan (BCP)Disaster Recovery Plan (DRP)Business Resilience
Question #322Protection of Information Assets
Which of the following is the MOST effective control to protect the integrity of database activity logs?
Database securityLog integrityCryptographic controlsInformation security controls
Question #323Protection of Information Assets
Data loss prevention (DLP) tools provide the MOST protection against:
Data Loss Prevention (DLP)Information ProtectionData Security
Question #324Governance and Management of IT
Which of the following is MOST important to have in place to manage the risk of a resource shortage when there are multiple IT investment projects in progress?
IT portfolio managementResource allocationStrategic IT planningProject prioritization
Question #325Information Systems Acquisition, Development, and Implementation
Which of the following would present the MOST significant risk within a DevOps development model?
DevOpsRisk ManagementDeployment MonitoringSDLC Controls
Question #326Protection of Information Assets
Which of the following should be done FIRST to ensure that a data loss prevention (DLP) process is appropriately implemented?
Data Loss Prevention (DLP)Data ClassificationInformation Asset ProtectionSecurity Program Implementation
Question #327Information Systems Acquisition, Development, and Implementation
An IS auditor has been asked to perform a post-implementation review of a newly developed system. When reviewing the testing phase results, the auditor observed that separate modul...
System testingIntegration testingSDLCPost-implementation review
Question #328Information Systems Acquisition, Development, and Implementation
Vulnerability identification should begin in which phase of an in-house software development project?
Secure SDLCSoftware Development Life CycleVulnerability IdentificationShift Left Security
Question #329Information Systems Acquisition, Development, and Implementation
From a risk management perspective, which of the following is the BEST approach when implementing a large and complex data center IT infrastructure?
Risk ManagementDeployment StrategiesIT Project ImplementationPhased Approach
Question #330Governance and Management of IT
The MOST significant reason for using ley performance indicators (KPIs) to track the progress of IT projects against their initial targets is that they:
KPIsProject monitoringCorrective actionsIT project management
Question #331Information Systems Acquisition, Development, and Implementation
If a source code is not recompiled when program changes are implemented, which of the following is a compensating control to ensure synchronization of source and object?
Source Code ManagementConfiguration ManagementSoftware Development ControlsCompensating Controls
Question #332Governance and Management of IT
Which of the following is the BEST way to detect unauthorized copies of licensed software on systems?
Software licensingUnauthorized software detectionIT auditingSoftware asset management
Question #333Information System Auditing Process
After areas have been appropriately scoped, what is the IS auditor's NEXT step in the selection for sampling?
IS audit samplingAudit process stepsPopulation definitionAudit planning
Question #334Information System Auditing Process
Which of the following is the GREATEST concern associated with IS risk-based auditing when audit resources are limited?
Risk-based auditingAudit planningAudit scopeResource limitations
Question #335Information Systems Acquisition, Development, and Implementation
The quality assurance (QA) team is testing a new e-ticketing application prior to go live to ensure that sales tax is calculated and applied correctly. Which of the following shoul...
Application testingGo-live readinessData dependencyCritical system function
Question #336Protection of Information Assets
Which of the following poses the GREATEST risk to an organization when employees use public social networking sites?
Social engineeringInformation security threatsRisk managementEmployee awareness
Question #337Protection of Information Assets
When collecting digital data for forensic purposes, the GREATEST benefit associated with the use of imaging is that it:
Digital ForensicsEvidence CollectionDisk ImagingForensic Preservation
Question #338Governance and Management of IT
Which of the following is the PRIMARY role of the IT steering committee?
IT steering committeeIT governanceBusiness-IT alignment
Question #339Information System Auditing Process
Which of the following is the PRIMARY objective of a quality assurance (QA) and improvement program within the IS audit process?
Quality AssuranceIS Audit ProcessProfessional StandardsAudit Program Management
Question #340Information Systems Acquisition, Development, and Implementation
Which of the following is the BEST source of evidence to determine whether a new system meets expected requirements?
User Acceptance TestingSystem ValidationRequirements VerificationSDLC
Question #341Information Systems Acquisition, Development, and Implementation
In planning a major system development project, function point analysis would assist in:
Function Point AnalysisSystem Development PlanningSoftware Size EstimationProject Estimation
Question #342Protection of Information Assets
During the forensic investigation of a cyberattack involving credit card data, which of the following is MOST important to ensure?
Forensic investigationChain of custodyEvidence handlingIncident response
Question #343Information Systems Acquisition, Development, and Implementation
Which of the following is the MOST important advantage of building enterprise architecture (EA) based on open system architecture?
Enterprise ArchitectureOpen SystemsInteroperabilitySystem Integration
Question #344Protection of Information Assets
Which of the following is the PRIMARY reason for an airline's IT management to continuously monitor the controls for a critical integrated flight schedule and payment application?
Continuous monitoringSecurity incident detectionThreat responseCritical applications
Question #345Information Systems Operations and Business Resilience
Which of the following is the PRIMARY factor in determining a recovery time objective (RTO)?
Recovery Time Objective (RTO)Business Continuity Planning (BCP)Disaster Recovery (DR)Downtime Cost
Question #346Information Systems Operations and Business Resilience
Which of the following metrics is MOST helpful for evaluating the effectiveness of problem management practices?
Problem ManagementIT Service ManagementPerformance MeasurementOperational Metrics
Question #347Protection of Information Assets
An IS auditor finds that some employees are using public cloud-based AI tools. Which of the following presents the GREATEST concern?
Data leakageCloud securityAI risksShadow IT
Question #348Protection of Information Assets
Which of the following represents the GREATEST risk to virtualized environments?
Virtualization SecurityHypervisorRisk IdentificationSingle Point of Failure
Question #349Information System Auditing Process
An audit identified that a computer system is not assigning sequential purchase order numbers to order requests. The IS auditor is conducting an audit follow-up to determine if man...
Audit Follow-upEvidence ReliabilitySystem ConfigurationLog Analysis
Question #350Governance and Management of IT
Which of the following is the MOST likely root cause of shadow IT in an organization?
Shadow ITIT GovernanceProcess ManagementInefficient IT Processes
Question #351Information System Auditing Process
Which of the following is the PRIMARY reason for an IS auditor to perform a risk assessment?
Audit Risk AssessmentAudit PlanningRisk IdentificationMateriality

PreviousPage 7 of 13Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.