Browse Exams Pricing

ExamsCISAQuestions

CISA Exam Questions

650 real CISA exam questions with expert-verified answers and explanations. Page 8 of 13.

Question #352Protection of Information Assets
In a virtualized environment, which of the following techniques BEST mitigates the risk of pervasive network attacks?
Network SecurityVirtualization SecurityNetwork SegmentationAttack Mitigation
Question #353Protection of Information Assets
Which of the following should be the PRIMARY focus when configuring security settings for a cloud application's infrastructure?
Cloud securitySecurity configurationAccess controlPrimary security objectives
Question #354Information System Auditing Process
Which of the following would provide an organization with the BEST evidence that a third party's controls are aligned with the organization's requirements?
Third-party risk managementVendor managementControl assuranceAudit evidence
Question #355Information Systems Operations and Business Resilience
An organization has moved all of its infrastructure to the cloud. Which of the following would be an IS auditor's GREATEST concern related to the organization's ability to continue...
Disaster Recovery Plan (DRP)Cloud Migration RisksBusiness ContinuityIS Audit Concerns
Question #356Information Systems Operations and Business Resilience
An objective of capacity management is to ensure that:
Capacity ManagementResource ManagementIT OperationsEfficiency
Question #357Information Systems Operations and Business Resilience
Which of the following backup systems is executed at the server level by special software running on the server and on the target server?
Data backupData replicationServer-based replicationBusiness resilience
Question #358Protection of Information Assets
An IS auditor is reviewing an organization's controls for Internet of Things (IoT) devices. Which of the following should be the auditor's PRIMARY focus?
IoT SecurityVulnerability ManagementPatch ManagementIS Audit Controls
Question #359Information System Auditing Process
Which of the following documents would be MOST useful in detecting a weakness in separation of duties?
Separation of Duties (SOD)Process documentationInternal controlsAuditing techniques
Question #360Protection of Information Assets
Which of the following is the PRIMARY advantage of using an automated security log monitoring tool over a manual review to monitor the use of privileged access?
Security Log MonitoringPrivileged Access Management (PAM)Automated Security ToolsSuspicious Activity Detection
Question #361Protection of Information Assets
Which of the following data controls is MOST helpful in verifying that the data received by an application is the same as the data sent by a remote application?
Data IntegrityData ControlsHash CheckingApplication Controls
Question #362Governance and Management of IT
Which of the following is MOST important for an IS auditor to determine when reviewing the design and implementation of controls?
Risk ManagementControl EffectivenessControl DesignAudit Review
Question #363Information System Auditing Process
Which of the following documents should define roles and responsibilities within an IT audit organization?
Audit CharterIT Audit OrganizationRoles and ResponsibilitiesAudit Governance
Question #364Information Systems Operations and Business Resilience
Which control is MOST critical to mitigate risks related to operational resilience?
Operational ResilienceDisaster RecoveryBusiness ContinuityInfrastructure Redundancy
Question #365Governance and Management of IT
Which of the following should be of GREATEST concern to an IS auditor reviewing onsite preventive maintenance for an organization's business-critical server hardware?
Preventive MaintenanceSystem OwnerIT GovernanceAuthorization
Question #366Protection of Information Assets
When implementing a data loss prevention (DLP) program, which of the following is the PRIMARY benefit of including user awareness training as part of the rollout?
DLPUser AwarenessHuman ErrorData Breach Prevention
Question #367Governance and Management of IT
In an effort to use transaction log resources effectively and free up space, an organization has decided to begin truncating older log information. Which of the following is MOST i...
Data ownerAuthorizationLog managementIT governance
Question #368Information System Auditing Process
An IS auditor who is involved in a computer forensic analysis should FIRST ensure that the evidence is:
Evidence preservationComputer forensicsIS audit evidenceAuditor responsibilities
Question #369Protection of Information Assets
Which of the following computer forensics activities allows the examination of information that is only available on active operating system processes?
Computer ForensicsMemory ForensicsVolatile DataIncident Response
Question #370Information Systems Auditing Process
The MOST effective way to reduce sampling risk is to increase:
Sampling RiskAudit SamplingSample SizeAuditing Principles
Question #371Protection of Information Assets
An IS auditor is planning an audit of a bank's automated teller machine (ATM) activities and is identifying the potential risks. Which of the following related risks would have the...
Risk IdentificationInformation SecurityData ConfidentialityATM Security
Question #372Governance and Management of IT
Data is being transferred from an application database to a data warehouse. Some fields were not picked up un the extraction process and therefore were not transferred to the data...
Data IntegrityData WarehouseRisk ManagementBusiness Impact
Question #373Governance and Management of IT
Which of the following should be of GREATEST concern to an IS auditor analyzing the results of a network discovery scan?
Asset InventoryNetwork ScanningIT GovernanceRisk Management
Question #374Governance and Management of IT
An organization is implementing an enterprise resource planning (ERP) system. Which of the following would BEST support compliance with the organization's enterprise architecture (...
IT GovernanceEnterprise ArchitectureIT Steering CommitteeCompliance
Question #375Protection of Information Assets
Which of the following is the MOST effective control for discovering unauthorized cloud service usage in a corporate network?
Cloud SecurityNetwork MonitoringShadow ITSecurity Controls
Question #376Protection of Information Assets
Confidentiality of data transmitted in a wireless local area network (LAN) is BEST protected if the session is:
Wireless securityData confidentialityEncryptionKey management
Question #377Governance and Management of IT
Control self-assessments (CSAs) can be used to:
Control Self-Assessment (CSA)Internal ControlsControl MonitoringBaseline Establishment
Question #378Information System Auditing Process
An IS auditor discovers that a large number of vendor-supplied patches have not been applied to a business-critical application. What should the auditor do NEXT?
Auditing processPatch managementControl deficiencyAuditor responsibilities
Question #379Protection of Information Assets
An IS audit reveals that a privileged user account was used to delete some transactions from application logs. Which of the following would BEST prevent the recurrence of similar i...
Access ControlLog ManagementSegregation of DutiesInformation Security
Question #380Information Systems Acquisition, Development, and Implementation
Which of the following approaches would present the GREATEST concern for the implementation of a quality assurance (QA) function?
Quality AssuranceSeparation of DutiesSoftware Development Life CycleCode Review
Question #381Governance and Management of IT
The charging method that effectively encourages the MOST efficient use of IS resources is:
IT Financial ManagementChargebackResource EfficiencyCost Allocation
Question #382Governance and Management of IT
An organization considering the outsourcing of a business application should FIRST:
OutsourcingStrategic PlanningCost-Benefit AnalysisIT Governance
Question #383Information Systems Acquisition, Development, and Implementation
After the successful release of an application system, business stakeholders are planning to organize a post-implementation review to determine whether the system satisfies busines...
Post-implementation reviewBusiness requirementsUse casesSystem evaluation
Question #384Information Systems Operations and Business Resilience
An organization using a cloud provider for its online billing system requires the website to be accessible to customers at all times. What is the BEST way to verify the organizatio...
Cloud ComputingVendor ManagementService Level Agreement (SLA)Availability Management
Question #385Governance and Management of IT
Which of the following is the BEST source of information for an IS auditor when reviewing an organization's IT infrastructure and operations?
Enterprise Architecture (EA)Audit Information SourcesIT Infrastructure ReviewIT Operations Review
Question #386Governance and Management of IT
Which of the following BEST facilitates the successful implementation of IT performance monitoring?
IT performance monitoringPerformance measurementGoal settingStrategic alignment
Question #387Protection of Information Assets
A zero-day vulnerability with a critical severity score has been published for a core business application. Which of the following should be done FIRST to address this vulnerabilit...
Vulnerability ManagementSecurity Incident ResponseAsset Identification
Question #388Protection of Information Assets
Which of the following should be of MOST concern to an IS auditor reviewing an organization's ability to detect Internet of Things (IoT) devices?
IoT securityAsset discoveryNetwork auditingSecurity monitoring
Question #389Protection of Information Assets
Which of the following should be of GREATEST concern to an IS auditor for work-from-anywhere scenarios as compared to work from home or work from office?
Remote Work SecurityWireless Network SecurityPublic Wi-Fi RisksInformation Security Concerns
Question #390Information Systems Acquisition, Development, and Implementation
What is the PRIMARY objective of evaluating the readiness of an information system implementation?
System implementation readinessBusiness requirementsSystem evaluationProject success factors
Question #391Information Systems Acquisition, Development, and Implementation
Which of the following is MOST important to include when developing an organization's test strategy?
Test StrategyRisk ManagementContingency PlanningSDLC Testing
Question #392Governance and Management of IT
An organization is implementing a new cloud-based application to store sensitive customer data. The application is hosted in a country with a different regulatory environment than...
Cloud ComplianceRegulatory ComplianceVendor Due DiligenceThird-Party Risk
Question #393Information Systems Acquisition, Development, and Implementation
An application programming interface (API) has recently undergone a new release, and sensitive functions are no longer restricted appropriately. Which of the following is the MOST...
API SecurityAuthorizationSecurity VulnerabilityApplication Security
Question #394Information Systems Acquisition, Development, and Implementation
After a functional change to a program in a system, regression testing of the system is important in order to check whether the:
Regression testingSoftware testingChange managementSystem maintenance
Question #395Information System Auditing Process
During an investigation of transactions in a core banking system, fraudulent transactions are discovered that will require the involvement of law enforcement. Which of the followin...
Fraud investigationEvidence preservationForensic proceduresLegal compliance
Question #396Information Systems Acquisition, Development, and Implementation
A local insurance company has decided to migrate an in-house accounting solution to a purchased enterprise resource planning (ERP) solution. The project is entering the user accept...
User Acceptance Testing (UAT)Software Development Life Cycle (SDLC)Functional TestingProject Risk
Question #397Information Systems Operations and Business Resilience
Which of the following application should an IS auditor consider to be the HIGHEST priority when reviewing disaster recovery planning (DRP) tests for an e-commerce company?
DRP TestingBusiness Impact AnalysisApplication PrioritizationCritical Applications
Question #398Information Systems Acquisition, Development, and Implementation
An IS auditor is reviewing the quality control (QC) of the implementation process that supports an online reservation system. Which of the following findings would be the GREATEST...
Quality ControlSystem ImplementationDefect ManagementIS Audit Findings
Question #399Information Systems Operations and Business Resilience
Which of the following would be an IS auditor's GREATEST concern upon learning that a business database cannot successfully generate transaction logs?
Transaction loggingDatabase integrityData recoveryBusiness resilience
Question #400Protection of Information Assets
Which of the following security measures is MOST important for protecting Internet of Things (IoT) devices from potential cyberattacks?
IoT SecurityCybersecurity Best PracticesPassword ManagementDevice Hardening
Question #401Information System Auditing Process
Which of the following is a PRIMARY benefit of having an IS auditor facilitate control self- assessments (CSAs) with business employees?
Control Self-Assessment (CSA)IS Auditor roleRisk awarenessInternal controls

PreviousPage 8 of 13Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.