Browse Exams Pricing

ExamsCISAQuestions

CISA Exam Questions

650 real CISA exam questions with expert-verified answers and explanations. Page 9 of 13.

Question #402Protection of Information Assets
The PRIMARY concern for users related to data loss prevention (DLP) solutions is that they can:
Data Loss Prevention (DLP)Information Security ControlsUser ProductivityOperational Impact
Question #403Protection of Information Assets
Which of the following could invalidate the digital evidence collected in a forensic investigation?
Digital ForensicsEvidence CollectionEvidence IntegrityWrite Blocker
Question #404Information Systems Operations and Business Resilience
Well-documented incident management processes contribute MOST to the:
Incident ManagementService DowntimeIT OperationsBusiness Resilience
Question #405Information Systems Operations and Business Resilience
An IS auditor is reviewing the operational database management of an organization that uses cloud systems for hosting. Which of the following should be the auditor's PRIMARY area o...
Cloud SecurityDatabase SecuritySecurity ConfigurationIS Audit
Question #406Protection of Information Assets
How does an organization indicate the authenticity of its web pages for users utilizing a public key infrastructure (PKI)?
PKIDigital CertificatesWeb SecurityAuthenticity
Question #407Information Systems Acquisition, Development, and Implementation
An IS auditor discovers that an organization lacks a formal requirements validation process before software development starts. Which of the following is the PRIMARY risk associate...
Requirements ValidationSoftware Development RisksScope CreepSDLC Controls
Question #408Information System Auditing Process
During an audit walkthrough, an IS auditor asked the auditee to open the firewall configuration file to the auditor's email. Which of the following is the auditor's BEST course of...
Audit evidence collectionSecure information handlingAuditor professional ethicsAudit scope and limitations
Question #409Protection of Information Assets
Which type of digital evidence is at GREATEST risk of being lost if not captured in a timely manner?
Digital EvidenceEvidence VolatilityIncident ResponseData Preservation
Question #410Governance and Management of IT
One advantage of managing an entire collection of projects as a portfolio is that it highlights the need to:
Portfolio ManagementProject DependenciesIT GovernanceStrategic Alignment
Question #411Information Systems Acquisition, Development, and Implementation
An organization is implementing a new enterprise resource planning (ERP) system. From a system performance management perspective, which of the following would pose the GREATEST co...
ERP ImplementationSystem PerformanceInfrastructure Impact AnalysisIS Audit Concerns
Question #412Information Systems Operations and Business Resilience
Which of the following should be the PRIMARY consideration when reviewing console logs to access the effectiveness of an organization's job scheduling process?
Job schedulingOperational effectivenessLog reviewIT operations
Question #413Information Systems Acquisition, Development, and Implementation
An IS auditor works for a company that develops software for commercial use. Which of the following is the MOST important consideration when conducting a post-implementation review...
Post-implementation reviewContractual requirementsClient deliverySystem implementation
Question #414Governance and Management of IT
Which of the following stakeholders is accountable for control evaluations during a control self- assessment (CSA)?
Control Self-Assessment (CSA)Roles and ResponsibilitiesAccountabilityInternal Controls
Question #415Protection of Information Assets
Which of the following controls would BEST help a forensic investigator prevent modifications in digital evidence?
Digital ForensicsEvidence PreservationData IntegrityIncident Response
Question #416Information Systems Acquisition, Development and Implementation
An organization used robotic process automation (PRA) technology to develop software bots that extract data from various sources for input into a legacy financial application. Whic...
RPAChange ManagementApplication ControlsIS Audit
Question #417Information Systems Acquisition, Development, and Implementation
A project's overall progress report shows that it is on schedule. However, the progress reports from the project's subteams do not support this. Which of the following would be the...
Project progress reportingSchedule managementProject riskReporting accuracy
Question #418Information Systems Operations and Business Resilience
Which of the following provides the BEST evidence of an organization's disaster recovery readiness?
Disaster Recovery ReadinessDRP TestingContinuous ImprovementBusiness Resilience
Question #419Governance and Management of IT
When reviewing whether IT investments are meeting business objectives, which of the following evaluations would be MOST useful?
IT Investment EvaluationReturn on Investment (ROI)Value RealizationBusiness Objectives Alignment
Question #420Information System Auditing Process
Which of the following BEST enables an IS auditor to rely on auditee evidence?
Audit evidenceEvidence reliabilityEvidence collectionAudit procedures
Question #421Information Systems Operations and Business Resilience
An organization has been struggling with unsuccessful change rollbacks due to unreliable images. Which of the following would be an IS auditor's BEST recommendation in this situati...
Change ManagementConfiguration ManagementSystem ReliabilityIT Operations
Question #422Information Systems Acquisition, Development, and Implementation
Which of the following is the BEST way to mitigate the risk associated with malicious changes to binary code during the software development life cycle?
Digital signaturesSoftware integrityCryptographySDLC security
Question #423Information Systems Acquisition, Development, and Implementation
An organization has recently implemented multiple Internet of Things (IoT) devices to measure and monitor its industrial equipment. Which of the following should be the GREATEST co...
IoT SecurityVulnerability AssessmentAudit ConcernsImplementation Review
Question #424Governance and Management of IT
When reviewing IT asset life cycle management within an organization, it is MOST important for the IS auditor to confirm each asset has been assigned:
IT Asset ManagementAccountabilityAsset OwnershipIS Audit Controls
Question #425Information Systems Operations and Business Resilience
Which of the following should be of MOST concern to an IS auditor reviewing an organization's business impact analysis (BIA)?
Business Impact Analysis (BIA)Risk AssessmentBusiness Continuity PlanningIS Audit Concerns
Question #426Protection of Information Assets
Which of the following is the GREATEST risk that could result from a contracted penetration tester attempting SQL injection techniques on the production system?
SQL InjectionPenetration TestingData IntegrityProduction System Risk
Question #427Protection of Information Assets
The BEST way to protect against the internal threat of sensitive data disclosure is to implement?
Data Loss Prevention (DLP)Data SecurityInsider ThreatConfidentiality
Question #428Protection of Information Assets
When auditing a data loss protection (DLP) program, which of the following should an IS auditor consider as the GREATEST access-related risk?
DLP (Data Loss Prevention)Information SecurityRisk ManagementIS Auditing
Question #429Information System Auditing Process
Which of the following is a KEY attribute that differentiates statistical sampling from non-statistical sampling?
SamplingStatistical SamplingNon-statistical SamplingAudit Techniques
Question #430Information Systems Acquisition, Development and Implementation
Scope creep in a project can BEST be controlled by:
Scope creepProject managementChange controlImpact assessment
Question #431Protection of Information Assets
In which data loss prevention (DLP) deployment model is data inspection and policy enforcement performed at the organization's perimeter or gateway?
Data Loss Prevention (DLP)Network-based DLPSecurity ControlsPerimeter Security
Question #432Information Systems Acquisition, Development and Implementation
An IS auditor is reviewing an IT project and finds that an earned value analysis (EVA) is not regularly performed as part of project status reporting. Which of the following is the...
Earned Value AnalysisProject Performance MeasurementProject RisksIT Project Auditing
Question #433Information Systems Operations and Business Resilience
The PRIMARY objective of the disaster recovery planning process is to:
Disaster Recovery PlanningBusiness ResilienceOperational ContinuityDowntime Minimization
Question #434Protection of Information Assets
Which of the following is the PRIMARY function of a data loss prevention (DLP) policy when implemented in an organization's DLP solution?
DLP (Data Loss Prevention)Data ProtectionInformation Security PoliciesSecurity Controls
Question #435Governance and Management of IT
Which of the following is the BEST control to mitigate the risk of shadow IT?
Shadow ITRisk mitigationSecurity awareness trainingIT governance
Question #436Governance and Management of IT
A review of an organization's enterprise architecture (EA) BEST enables an IS auditor to determine:
Enterprise ArchitectureIT-Business AlignmentIT StrategyGovernance
Question #437Information Systems Operations and Business Resilience
Which of the following is the PRIMARY purpose of a business impact analysis (BIA) in an organization's overall risk management strategy?
Business Impact AnalysisBusiness ContinuityDisaster RecoveryRisk Management
Question #438Information System Auditing Process
Which of the following is the BEST method for converting system-generated log files into a format suitable for data analysis?
Log analysisData normalizationData preparationAuditing techniques
Question #439Governance and Management of IT
Which of the following is the BEST source of organizational direction on when to use cloud services?
Enterprise ArchitectureCloud StrategyIT GovernanceStrategic Planning
Question #440Governance and Management of IT
Once a security policy is approved by key stakeholders, the NEXT step should be to:
Security PolicyPolicy ImplementationSecurity AwarenessIT Governance
Question #441Information Systems Acquisition, Development, and Implementation
An organization's payroll department recently implemented a new Software as a Service (SaaS) tool for payment processing. Which of the following audits is MOST appropriate for an I...
Functional auditSaaS implementationPerformance requirementsPost-implementation review
Question #442Governance and Management of IT
Which of the following is the STRONGEST indication of a mature risk management program?
Risk Management MaturityRisk AssessmentDecision MakingIT Governance
Question #443Information Systems Acquisition, Development, and Implementation
Users are complaining that a newly released enterprise resource planning (ERP) system is functioning too slowly. Which of the following tests during the quality assurance (QA) phas...
QA testingPerformance testingStress testingSystem implementation
Question #444Information System Auditing Process
An organization has replaced its call center with AI chatbots that autonomously learn new responses through internet queries and customer conversation history. Which of the followi...
AI auditingIT controlsAudit frameworksRisk assessment
Question #445Information Systems Acquisition, Development, and Implementation
Which type of security testing is MOST efficient for finding hidden errors in software and facilitating source code optimization?
White box testingSecurity testingSoftware development lifecycleCode optimization
Question #446Governance and Management of IT
For security awareness training to be MOST effective, management should ensure the training:
Security Awareness TrainingTraining EffectivenessManagement ResponsibilityHuman Factors in Security
Question #447Information Systems Operations and Business Resilience
An organization establishes capacity utilization thresholds and monitors for instances when thresholds are exceeded. Which of the following is BEST supported by this activity?
Capacity planningSystem monitoringAvailability managementPerformance management
Question #448Information Systems Acquisition, Development, and Implementation
An IS auditor learns that an organization did not conduct any penetration testing over one internet-facing webpage prior to its production deployment. Which of the following is the...
Penetration TestingSDLC SecurityAuditor InvestigationControl Deficiency
Question #449Information Systems Acquisition, Development, and Implementation
An IS auditor is assessing an organization's DevSecOps approach. Which of the following BEST indicates a proactive approach to identifying vulnerabilities?
DevSecOpsAutomated Security TestingCI/CD SecurityVulnerability Identification
Question #450Information Systems Acquisition, Development, and Implementation
Which of the following security testing techniques is MOST effective for confirming that inputs to a web application have been properly sanitized?
Security Testing TechniquesInput SanitizationFuzzingWeb Application Security
Question #451Protection of Information Assets
When selecting a new data loss prevention (DLP) solution, the MOST important consideration is that the solution:
Data Loss Prevention (DLP)Information ProtectionSecurity Solutions SelectionConfidentiality

PreviousPage 9 of 13Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.