ISACA CISA Practice Exams
Last updated on Mar 31,2025- Exam Code: CISA
- Exam Name: Certified Information Systems Auditor
- Certification Provider: ISACA
- Latest update: Mar 31,2025
Which of the following would be an IS auditor’s GREATEST concern when reviewing the early stages of a software development project?
- A . The lack of technical documentation to support the program code
- B . The lack of completion of all requirements at the end of each sprint
- C . The lack of acceptance criteria behind user requirements.
- D . The lack of a detailed unit and system test plan
An IS auditor determines elevated administrator accounts for servers that are not properly checked out and then back in after each use.
Which of the following is the MOST appropriate sampling technique to determine the scope of the problem?
- A . Haphazard sampling
- B . Random sampling
- C . Statistical sampling
- D . Stratified sampling
An IS auditor has completed the fieldwork phase of a network security review and is preparing the initial following findings should be ranked as the HIGHEST risk?
- A . Network penetration tests are not performed
- B . The network firewall policy has not been approved by the information security officer.
- C . Network firewall rules have not been documented.
- D . The network device inventory is incomplete.
Which of the following findings would be of GREATEST concern to an IS auditor reviewing the security architecture of an organization that has just implemented a Zero Trust solution?
- A . An increase in security-related costs
- B . User complaints about the new mode of working
- C . An increase in user identification errors
- D . A noticeable drop in the performance of IT systems
Which of the following is the MOST important consideration when defining an operational log management strategy?
- A . Audit recommendations
- B . Industry benchmarking
- C . Event response procedures
- D . Stakeholder requirements
When auditing the alignment of IT to the business strategy, it is MOST Important for the IS auditor to:
- A . compare the organization’s strategic plan against industry best practice.
- B . interview senior managers for their opinion of the IT function.
- C . ensure an IT steering committee is appointed to monitor new IT projects.
- D . evaluate deliverables of new IT initiatives against planned business services.
Which of the following is the BEST way for management to ensure the effectiveness of the cybersecurity incident response process?
- A . Periodic reporting of cybersecurity incidents to key stakeholders
- B . Periodic update of incident response process documentation
- C . Periodic cybersecurity training for staff involved in incident response
- D . Periodic tabletop exercises involving key stakeholders
Which of the following is the BEST source of information to determine the required level of data protection on a file server?
- A . Data classification policy and procedures
- B . Access rights of similar file servers
- C . Previous data breach incident reports
- D . Acceptable use policy and privacy statements
What is the PRIMARY reason to adopt a risk-based IS audit strategy?
- A . To achieve synergy between audit and other risk management functions
- B . To prioritize available resources and focus on areas with significant risk
- C . To reduce the time and effort needed to perform a full audit cycle
- D . To identify key threats, risks, and controls for the organization
An organization is migrating its HR application to an Infrastructure as a Service (laaS) model in a private cloud.
Who is PRIMARILY responsible for the security configurations of the deployed application’s operating system?
- A . The cloud provider’s external auditor
- B . The cloud provider
- C . The operating system vendor
- D . The organization