ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 24.04.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 24.04.2025
Before the release of a new application into an organization’s production environment, which of the following should be in place to ensure that proper testing has occurred and rollback plans are in place?
- A . Change approval board
- B . Standardized change requests
- C . Independent third-party approval
- D . Secure code review
Which of the following is MOST important for an effective control self-assessment (CSA) program?
- A . Determining the scope of the assessment
- B . Performing detailed test procedures
- C . Evaluating changes to the risk environment
- D . Understanding the business process
Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?
- A . Risk identification
- B . Risk classification
- C . Control self-assessment (CSA)
- D . Impact assessment
Which of the following provides the BEST providence that outsourced provider services are being properly managed?
- A . The service level agreement (SLA) includes penalties for non-performance.
- B . Adequate action is taken for noncompliance with the service level agreement (SLA).
- C . The vendor provides historical data to demonstrate its performance.
- D . Internal performance standards align with corporate strategy.
The PRIMARY advantage of using open-source-based solutions is that they:
- A . Have well-defined support levels.
- B . Are easily implemented.
- C . Reduce dependence on vendors.
- D . Offer better security features.
An organization is modernizing its technology policy framework to demonstrate compliance with external industry standards.
Which of the following would be MOST useful to an IS auditor for validating the outcome?
- A . Benchmarking of internal standards against peer organizations
- B . Inventory of the organization’s approved policy exceptions
- C . Policy recommendations from a leading external consulting agency
- D . Mapping of relevant standards against the organization’s controls
During an operational audit on the procurement department, the audit team encounters a key system that uses an artificial intelligence (Al) algorithm. The audit team does not have the necessary knowledge to proceed with the audit.
Which of the following is the BEST way to handle this situation?
- A . Perform a skills assessment to identify members from other business units with knowledge of Al.
- B . Remove the Al portion from the audit scope and proceed with the audit.
- C . Delay the audit until the team receives training on Al.
- D . Engage external consultants who have audit experience and knowledge of Al.
An IS auditor has completed the fieldwork phase of a network security review and is preparing the initial following findings should be ranked as the HIGHEST risk?
- A . Network penetration tests are not performed
- B . The network firewall policy has not been approved by the information security officer.
- C . Network firewall rules have not been documented.
- D . The network device inventory is incomplete.
During a follow-up engagement, an IS auditor confirms evidence of a problem that was not an issue in the original audit.
Which of the following is the auditor’s BEST course of action?
- A . Include the evidence as part of a future audit.
- B . Report only on the areas within the scope of the follow-up.
- C . Report the risk to management in the follow-up report.
- D . Expand the follow-up scope to include examining the evidence.
Which of the following should be the PRIMARY focus when communicating an IS audit issue to management?
- A . The risk to which the organization is exposed due to the issue
- B . The nature, extent, and timing of subsequent audit follow-up
- C . How the issue was found and who bears responsibility
- D . A detailed solution for resolving the issue