ISACA CISA Übungsprüfungen
Zuletzt aktualisiert am 26.04.2025- Prüfungscode: CISA
- Prüfungsname: Certified Information Systems Auditor
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 26.04.2025
Which of the following provides the MOST assurance of the integrity of a firewall log?
- A . The log is reviewed on a monthly basis.
- B . Authorized access is required to view the log.
- C . The log cannot be modified.
- D . The log is retained per policy.
An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank’s customers.
Which of the following controls is MOST important for the auditor to confirm is in place?
- A . The default configurations have been changed.
- B . All tables in the database are normalized.
- C . The service port used by the database server has been changed.
- D . The default administration account is used after changing the account password.
Which of the following is MOST important when implementing a data classification program?
- A . Understanding the data classification levels
- B . Formalizing data ownership
- C . Developing a privacy policy
- D . Planning for secure storage capacity
Which of the following system attack methods is executed by entering malicious code into the search box of a vulnerable website, causing the server to reveal restricted information?
- A . Man-m-the-middle
- B . Denial of service (DoS)
- C . SQL injection
- D . Cross-site scripting
An organization allows employees to retain confidential data on personal mobile devices.
Which of the following is the BEST recommendation to mitigate the risk of data leakage from lost or stolen devices?
- A . Require employees to attend security awareness training.
- B . Password protect critical data files.
- C . Configure to auto-wipe after multiple failed access attempts.
- D . Enable device auto-lock function.
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions.
Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?
- A . Differential backup
- B . Full backup
- C . Incremental backup
- D . Mirror backup
Which of the following should be of MOST concern to an IS auditor reviewing an organization’s business impact analysis (BIA)?
- A . A risk assessment was not conducted prior to completing the BIA.
- B . System criticality information was only provided by the IT manager.
- C . A questionnaire was used to gather information as opposed to in-person interviews.
- D . The BIA was not signed off by executive management.
A month after a company purchased and implemented system and performance monitoring software, reports were too large and therefore were not reviewed or acted upon.
The MOST effective plan of action would be to:
- A . evaluate replacement systems and performance monitoring software.
- B . restrict functionality of system monitoring software to security-related events.
- C . re-install the system and performance monitoring software.
- D . use analytical tools to produce exception reports from the system and performance monitoring software
An IS auditor reviewing the database controls for a new e-commerce system discovers a security weakness in the database configuration.
Which of the following should be the IS auditor’s NEXT course of action?
- A . Identify existing mitigating controls.
- B . Disclose the findings to senior management.
- C . Assist in drafting corrective actions.
- D . Attempt to exploit the weakness.
An IS auditor determines that the vendor’s deliverables do not include the source code for a newly acquired product.
To address this issue, which of the following should the auditor recommend be included in the contract?
- A . Confidentiality and data protection clauses
- B . Service level agreement (SLA)
- C . Software escrow agreement
- D . Right-to-audit clause