You are currently viewing CISA Practice Questions
CISA New Banner

CISA Practice Questions


Which of the following is the BEST source of information when assessing the amount of time a  project will take?

A. Critical path analysis

B. Workforce estimate

C. GANT chart 

D. Scheduling budget



Which of the following scenarios would enable a forensic investigation?

A. Incident response team members extracted the logs showing the suspicious activity and added  their notes before submitting for investigation.

B. The media in question was preserved using imaging, and chain of custody was  documented according to the organization’s incident response plan. 

C. The suspected computer was rebooted, and the evidence log file was converted to a  readable format for further analysis.

D. The incident response team prepared a final report for the forensic investigator and deleted  the original file securely to avoid further damage.



Which of the following will BEST protect the confidentiality of data stored on the hard drive of a  laptop computer?

A. Biometric access control

B. A boot password

C. Physical locks and alarms

D. Encryption of the data 



The use of the Transport Layer Security (TLS) protocol enables the client in a network to be:

A. identified by a password.

B. assured of the servers identity.

C. registered by the server,

D. provided with a digital certificate 



The PRIMARY purpose of an internal audit department’s quality assurance improvement  program is to evaluate which of the following?

A. The efficiency of internal audit processes

B. The adequacy and qualifications of internal audit personnel

C. The accuracy of prior-year internal audit results 

D. The effectiveness of the internal audit function



An IS auditor reviewing an incident management process identifies client information was lost due to  ransomware attacks. Which of the following would MOST effectively minimize the impact of future  occurrences?

A. Change access to client data to read-only.

B. Improve the ransomware awareness program.

C. Back up client data more frequently. 

D. Monitor all client data changes.



A region where an organization conducts business has announced changes in privacy legislation.  Which of the following should an IS auditor do FIRST to prepare for the changes?  A. Perform a gap analysis with current privacy procedures. 

B. Provide suggested updates to the organization’s privacy procedures.

C. Communicate the changes In privacy legislation to the legal department.

D. Design compensating controls to be in compliance with new privacy legislation.   



An organization has begun using social media to communicate with current and potential clients.  Which of the following should be of PRIMARY

A. Using a third-party provider to host and manage content

B. Lack of guidance on appropriate social media usage and monitoring 

C. Negative posts by customers affecting the organization’s image

D. Reduced productivity of stuff using social media 



An IS auditor is reviewing a mobile app that allows customers to submit payments for bills. As part of  the review, the auditor examines how code is developed and deployed to production. It is determined  that a secure code review is done prior to each deployment to production. What type of control is  being used?

A. Directive  

B. Compensating 


 D. Corrective 



A review of Internet security disclosed that users have individual user accounts with Internet service  providers (ISPs) and use these accounts for downloading business data. The organization wants to  ensure that only the corporate network is used. The organization should FIRST:

A. use a proxy server to filter out Internet sites that should not be accessed.

B. keep a manual log of Internet access.

C. monitor remote access activities.

D. include a statement in its security policy about Internet use.



Which of the following provides the BEST audit evidence that a firewall is configured in  compliance with the organization’s security policy?

A. Analyzing how the configuration changes are performed 

B. Analyzing log files [Most of us think that this is the best answer].   

C. Performing penetration testing

D. Reviewing the rule base 



Which of the following activities would allow an IS auditor to maintain independence while facilitating a control self-assessment (CSA)?

A. Partially completing the CSA

B. Developing the CSA questionnaire 

C. Developing the remediation plan

D. Implementing the remediation plan



Which of the following is the BEST way to facilitate proper follow-up for audit finding? 

A. Conduct a surprise audit to determine whether remediation is in progress

B. Schedule a follow-up audit for two weeks after the initial audit was completed

C. Conduct a follow-up audit when findings escalate to incidents

D. Schedule a follow-up audit based on remediation due dates. 



An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the  following should be the auditor s NEXT course of action? 

A. Report the security posture of the organization.

B. Report the mitigating control   

C. Determine the value of the firewall.

D. Determine the risk of not replacing the firewall



Which of the following are BEST suited for continuous auditing?

A. Manual transactions

B. Irregular transactions

C. Low-value transactions

D. Real-time transactions 



An IS auditor observes that an organization s critical IT systems have experienced several failures  throughout the year. Which of the following is the BEST recommendation? 

A. Perform a root cause analysis.   

B. Implement redundant systems.

C. Contract for a hot site

D. Perform a disaster recovery test



An IS auditor begins an assignment and identifies audit components for which the auditor is not  qualified to assess. Which of the following is the BEST course of action?

A. Exclude the related tests from the audit plan and continue the assignment.

 B. Notify audit management for a decision on how to proceed

C. Complete the audit and give full disclosure in the final audit report 

D. Complete the work assignment to the best of the auditor’s Ability



An organization is developing data classification standards and has asked internal audit for advice  on aligning the standards with best practices. Internal audit would MOST likely recommend the  standards should be:

A. based on the results of an organization-wide risk assessment 

B. based on the business requirements for confidentiality of the information. 

C. aligned with the organization’s segregation of duties requirements

D. based on the business requirements for authentication of the information.   



Which of the following BEST ensures that only authorized software is moved into a  production environment?

A. Restricting read/write access to production code to computer programmers only

B. Assigning programming managers to transfer tested programs to production

C. A librarian compiling source code into production after independent testing 5

D. Requiring programming staff to move tested code into production



A new regulation in one country of a global organization has recently prohibited cross-border transfer  of personal data. An IS auditor has been asked to determine the organization’s level of exposure in  the affected country. Which of the following would be MOST helpful in making this assessment?

A. Identifying data security threats in the affected jurisdiction

B. Identifying business processes associated with personal data exchange with the affected  jurisdiction 

C. Reviewing data classification procedures associated with the affected jurisdiction

D. Developing an inventory of all business entities that exchange personal data with the  affected jurisdiction



A transaction processing system interfaces with the general ledger. Data analytics has  identified that some transactions are being recorded twice in the general ledger. While  management states a system fix has been implemented, what should the IS auditor  recommend to validate the interface is working in the future?

A. Perform periodic reconciliations. [Most of us think that this is the best answer].   

B. Ensure system owner sign-off for the system fix.

C. Conduct functional testing.

D. Improve user acceptance testing (UAT).



An organization has selected a web-based solution to reduce transaction costs and improve  productivity. Before implementation, an IS auditor should ensure that (the organization has:

A. addressed the level of risk exposure 

B. validated the solution against the current IT infrastructure.

C. performed a vulnerability assessment.

D. Implemented electronic data interchange.



Which of the following should MOST concern an IS auditor reviewing an intrusion detection system  (IDS)?

A. Number of false negatives 

B. Legitimate traffic blocked by the system

C. Number of false positives

D. Reliability of IDS logs



During an audit of information security procedures of a large retailer s online store, an IS auditor  notes that operating system (OS) patches are automatically deployed upon -.

Which of the following  should be of GREATEST concern to the auditor?

A. Patches are not reflected in the configuration management database 

B. Patches are in conflict with current licensing agreements

C. Patches are not tested before installation on critical servers. 

D. Patches are pushed from the vendor increasing Internet traffic



Which of the following is the PRIMARY advantage of single sign-on (SSO)? 

A. Improves system performance

B. Ensures good password practices

C. Improves security

D. Reduces administrative work load

You can leave your answers in the comments section mentioning question number and the answer like 1 – A (if for the first question first option is correct). 

Leave a Reply