ISACA CISA Certified Information Systems Auditor Online Training
ISACA CISA Online Training
The questions for CISA were last updated at Apr 03,2025.
- Exam Code: CISA
- Exam Name: Certified Information Systems Auditor
- Certification Provider: ISACA
- Latest update: Apr 03,2025
An IT balanced scorecard is the MOST effective means of monitoring:
- A . governance of enterprise IT.
- B . control effectiveness.
- C . return on investment (ROI).
- D . change management effectiveness.
When reviewing an organization’s information security policies, an IS auditor should verify that the policies have been defined PRIMARILY on the basis of:
- A . a risk management process.
- B . an information security framework.
- C . past information security incidents.
- D . industry best practices.
Which of the following would be an IS auditor’s GREATEST concern when reviewing the early stages of a software development project?
- A . The lack of technical documentation to support the program code
- B . The lack of completion of all requirements at the end of each sprint
- C . The lack of acceptance criteria behind user requirements.
- D . The lack of a detailed unit and system test plan
Which of the following is the BEST data integrity check?
- A . Counting the transactions processed per day
- B . Performing a sequence check
- C . Tracing data back to the point of origin
- D . Preparing and running test data
Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system.
What is the BEST control to ensure that data is accurately entered into the system?
- A . Reconciliation of total amounts by project
- B . Validity checks, preventing entry of character data
- C . Reasonableness checks for each cost type
- D . Display the back of the project detail after the entry
An incorrect version of the source code was amended by a development team. This MOST likely indicates a weakness in:
- A . incident management.
- B . quality assurance (QA).
- C . change management.
- D . project management.
An organizations audit charier PRIMARILY:
- A . describes the auditors’ authority to conduct audits.
- B . defines the auditors’ code of conduct.
- C . formally records the annual and quarterly audit plans.
- D . documents the audit process and reporting standards.
The decision to accept an IT control risk related to data quality should be the responsibility of the:
- A . information security team.
- B . IS audit manager.
- C . chief information officer (CIO).
- D . business owner.
Which of the following data would be used when performing a business impact analysis (BIA)?
- A . Projected impact of current business on future business
- B . Cost-benefit analysis of running the current business
- C . Cost of regulatory compliance
- D . Expected costs for recovering the business
Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization’s information security policy?
- A . Alignment with the IT tactical plan
- B . IT steering committee minutes
- C . Compliance with industry best practice
- D . Business objectives