ISACA CISA Certified Information Systems Auditor Online Training
ISACA CISA Online Training
The questions for CISA were last updated at Sep 07,2025.
- Exam Code: CISA
- Exam Name: Certified Information Systems Auditor
- Certification Provider: ISACA
- Latest update: Sep 07,2025
Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?
- A . Risk identification
- B . Risk classification
- C . Control self-assessment (CSA)
- D . Impact assessment
Which of the following would BEST facilitate the successful implementation of an IT-related framework?
- A . Aligning the framework to industry best practices
- B . Establishing committees to support and oversee framework activities
- C . Involving appropriate business representation within the framework
- D . Documenting IT-related policies and procedures
During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures.
The auditor’s NEXT step should be to:
- A . note the noncompliance in the audit working papers.
- B . issue an audit memorandum identifying the noncompliance.
- C . include the noncompliance in the audit report.
- D . determine why the procedures were not followed.
Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?
- A . Assurance that the new system meets functional requirements
- B . More time for users to complete training for the new system
- C . Significant cost savings over other system implemental or approaches
- D . Assurance that the new system meets performance requirements
An IS auditor finds the log management system is overwhelmed with false positive alerts.
The auditor’s BEST recommendation would be to:
- A . establish criteria for reviewing alerts.
- B . recruit more monitoring personnel.
- C . reduce the firewall rules.
- D . fine tune the intrusion detection system (IDS).
Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?
- A . Assignment of responsibility for each project to an IT team member
- B . Adherence to best practice and industry approved methodologies
- C . Controls to minimize risk and maximize value for the IT portfolio
- D . Frequency of meetings where the business discusses the IT portfolio
Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
- A . Audit cycle defined in the audit plan
- B . Complexity of management’s action plans
- C . Recommendation from executive management
- D . Residual risk from the findings of previous audits
Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?
- A . File level encryption
- B . File Transfer Protocol (FTP)
- C . Instant messaging policy
- D . Application-level firewalls
Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system?
- A . Blocking attachments in IM
- B . Blocking external IM traffic
- C . Allowing only corporate IM solutions
- D . Encrypting IM traffic
Which of the following should be an IS auditor’s PRIMARY focus when developing a risk-based IS audit program?
- A . Portfolio management
- B . Business plans
- C . Business processes
- D . IT strategic plans
Latest CISA Dumps Valid Version with 2694 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
