Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free Isaca CISA Practice Exam with Questions & Answers | Set: 9

Questions 401

Which of the following will MOST likely compromise the control provided By a digital signature created using RSA encryption?

Options:
A.

Reversing the hash function using the digest

B.

Altering the plaintext message

C.

Deciphering the receiver's public key

D.

Obtaining the sender's private key

Isaca CISA Premium Access
Questions 402

Due to limited storage capacity, an organization has decided to reduce the actual retention period for media containing completed low-value transactions. Which of the following is MOST important for the organization to ensure?

Options:
A.

The policy includes a strong risk-based approach.

B.

The retention period allows for review during the year-end audit.

C.

The retention period complies with data owner responsibilities.

D.

The total transaction amount has no impact on financial reporting

Questions 403

A now regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor’s BEST recommendation to facilitate compliance with the regulation?

Options:
A.

Establish key performance indicators (KPls) for timely identification of security incidents.

B.

Engage an external security incident response expert for incident handling.

C.

Enhance the alert functionality of the intrusion detection system (IDS).

D.

Include the requirement in the incident management response plan.

Questions 404

An employee loses a mobile device resulting in loss of sensitive corporate data. Which o( the following would have BEST prevented data leakage?

Options:
A.

Data encryption on the mobile device

B.

Complex password policy for mobile devices

C.

The triggering of remote data wipe capabilities

D.

Awareness training for mobile device users

Questions 405

A project team has decided to switch to an agile approach to develop a replacement for an existing business application. Which of the following should an IS auditor do FIRST to ensure the effectiveness of the protect audit?

Options:
A.

Compare the agile process with previous methodology.

B.

Identify and assess existing agile process control

C.

Understand the specific agile methodology that will be followed.

D.

Interview business process owners to compile a list of business requirements

Questions 406

Which of the following provides IS audit professionals with the BEST source of direction for performing audit functions?

Options:
A.

Audit charter

B.

IT steering committee

C.

Information security policy

D.

Audit best practices

Questions 407

Which of the following controls BEST ensures appropriate segregation of dudes within an accounts payable department?

Options:
A.

Ensuring that audit trails exist for transactions

B.

Restricting access to update programs to accounts payable staff only

C.

Including the creator's user ID as a field in every transaction record created

D.

Restricting program functionality according to user security profiles

Questions 408

Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts payable system. Which of the following is the IS auditor's BEST recommendation for a compensating control?

Options:
A.

Require written authorization for all payment transactions

B.

Restrict payment authorization to senior staff members.

C.

Reconcile payment transactions with invoices.

D.

Review payment transaction history

Questions 409

Which of the following occurs during the issues management process for a system development project?

Options:
A.

Contingency planning

B.

Configuration management

C.

Help desk management

D.

Impact assessment

Questions 410

Which of the following metrics would BEST measure the agility of an organization's IT function?

Options:
A.

Average number of learning and training hours per IT staff member

B.

Frequency of security assessments against the most recent standards and guidelines

C.

Average time to turn strategic IT objectives into an agreed upon and approved initiative

D.

Percentage of staff with sufficient IT-related skills for the competency required of their roles

Questions 411

Which of the following provides the MOST assurance over the completeness and accuracy ol loan application processing with respect to the implementation of a new system?

Options:
A.

Comparing code between old and new systems

B.

Running historical transactions through the new system

C.

Reviewing quality assurance (QA) procedures

D.

Loading balance and transaction data to the new system

Questions 412

An IS auditor Is reviewing a recent security incident and is seeking information about me approval of a recent modification to a database system's security settings Where would the auditor MOST likely find this information?

Options:
A.

System event correlation report

B.

Database log

C.

Change log

D.

Security incident and event management (SIEM) report

Questions 413

During an audit of a multinational bank's disposal process, an IS auditor notes several findings. Which of the following should be the auditor's GREATEST concern?

Options:
A.

Backup media are not reviewed before disposal.

B.

Degaussing is used instead of physical shredding.

C.

Backup media are disposed before the end of the retention period

D.

Hardware is not destroyed by a certified vendor.

Questions 414

An IS auditor concludes that an organization has a quality security policy. Which of the following is MOST important to determine next? The policy must be:

Options:
A.

well understood by all employees.

B.

based on industry standards.

C.

developed by process owners.

D.

updated frequently.

Questions 415

An IS auditor is evaluating the risk associated with moving from one database management system (DBMS) to another. Which of the following would be MOST helpful to ensure the integrity of the system throughout the change?

Options:
A.

Preserving the same data classifications

B.

Preserving the same data inputs

C.

Preserving the same data structure

D.

Preserving the same data interfaces

Questions 416

Which of the following would be of MOST concern for an IS auditor evaluating the design of an organization's incident management processes?

Options:
A.

Service management standards are not followed.

B.

Expected time to resolve incidents is not specified.

C.

Metrics are not reported to senior management.

D.

Prioritization criteria are not defined.

Questions 417

Which of the following MUST be completed as part of the annual audit planning process?

Options:
A.

Business impact analysis (BIA)

B.

Fieldwork

C.

Risk assessment

D.

Risk control matrix

Questions 418

A third-party consultant is managing the replacement of an accounting system. Which of the following should be the IS auditor's GREATEST concern?

Options:
A.

Data migration is not part of the contracted activities.

B.

The replacement is occurring near year-end reporting

C.

The user department will manage access rights.

D.

Testing was performed by the third-party consultant

Questions 419

Which of the following observations would an IS auditor consider the GREATEST risk when conducting an audit of a virtual server farm tor potential software vulnerabilities?

Options:
A.

Guest operating systems are updated monthly

B.

The hypervisor is updated quarterly.

C.

A variety of guest operating systems operate on one virtual server

D.

Antivirus software has been implemented on the guest operating system only.

Questions 420

An IS auditor is reviewing the release management process for an in-house software development solution. In which environment Is the software version MOST likely to be the same as production?

Options:
A.

Staging

B.

Testing

C.

Integration

D.

Development

Questions 421

In a RAO model, which of the following roles must be assigned to only one individual?

Options:
A.

Responsible

B.

Informed

C.

Consulted

D.

Accountable

Exam Code: CISA
Certification Provider: Isaca
Exam Name: Certified Information Systems Auditor
Last Update: Jul 15, 2025
Questions: 1407

Isaca Free Exams

Isaca Free Exams
Examstrack offers comprehensive free resources and practice tests for Isaca exams.