CISA by ISACA Valid Free Exam Practice Test

Question 1

When auditing the closing stages of a system development protect which of the following should be the MOST important consideration?

A. User acceptance lest (UAT) results B. Control requirements C. Functional requirements documentation D. Rollback procedures

Correct Answer: A

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 2

Which of the following is the PRIMARY purpose of conducting a control self-assessment (CSA)?

A. To promote control ownership B. To reduce control costs C. To replace audit responsibilities D. To enable early detection of risks

Correct Answer: A

Question 3

When an IS auditor needs to confirm that an organization is encrypting sensitive information at a database level, which of the following would provide the BEST assurance?

A. Reviewing the organization's encryption policy B. Checking network traffic for clear text transmissions C. Reviewing the drive settings of the host server D. Verifying a sample of critical fields

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 4

Which of the following will be the MOST effective method to verify that a service vendor keeps control levels as required by the client?

A. Periodically review the service level agreement (SLA) with the vendor. B. Conduct an unannounced vulnerability assessment of vendor ' s IT systems. C. Conduct periodic on-site assessments using agreed-upon criteria. D. Obtain evidence of the vendor ' s control self-assessment (CSA).

Correct Answer: C

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 5

Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?

A. Make senior managers responsible for their plan sections. B. Regularly update business impact assessments. C. Involve staff at all levels in periodic paper walk-through exercises. D. Prepare detailed plans for each business function.

Correct Answer: C

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 6

An IT governance body wants to determine whether IT service delivery is based on consistently effective processes. Which of the following is the BEST approach?

A. implement a control self-assessment (CSA) B. Conduct a gap analysis C. Develop a maturity model D. Evaluate key performance indicators (KPIs)

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 7

An IS auditor is assessing the adequacy of management ' s remediation action plan. Which of the following should be the MOST important consideration?

A. Potential cost savings B. Impacts on future audit work C. Criticality of audit findings D. Plan approval by the audit committee

Correct Answer: C

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 8

Which type of review is MOST important to conduct when an IS auditor is informed that a recent internal exploitation of a bug has been discovered in a business application?

A. Server security audit B. Application security testing C. Forensic audit D. Penetration testing

Correct Answer: C

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 9

When developing customer-facing IT applications, in which stage of the system development life cycle (SDLC) is it MOST beneficial to consider data privacy principles?

A. Software selection and acquisition B. Systems design and architecture C. Requirements definition D. User acceptance testing (UAT)

Correct Answer: C

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 10

Which of the following is the BEST way to help ensure new IT implementations align with enterprise architecture (EA) principles and requirements?

A. Conduct EA reviews as part of the change advisory board B. Perform mandatory post-implementation reviews of IT implementations C. Document the security view as part of the EA D. Consider stakeholder concerns when defining the EA

Correct Answer: A

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 11

Which of the following should be an IS auditor's PRIMARY focus when performing a post-implementation review for a critical IT project?

A. Confirm the project steering committee included business representation. B. Determine if project completion was on time and on budget. C. Confirm key stakeholders signed off on project closure. D. Determine if project goals were met as expected.

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 12

An internal audit team is deciding whether to use an audit management application hosted by a third party in a different country.
What should be the MOST important consideration related to the uploading of payroll audit documentation in the hosted application?

A. Per-unit cost charged by the hosting services provider for storage B. Financial regulations affecting the organization C. Data center physical access controls whore the application is hosted D. Privacy regulations affecting the organization

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 13

Which of the following MUST be completed as part of the annual audit planning process?

A. Industry benchmarking B. Risk assessment C. Business continuity analysis D. Risk control matrix

Correct Answer: B

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

ISACA Certified Information Systems Auditor - CISA Exam Practice Test