Certified Information Systems Auditor (CISA) Free Practice Test

Question 1

Which of the following should an IS auditor use when verifying a three-way match has occurred in an enterprise resource planning (ERR) system?

A. Purchase order

B. Bank confirmation

C. Goods delivery notification

D. Purchase requisition

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

An IS auditor who was instrumental in designing an application is called upon to review the application. The auditor should:

A. use the knowledge of the application to carry out the audit.

B. modify the scope of the audit.

C. inform audit management of the earlier involvement.

D. refuse the assignment to avoid conflict of interest.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

Which of the following should be the FIRST step to successfully implement a corporate data classification program?

A. Select a data loss prevention (DLP) product.

B. Confirm that adequate resources are available for the project.

C. Approve a data classification policy.

D. Check for the required regulatory requirements.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Which of the following would be MOST useful when analyzing computer performance?

A. Report of off-peak utilization and response time

B. Statistical metrics measuring capacity utilization

C. Operations report of user dissatisfaction with response time

D. Tuning of system software to optimize resource usage

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Which of the following would BEST help lo support an auditor's conclusion about the effectiveness of an implemented data classification program?

A. Purchase of information management tools

B. Business use cases and scenarios

C. Access rights provisioned according to scheme

D. Detailed data classification scheme

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

Which type of threat can utilize a large group of automated social media accounts to steal data, send spam, or launch distributed denial of service (DDoS) attacks?

A. Phishing attempt

B. Botnet attack

C. Malware sharing

D. Data mining

Correct Answer: B

Question 7

Having knowledge in which of the following areas is MOST relevant for an IS auditor reviewing public key infrastructure (PKI)?

A. Technology and process life cycle for digital certificates and key pairs

B. Security strategy in public cloud Infrastructure as a Service (IaaS)

C. Modern encoding methods for digital communications

D. Design and application of key controls in public audit

Correct Answer: A

Question 8

Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?

A. User awareness training

B. Background checks

C. Transaction log review

D. Mandatory holidays

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor ' s NEXT step should be to:

A. include the noncompliance in the audit report.

B. determine why the procedures were not followed.

C. issue an audit memorandum identifying the noncompliance.

D. note the noncompliance in the audit working papers.

Correct Answer: B

Welcome to TestSimulate

ISACA Certified Information Systems Auditor (CISA) Free Practice Test