Isaca CISA Exam Practice Test Instant Access

Question 1

Which of the following issues identified during a formal review of an organization's information security policies presents the GREATEST potential risk to the organization?

AThe policies are not available to key risk stakeholders.

BThe policies have not been reviewed by the risk management committee.

CThe policies are not aligned with the information security risk appetite.

DThe policies are not based on industry best practices for information security.

Answer : C

Question 2

Which of the following is the BEST approach to help organizations address risks associated with shadow IT?

AImplementing policies that prohibit the use of unauthorized systems and solutions

BTraining employees on information security and conducting routine follow-ups

CProviding employees with access to necessary systems and unlimited software licenses

DConducting regular security assessments to identify unauthorized systems and solutions

Answer : A

Question 3

Which of the following is MOST important for an IS auditor to verify when evaluating tne upgrade of an organization's enterprise resource planning (ERP) application?

AApplication related documentation was updated to reflect the changes in the new version

BSecurity configurations were appropriately applied to the new version

CUsers were provided security training on the new version

DLessons teamed analysis was documented after the upgrade

Answer : B

Question 4

Which of the following technologies is BEST suited to fulfill a business requirement for nonrepudiation of business-to-business transactions with external parties without the need for a mutually trusted entity?

APublic key infrastructure (PKI)

BBlockchain distributed ledger

CArtificial intelligence (Al)

DCentralized ledger technology

Answer : B

Question 5

Which of the following is the BEST indication that an information security awareness program is effective?

AA reduction in the number of reported information security incidents

BA reduction in the success rate of social engineering attacks

CA reduction in the cost of maintaining the information security program

DA reduction in the number of information security attacks

Answer : B

The success rate of social engineering attacks directly measures the behavioral changes resulting from an information security awareness program. Employees who are aware and informed are better equipped to identify and thwart such attacks.

Reduction in Reported Incidents (Option A): This may indicate underreporting rather than program effectiveness.

Reduction in Cost of Maintaining the Program (Option C): This reflects cost efficiency, not program effectiveness.

Reduction in Number of Attacks (Option D): The number of attacks is beyond the control of awareness programs and does not reflect their impact.

Question 6

Which of the following provides the BEST evidence of effective IT portfolio managements?

AIT portfolio updates are communicated when approved.

BPrograms in the IT portfolio are prioritized by each business function.

CThe IT portfolio is updated as business strategy changes.

DThe IT portfolio is updated on the basis of current industry benchmarks.

Answer : C

Question 7

Which of the following is the BEST recommendation by an IS auditor to prevent unauthorized access to Internet of Things (loT) devices'?

AloT devices should only be accessible from the host network.

BloT devices should log and alert on access attempts.

CIoT devices should require identification and authentication.

DloT devices should monitor the use of device system accounts.

Answer : C

Isaca CISA Certified Information Systems Auditor Exam Practice Test