CISA (CERTIFIED INFORMATION SYSTEMS AUDITOR)
EXAM QUESTIONS AND CORRECT ANSWERS| GRADE
A+
1. Which of the following is the PRIMARY objective of an IS audit?
A. Detect fraud in the organization
B. Evaluate the adequacy of internal controls
C. Ensure absolute security
D. Assess system performance
Correct Answer: B
---
2. The MOST important reason to maintain an IS audit trail is to:
A. Improve system performance
B. Detect unauthorized access
C. Increase system response time
D. Support business continuity
Correct Answer: B
---
3. Which control BEST ensures data integrity in a database?
A. Hash totals
B. Encryption
C. Access control lists
D. Digital signatures
Correct Answer: A
---
4. The PRIMARY purpose of segregation of duties is to:
A. Improve employee efficiency
B. Prevent fraud and errors
1|Page
,C. Reduce IT workload
D. Enhance documentation
Correct Answer: B
---
5. Which of the following BEST ensures confidentiality during data transmission?
A. Firewalls
B. Encryption
C. Data backups
D. Hash totals
Correct Answer: B
---
6. A post-implementation review is performed to:
A. Validate system requirements
B. Determine if project goals were achieved
C. Select vendors
D. Create user training materials
Correct Answer: B
---
7. Which of the following is a corrective control?
A. Antivirus software
B. Intrusion detection
C. Backup restoration
D. Encryption
Correct Answer: C
---
8. The PRIMARY role of an IS steering committee is to:
A. Approve coding practices
2|Page
,B. Provide project management oversight
C. Ensure alignment of IT and business goals
D. Review firewall rules
Correct Answer: C
---
9. A weakness that could be exploited by a threat is called:
A. Risk
B. Control
C. Vulnerability
D. Exposure
Correct Answer: C
---
10. What is the BEST way to ensure that outsourced providers meet contractual obligations?
A. Reviewing monthly invoices
B. Performing periodic audits
C. Evaluating vendor reputation
D. Holding regular meetings
Correct Answer: B
---
11. The MOST important element of disaster recovery planning is:
A. Hardware replacement
B. Testing the plan
C. Insurance coverage
D. Selecting an alternate site
Correct Answer: B
---
12. Which of the following provides non-repudiation?
3|Page
, A. Firewalls
B. Digital signatures
C. RAID disks
D. Antivirus
Correct Answer: B
---
13. Segregation of duties is MOST difficult to implement in:
A. Small organizations
B. Large enterprises
C. Government agencies
D. Distributed networks
Correct Answer: A
---
14. Which of the following reduces the likelihood of buffer overflow attacks?
A. Input validation
B. Logging
C. Encryption
D. Patch management
Correct Answer: A
---
15. A business impact analysis (BIA) is used to:
A. Assess IT project cost
B. Identify critical business processes
C. Monitor network traffic
D. Develop test scripts
Correct Answer: B
---
16. What is the BEST indicator of effective change management?
4|Page
EXAM QUESTIONS AND CORRECT ANSWERS| GRADE
A+
1. Which of the following is the PRIMARY objective of an IS audit?
A. Detect fraud in the organization
B. Evaluate the adequacy of internal controls
C. Ensure absolute security
D. Assess system performance
Correct Answer: B
---
2. The MOST important reason to maintain an IS audit trail is to:
A. Improve system performance
B. Detect unauthorized access
C. Increase system response time
D. Support business continuity
Correct Answer: B
---
3. Which control BEST ensures data integrity in a database?
A. Hash totals
B. Encryption
C. Access control lists
D. Digital signatures
Correct Answer: A
---
4. The PRIMARY purpose of segregation of duties is to:
A. Improve employee efficiency
B. Prevent fraud and errors
1|Page
,C. Reduce IT workload
D. Enhance documentation
Correct Answer: B
---
5. Which of the following BEST ensures confidentiality during data transmission?
A. Firewalls
B. Encryption
C. Data backups
D. Hash totals
Correct Answer: B
---
6. A post-implementation review is performed to:
A. Validate system requirements
B. Determine if project goals were achieved
C. Select vendors
D. Create user training materials
Correct Answer: B
---
7. Which of the following is a corrective control?
A. Antivirus software
B. Intrusion detection
C. Backup restoration
D. Encryption
Correct Answer: C
---
8. The PRIMARY role of an IS steering committee is to:
A. Approve coding practices
2|Page
,B. Provide project management oversight
C. Ensure alignment of IT and business goals
D. Review firewall rules
Correct Answer: C
---
9. A weakness that could be exploited by a threat is called:
A. Risk
B. Control
C. Vulnerability
D. Exposure
Correct Answer: C
---
10. What is the BEST way to ensure that outsourced providers meet contractual obligations?
A. Reviewing monthly invoices
B. Performing periodic audits
C. Evaluating vendor reputation
D. Holding regular meetings
Correct Answer: B
---
11. The MOST important element of disaster recovery planning is:
A. Hardware replacement
B. Testing the plan
C. Insurance coverage
D. Selecting an alternate site
Correct Answer: B
---
12. Which of the following provides non-repudiation?
3|Page
, A. Firewalls
B. Digital signatures
C. RAID disks
D. Antivirus
Correct Answer: B
---
13. Segregation of duties is MOST difficult to implement in:
A. Small organizations
B. Large enterprises
C. Government agencies
D. Distributed networks
Correct Answer: A
---
14. Which of the following reduces the likelihood of buffer overflow attacks?
A. Input validation
B. Logging
C. Encryption
D. Patch management
Correct Answer: A
---
15. A business impact analysis (BIA) is used to:
A. Assess IT project cost
B. Identify critical business processes
C. Monitor network traffic
D. Develop test scripts
Correct Answer: B
---
16. What is the BEST indicator of effective change management?
4|Page
