CISA Practice Exam
2025/2026
Exam Prep Material
with
Verified Questions and Answers
A+ Grades Guarantee
, C.Human safety procedures are in place.
Explanation: The most important element in any business
continuity process is the protection of human life. This takes
precedence over all other aspects of the plan.
Which of the following would
be MOST important for an IS
auditor to verify while conducting
a business continuity audit?
A.Data backups are performed
on a timely basis.
B.A recovery site is contracted for
and available as needed.
C.Human safety procedures are
in place.
D.Insurance coverage is
adequate and premiums are
current.
B.retention.
Explanation:Besides being a good practice, laws and
regulations may require an organization to keep information
that has an impact on the financial statements. The
prevalence of lawsuits in which email communication is held
in the same regard as the official form of classic paper makes
A comprehensive and effective the retention policy of corporate email a necessity. All email
email policy should address the generated on an organization’s hardware is the property of
issues of email structure, policy the organization, and an email policy should address the
enforcement, monitoring and: retention of messages, considering both known and
A.recovery. unforeseen litigation. The policy should also address the
B.retention. destruction of emails after a specified time to protect the
C.rebuilding. nature and confidentiality of the messages themselves.
D.reuse.
D. communicate the possibility of conflict of interest to audit
management prior to starting the assignment.
Explanation:A possible conflict of interest, likely to affect the
IS auditor’s independence, should be brought to the attention
An IS auditor who was involved in of management prior to starting the assignment.
designing an organization's
business continuity plan (BCP)
has been assigned to audit the
plan. The IS auditor should:
A.decline the assignment.
B.inform management of the
possible conflict of interest after
completing the audit assignment.
C.inform the BCP team of the
possible conflict of interest prior
to beginning the assignment.
D.communicate the possibility of
conflict of interest to audit
management prior to starting the
assignment.
, A.Offsite storage of backup data
Explanation: Remote storage of backups is the most critical
disaster recovery plan (DRP) element of the items listed
Which of the following is
the MOST critical element to because access to backup data is required to restore
systems.
effectively execute a disaster
recovery plan?
A.Offsite storage of backup data
B.Up-to-date list of key disaster
recovery contacts
C.Availability of a replacement
data center
D.Clearly defined recovery time
objective (RTO)
B. report this issue as a finding in the audit report.
Explanation: It is critical for the EA to include the future state
because the gap between the current state and the future
state will determine IT strategic and tactical plans. If the EA
does not include a future-state representation, it is not
An IS auditor found that the
complete, and this issue should be reported as a finding.
enterprise architecture (EA)
recently adopted by an
organization has an adequate
current-state representation.
However, the organization has
started a separate project to
develop a future-state
representation. The IS auditor
should:
A.recommend that this separate
project be completed as soon as
possible.
B.report this issue as a finding in
the audit report.
C.recommend the adoption of the
Zachmann framework.
D.re-scope the audit to include
the separate project as part of the
current audit.
A.Projects are aligned with the organization’s strategy.
Explanation: The primary goal of IT projects is to add value to
the business, so they must be aligned with the business
What is strategy to achieve the intended results. Therefore, the IS
the PRIMARY consideration for auditor should first focus on ensuring this alignment.
an IS auditor reviewing the
prioritization and coordination of
IT projects and program
management?
A.Projects are aligned with the
organization’s strategy.
B.Identified project risk is
monitored and mitigated.
C.Controls related to project
planning and budgeting are
appropriate.
D.IT project metrics are reported
accurately.
2025/2026
Exam Prep Material
with
Verified Questions and Answers
A+ Grades Guarantee
, C.Human safety procedures are in place.
Explanation: The most important element in any business
continuity process is the protection of human life. This takes
precedence over all other aspects of the plan.
Which of the following would
be MOST important for an IS
auditor to verify while conducting
a business continuity audit?
A.Data backups are performed
on a timely basis.
B.A recovery site is contracted for
and available as needed.
C.Human safety procedures are
in place.
D.Insurance coverage is
adequate and premiums are
current.
B.retention.
Explanation:Besides being a good practice, laws and
regulations may require an organization to keep information
that has an impact on the financial statements. The
prevalence of lawsuits in which email communication is held
in the same regard as the official form of classic paper makes
A comprehensive and effective the retention policy of corporate email a necessity. All email
email policy should address the generated on an organization’s hardware is the property of
issues of email structure, policy the organization, and an email policy should address the
enforcement, monitoring and: retention of messages, considering both known and
A.recovery. unforeseen litigation. The policy should also address the
B.retention. destruction of emails after a specified time to protect the
C.rebuilding. nature and confidentiality of the messages themselves.
D.reuse.
D. communicate the possibility of conflict of interest to audit
management prior to starting the assignment.
Explanation:A possible conflict of interest, likely to affect the
IS auditor’s independence, should be brought to the attention
An IS auditor who was involved in of management prior to starting the assignment.
designing an organization's
business continuity plan (BCP)
has been assigned to audit the
plan. The IS auditor should:
A.decline the assignment.
B.inform management of the
possible conflict of interest after
completing the audit assignment.
C.inform the BCP team of the
possible conflict of interest prior
to beginning the assignment.
D.communicate the possibility of
conflict of interest to audit
management prior to starting the
assignment.
, A.Offsite storage of backup data
Explanation: Remote storage of backups is the most critical
disaster recovery plan (DRP) element of the items listed
Which of the following is
the MOST critical element to because access to backup data is required to restore
systems.
effectively execute a disaster
recovery plan?
A.Offsite storage of backup data
B.Up-to-date list of key disaster
recovery contacts
C.Availability of a replacement
data center
D.Clearly defined recovery time
objective (RTO)
B. report this issue as a finding in the audit report.
Explanation: It is critical for the EA to include the future state
because the gap between the current state and the future
state will determine IT strategic and tactical plans. If the EA
does not include a future-state representation, it is not
An IS auditor found that the
complete, and this issue should be reported as a finding.
enterprise architecture (EA)
recently adopted by an
organization has an adequate
current-state representation.
However, the organization has
started a separate project to
develop a future-state
representation. The IS auditor
should:
A.recommend that this separate
project be completed as soon as
possible.
B.report this issue as a finding in
the audit report.
C.recommend the adoption of the
Zachmann framework.
D.re-scope the audit to include
the separate project as part of the
current audit.
A.Projects are aligned with the organization’s strategy.
Explanation: The primary goal of IT projects is to add value to
the business, so they must be aligned with the business
What is strategy to achieve the intended results. Therefore, the IS
the PRIMARY consideration for auditor should first focus on ensuring this alignment.
an IS auditor reviewing the
prioritization and coordination of
IT projects and program
management?
A.Projects are aligned with the
organization’s strategy.
B.Identified project risk is
monitored and mitigated.
C.Controls related to project
planning and budgeting are
appropriate.
D.IT project metrics are reported
accurately.
