ISACA CISA SET SOLVED CORRECTLY TO SCORE A+ 2025|2026
1. The internal audit dept. c. sharing the scrips is permissable of IT recognizes that
audit may
wrote some scripts that are still be conducted in areas not covered in scripts
sued for continuous audit-
ing of some IS audit can still review all aspects of the system. They
information may not be
systems. The IT dept. asked able to review the ettectiveness of the scripts but they can
still audit
for compies of the on IS system re- gardless of audit
scripts so that they indepen- dence
can use them for c. sharing the scrips is per-
setting up a continu- missable of IT recognizes that
ous monitoring audit may still be con- ducted in
process on key areas not covered
systems. Does sharing
these scripts with IT
affect the ability of the
IS auditors to
independently and ob-
jectively audit the IT
func- tions?
a. sharing scripts is not
per- mitted because it
gives IT ability to pre-
audit systems and avoid
an accurate com-
prehensive audit.
b. sharing scripts is re-
quired because IT
must have ability to
review all programs
and software that run
, ISACA CISA SET SOLVED CORRECTLY TO SCORE A+ 2025|2026
the systems.
, ISACA CISA SET SOLVED CORRECTLY TO SCORE A+ 2025|2026
in scripts
d. sharing scripts is not
permitted because the
IS auditors who wrote
scripts would not be
permitted to audit any
IS systems where the
scripts are being used
for monitoring
C. Configuration
2. Which of the following
ac- tivities cause
most secu- rity The correct answer is configuration. The web server that
vulnerabilities in web an or- ganization acquires is generic and must be
servers? customized during its configuration. Unnecessary software
A. Acquisition services and user accounts in the web server should be
B. Usage removed or redefined. The web server configuration
C. Configuration scenarios should fit its established security policy. The
D. Maintenance other answer choices are incorrect: The acquisition,
usage, and maintenance of a web server are not as
important as that of its configuration.
3. Which of the following A. Honeypots
net- work security tools
Honeypots are computers that security administrators place
is PRI- MARILY used by as a
the securi-
ty team to enhance security trap for intruders. Hackers will scan and attack
honeypots, giving
in the IT environment? administrators data on new trends and attack tools,
particularly malicious code. The security team can use
A. Honeypots this knowledge to determine which areas of network
B. Intrusion detection require protection from such attacks.
sys- tem
, ISACA CISA SET SOLVED CORRECTLY TO SCORE A+ 2025|2026
C. Intrusion prevention sys- The other answer choices are incorrect:
tem Intrusion prevention systems (IPS) are configured to both
D. Vulnerability detect and prevent potential attacks on the IT
scanner environment and assets.
1. The internal audit dept. c. sharing the scrips is permissable of IT recognizes that
audit may
wrote some scripts that are still be conducted in areas not covered in scripts
sued for continuous audit-
ing of some IS audit can still review all aspects of the system. They
information may not be
systems. The IT dept. asked able to review the ettectiveness of the scripts but they can
still audit
for compies of the on IS system re- gardless of audit
scripts so that they indepen- dence
can use them for c. sharing the scrips is per-
setting up a continu- missable of IT recognizes that
ous monitoring audit may still be con- ducted in
process on key areas not covered
systems. Does sharing
these scripts with IT
affect the ability of the
IS auditors to
independently and ob-
jectively audit the IT
func- tions?
a. sharing scripts is not
per- mitted because it
gives IT ability to pre-
audit systems and avoid
an accurate com-
prehensive audit.
b. sharing scripts is re-
quired because IT
must have ability to
review all programs
and software that run
, ISACA CISA SET SOLVED CORRECTLY TO SCORE A+ 2025|2026
the systems.
, ISACA CISA SET SOLVED CORRECTLY TO SCORE A+ 2025|2026
in scripts
d. sharing scripts is not
permitted because the
IS auditors who wrote
scripts would not be
permitted to audit any
IS systems where the
scripts are being used
for monitoring
C. Configuration
2. Which of the following
ac- tivities cause
most secu- rity The correct answer is configuration. The web server that
vulnerabilities in web an or- ganization acquires is generic and must be
servers? customized during its configuration. Unnecessary software
A. Acquisition services and user accounts in the web server should be
B. Usage removed or redefined. The web server configuration
C. Configuration scenarios should fit its established security policy. The
D. Maintenance other answer choices are incorrect: The acquisition,
usage, and maintenance of a web server are not as
important as that of its configuration.
3. Which of the following A. Honeypots
net- work security tools
Honeypots are computers that security administrators place
is PRI- MARILY used by as a
the securi-
ty team to enhance security trap for intruders. Hackers will scan and attack
honeypots, giving
in the IT environment? administrators data on new trends and attack tools,
particularly malicious code. The security team can use
A. Honeypots this knowledge to determine which areas of network
B. Intrusion detection require protection from such attacks.
sys- tem
, ISACA CISA SET SOLVED CORRECTLY TO SCORE A+ 2025|2026
C. Intrusion prevention sys- The other answer choices are incorrect:
tem Intrusion prevention systems (IPS) are configured to both
D. Vulnerability detect and prevent potential attacks on the IT
scanner environment and assets.
