Isaca CISA Exam Practice Test Instant Access

Question 1

A contract for outsourcing IS functions should always include:

AFull details of security procedures to be observed by the contractor.

BA provision for an independent audit of the contractor's operations.

CThe names and roles of staff to be employed in the operation.

DData transfer protocols.

Answer : B

Comprehensive and Detailed Step-by-Step

When outsourcingIS functions,independent audit provisionsensure thatcontractors meet security, compliance, and operational standards.

Option A (Incorrect):Security procedures should be included but are subject tochangeandmay not be detailedin the contract.

Option B (Correct):Independent audit rightsallow the organization toverifythat the vendor complies with security, operational, and regulatory requirements.

Option C (Incorrect):Naming specific staff isimpracticaland not acore contractual requirement.

Option D (Incorrect):Data transfer protocols are important, but they are atechnical detailrather than aprimary contract requirement.

Question 2

Which of the following is MOST helpful for understanding an organization's key driver to modernize application platforms?

AVendor software inventories

BNetwork architecture diagrams

CSystem-wide incident reports

DInventory of end-of-life software

Answer : D

Question 3

When determining the quality of evidence collected during an audit, it is MOST important to ensure the evidence is:

AValid, complete, and accurate.

BTimely, reliable, and reasonable.

CSufficient and comes from the source of the information.

DPersuasive and applicable.

Answer : D

ISACA defines sufficient and appropriate evidence as the standard for audit conclusions. Appropriateness relates to relevance (applicability) and reliability (persuasiveness). Evidence that is persuasive and directly applicable to the audit objective provides stronger assurance than evidence that is merely timely, complete, or reasonable. While the other options describe desirable qualities, they do not encompass the full ISACA standard. Thus, the most complete characterization of quality evidence is that it must be persuasive and applicable to the audit's purpose.

Reference (ISACA): ISACA Audit & Assurance Standards; ISACA ITAF Guidelines on Evidence.

Question 4

One advantage of managing an entire collection of projects as a portfolio is that it highlights the need to:

AInform users about all ongoing projects.

BManage the quality of each project.

CIdentify dependencies between projects.

DManage the risk of each individual project.

Answer : C

Managing projects as a portfolio allows an organization to oversee and coordinate multiple projects collectively. This approach provides a holistic view, enabling the identification of interdependencies among projects. Recognizing these dependencies is crucial for resource allocation, scheduling, and achieving strategic objectives. While informing users, managing quality, and addressing individual project risks are important, they are typically handled within the scope of each project. The unique advantage of portfolio management lies in its ability to identify and manage relationships and dependencies across multiple projects, ensuring that the portfolio aligns with the organization's strategic goals.

ISACA CISA Review Manual, 28th Edition, Chapter 3: Information Systems Acquisition, Development, and Implementation.

Question 5

Which of the following is the PRIMARY advantage of using virtualization technology for corporate applications?

AStronger data security

BBetter utilization of resources

CIncreased application performance

DImproved disaster recovery

Answer : B

The primary advantage of using virtualization technology for corporate applications is to achieve better utilization of resources, such as hardware, software, network and storage. Virtualization technology allows multiple applications to run on a single physical server or device, which reduces the need for additional hardware and maintenance costs. Virtualization technology also enables dynamic allocation and reallocation of resources according to the demand and priority of the applications, which improves efficiency and flexibility. The other options are not the primary advantage of using virtualization technology, although they may be some of the benefits or challenges depending on the implementation and configuration.Reference:

ISACA, CISA Review Manual, 27th Edition, chapter 4, section 4.21

ISACA, COBIT 2019 Framework: Introduction and Methodology, section 3.23

Question 6

An organization is modernizing its technology policy framework to demonstrate compliance with external industry standards. Which of the following would be MOST useful to an IS auditor for validating the outcome?

ABenchmarking of internal standards against peer organizations

BInventory of the organization's approved policy exceptions

CPolicy recommendations from a leading external consulting agency

DMapping of relevant standards against the organization's controls

Answer : D

Question 7

An IS auditor is reviewing documentation from a change that was applied to an application. Which of the following findings would be the GREATEST concern?

ATesting documentation does not show manager approval.

BTesting documentation is dated three weeks before the system implementation date.

CTesting documentation is approved prior to completion of user acceptance testing (UAT).

DTesting documentation is kept in hard copy format.

Answer : C

Isaca Certified Information Systems Auditor CISA Exam Practice Test