CISA TEST 2026 COMPLETE
QUESTIONS AND VERIFIED
ANSWERS
◉ Which of the following should be the most important factor driving a
single application availability requirement when developing a disaster
recovery plan?
A. Confidentiality of data processed by the application
B. The criticality of the business processes supported by the application
C. Total cost of ownership (TCO) of the application
D. Support the application's network bandwidth. Answer: B. The
criticality of the business processes supported by the application
◉ In order to develop a robust data security program, the first step you
should take is:
A. Talk to the senior management level of IT.
B. Implement monitoring controls.
C. Implement data loss prevention measures
D. Perform inventory of assets. Answer: D. Perform inventory of assets
◉ he advantage of object-oriented system development is that it:
A. Suitable for data with complex relationships
B. Partition the system as a client server architecture
C. Easier to program than procedural languages
, D. Reduce system documentation requirements. Answer: A. Suitable for
data with complex relationships
◉ Several portable computers containing customer-sensitive data were
stolen from the staff's office because they were unattended.
Which of the following is the best advice for an information systems
auditor to protect data when it prevents similar incidents from happening
again?
A. Enhance physical security
B. Encrypted disk drive
C. Request for dual certification
D. Requires the use of a cable lock. Answer: A. Enhance physical
security
◉ During the physical security audit, the information system auditor
received a contactless proximity card that allowed to access to three
specific floors of the corporate office building.
Which of the following questions should be the biggest concern?
A. In the first two days of field work of audit, the proximity card did not
work.
B. No follow-up was made for unsuccessful attempts to access
violations.
C. The proximity card incorrectly grants access to the restricted zone
D. No escort required during field work.. Answer: C. The proximity card
incorrectly grants access to the restricted zone
QUESTIONS AND VERIFIED
ANSWERS
◉ Which of the following should be the most important factor driving a
single application availability requirement when developing a disaster
recovery plan?
A. Confidentiality of data processed by the application
B. The criticality of the business processes supported by the application
C. Total cost of ownership (TCO) of the application
D. Support the application's network bandwidth. Answer: B. The
criticality of the business processes supported by the application
◉ In order to develop a robust data security program, the first step you
should take is:
A. Talk to the senior management level of IT.
B. Implement monitoring controls.
C. Implement data loss prevention measures
D. Perform inventory of assets. Answer: D. Perform inventory of assets
◉ he advantage of object-oriented system development is that it:
A. Suitable for data with complex relationships
B. Partition the system as a client server architecture
C. Easier to program than procedural languages
, D. Reduce system documentation requirements. Answer: A. Suitable for
data with complex relationships
◉ Several portable computers containing customer-sensitive data were
stolen from the staff's office because they were unattended.
Which of the following is the best advice for an information systems
auditor to protect data when it prevents similar incidents from happening
again?
A. Enhance physical security
B. Encrypted disk drive
C. Request for dual certification
D. Requires the use of a cable lock. Answer: A. Enhance physical
security
◉ During the physical security audit, the information system auditor
received a contactless proximity card that allowed to access to three
specific floors of the corporate office building.
Which of the following questions should be the biggest concern?
A. In the first two days of field work of audit, the proximity card did not
work.
B. No follow-up was made for unsuccessful attempts to access
violations.
C. The proximity card incorrectly grants access to the restricted zone
D. No escort required during field work.. Answer: C. The proximity card
incorrectly grants access to the restricted zone
