CISA (Certified Information Systems
Auditor) Exam Questions and Answers
Graded A+
Indemnity Clause - Correct answer-a contractual transfer of risk between two
contractual parties generally to prevent loss or compensate for a loss which may
occur as a result of a specified event
Portfolio Management - Correct answer-Assist in the definition, prioritization,
approval and running of a set of projects within a given organization. These tools
offer data capture, workflow and scenario planning functionality, which can help
identify the optimum set of projects (from the full set of ideas) to take forward
within a given budget.
Helps to gain an understanding of the effectiveness of controls over the
management of multiple projects
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,Top-Down Approach (Meaning-Based) - Correct answer-Deriving lower-level
policies from corporate policies which aids in ensuring consistency across the
organization and consistency with other policies.
What is the BEST way to ensure that the tested code that is moved into production
is the same? - Correct answer-Release management software
The project steering committee is ultimately responsible for: - Correct answer-
project deliverables, costs and timetables
Load testing - Correct answer-Evaluates the performance of the software under
normal and peak conditions.
Recovery testing - Correct answer-evaluates the ability of a system to recover after
a failure.
Volume testing - Correct answer-evaluates the impact of incremental volume of
records (not users) on a system.
Stress testing - Correct answer-determines the capacity of the software to cope with
an abnormal number of users or simultaneous operations.
Spooling - Correct answer-sends documents to be printed to a buffer instead of
sending them immediately to the printer
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,Professional standards - Correct answer-Professional standards from ISACA, The
Institute of Internal Auditors and the International Federation of Accountants
require supervision of audit staff to accomplish audit objectives and comply with
competence, professional proficiency and documentation requirements, and more.
Honeypot - Correct answer-Vulnerable computer that is set up to entice an intruder
to break into it and provides clues as to the hacker's methods and strategies
Program coding standards - Correct answer-These are required for efficient
program maintenance and modifications.
Denormalization vs Normalization - Correct answer-Normalization is used to
remove redundant data from the database and to store non-redundant and
consistent data into it. Reduces data redundancy and inconsistency. Maintains data
integrity
Denormalization is used to combine multiple table data into one so that it can be
queried quickly. Introduces redundancy. Does not maintain any data integrity
Escrow Agreement - Correct answer-A source code escrow agreement is primarily
recommended to help protect the enterprise's investment in software, because the
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, source code will be available through a trusted third party and can be retrieved if
the start-up vendor goes out of business.
Which of the following is the initial step in creating a firewall policy? - Correct
answer-Identification of network applications to be externally accessed
What BEST helps prioritize the recovery of IT assets when planning for a disaster?
- Correct answer-Business impact analysis
Incorporating the business impact analysis (BIA) into the IT disaster recovery
planning process is critical to ensure that IT assets are prioritized to align with the
business.
An advantage in using a bottom-up vs. a top-down approach to software testing is
that: - Correct answer-errors in critical modules are detected earlier.
Spoofing Attack - Correct answer-Attacker pretends to be another user or machine
to gain access
denial of service attack - Correct answer-a cyber attack in which an attacker sends
a flood of data packets to the target computer, with the aim of overloading its
resources
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
Auditor) Exam Questions and Answers
Graded A+
Indemnity Clause - Correct answer-a contractual transfer of risk between two
contractual parties generally to prevent loss or compensate for a loss which may
occur as a result of a specified event
Portfolio Management - Correct answer-Assist in the definition, prioritization,
approval and running of a set of projects within a given organization. These tools
offer data capture, workflow and scenario planning functionality, which can help
identify the optimum set of projects (from the full set of ideas) to take forward
within a given budget.
Helps to gain an understanding of the effectiveness of controls over the
management of multiple projects
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,Top-Down Approach (Meaning-Based) - Correct answer-Deriving lower-level
policies from corporate policies which aids in ensuring consistency across the
organization and consistency with other policies.
What is the BEST way to ensure that the tested code that is moved into production
is the same? - Correct answer-Release management software
The project steering committee is ultimately responsible for: - Correct answer-
project deliverables, costs and timetables
Load testing - Correct answer-Evaluates the performance of the software under
normal and peak conditions.
Recovery testing - Correct answer-evaluates the ability of a system to recover after
a failure.
Volume testing - Correct answer-evaluates the impact of incremental volume of
records (not users) on a system.
Stress testing - Correct answer-determines the capacity of the software to cope with
an abnormal number of users or simultaneous operations.
Spooling - Correct answer-sends documents to be printed to a buffer instead of
sending them immediately to the printer
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,Professional standards - Correct answer-Professional standards from ISACA, The
Institute of Internal Auditors and the International Federation of Accountants
require supervision of audit staff to accomplish audit objectives and comply with
competence, professional proficiency and documentation requirements, and more.
Honeypot - Correct answer-Vulnerable computer that is set up to entice an intruder
to break into it and provides clues as to the hacker's methods and strategies
Program coding standards - Correct answer-These are required for efficient
program maintenance and modifications.
Denormalization vs Normalization - Correct answer-Normalization is used to
remove redundant data from the database and to store non-redundant and
consistent data into it. Reduces data redundancy and inconsistency. Maintains data
integrity
Denormalization is used to combine multiple table data into one so that it can be
queried quickly. Introduces redundancy. Does not maintain any data integrity
Escrow Agreement - Correct answer-A source code escrow agreement is primarily
recommended to help protect the enterprise's investment in software, because the
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, source code will be available through a trusted third party and can be retrieved if
the start-up vendor goes out of business.
Which of the following is the initial step in creating a firewall policy? - Correct
answer-Identification of network applications to be externally accessed
What BEST helps prioritize the recovery of IT assets when planning for a disaster?
- Correct answer-Business impact analysis
Incorporating the business impact analysis (BIA) into the IT disaster recovery
planning process is critical to ensure that IT assets are prioritized to align with the
business.
An advantage in using a bottom-up vs. a top-down approach to software testing is
that: - Correct answer-errors in critical modules are detected earlier.
Spoofing Attack - Correct answer-Attacker pretends to be another user or machine
to gain access
denial of service attack - Correct answer-a cyber attack in which an attacker sends
a flood of data packets to the target computer, with the aim of overloading its
resources
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
