ISACA CISA Certification Sample Questions

CISA Dumps, CISA PDF, CISA VCE, ISACA Information Systems Auditor VCEThe purpose of this Sample Question Set is to provide you with information about the ISACA Information Systems Auditor (CISA) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the CISA certification test. To get familiar with real exam environment, we suggest you try our Sample ISACA CISA Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual ISACA Certified Information Systems Auditor (CISA) certification exam.

These sample questions are simple and basic questions that represent likeness to the real ISACA Information Systems Auditor exam questions. To assess your readiness and performance with real-time scenario based questions, we suggest you prepare with our Premium ISACA CISA Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.

ISACA CISA Sample Questions:

01. Who is accountable for ensuring relevant controls over IS resources?
a) The system administrator
b) Resource owners
c) Network administration
d) The database administrator
02. The primary consideration of an IS auditor when evaluating a fraudulent transaction is:
a) to remain unbiased while evaluating the evidence
b) the independence of the IS auditor
c) to determine the source of the evidence
d) to ensure that the integrity of the evidence is maintained
03. An IS auditor observes that an enterprise has outsourced software development to a third party that is a startup company. To ensure that the enterprise’s investment in software is protected, which of the following should be recommended by the IS auditor?
a) Due diligence should be performed on the software vendor.
b) A quarterly audit of the vendor facilities should be performed.
c) There should be a source code escrow agreement in place.
d) A high penalty clause should be included in the contract.
04. An IS auditor finds a small number of user access requests that had not been authorized by managers through the normal predefined workflow steps and escalation rules. The IS auditor should:
a) recommend that the owner of the identity management (IDM) system fix the workflow issues.
b) report the problem to the audit committee.
c) conduct a security risk assessment.
d) perform an additional analysis.
05. Responsibility of granting access to data with the help of security officer resides with:
a) The data owners
b) The system developer
c) The library controller
d) The system administrator
06. An IS auditor is reviewing the physical security controls of a data center and notices several areas for concern. Which of the following areas is the MOST important?
a) The emergency power off button cover is missing.
b) Scheduled maintenance of the fire suppression system was not performed.
c) There are no security cameras inside the data center.
d) The emergency exit door is blocked.
07. Which of the following choices BEST helps information owners to properly classify data?
a) Understanding of technical controls that protect data
b) Training on organizational policies and standards
c) Use of an automated data leak prevention (DLP) tool
d) Understanding which people need to access the data
08. A test that is conducted when a system is in the development phase is:
a) A sociability test
b) A functionality test
c) A load test
d) A unit test
09. An IS auditor is assigned to audit a software development project, which is more than 80 percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the following actions should the IS auditor take?
a) Report that the organization does not have effective project management.
b) Recommend the project manager be changed.
c) Review the IT governance structure.
d) Review the conduct of the project and the business case.
10. An enterprise’s risk appetite is BEST established by:
a) the steering committee.
b) security management.
c) the audit committee.
d) the chief legal officer.


Question: 01
Answer: b
Question: 02
Answer: d
Question: 03
Answer: c
Question: 04
Answer: d
Question: 05
Answer: a
Question: 06
Answer: d
Question: 07
Answer: b
Question: 08
Answer: d
Question: 09
Answer: d
Question: 10
Answer: a

Note: For any error in ISACA Certified Information Systems Auditor (CISA) certification exam sample questions, please update us by writing an email on

Rating: 4.7 / 5 (161 votes)