Certified Information Systems Auditor

Here you have the best Isaca CISA practice exam questions

  • You have 1823 total questions to study from
  • Each page has 5 questions, making a total of 365 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on January 16, 2026
  • This site is not affiliated with or endorsed by Isaca.
Question 1 of 1823
Which of the following should be of GREATEST concern to an IS auditor reviewing an organization's business continuity plan (BCP)?
Correct Answer: D

The greatest concern for an IS auditor reviewing an organization's business continuity plan (BCP) would be if the BCP has not been approved by senior management. The approval of the BCP by senior management ensures that the plan is considered valid and authoritative within the organization, receives the necessary resources, and has the commitment of top leadership. Without this approval, the plan may not be effectively implemented, tested, or maintained, reducing its ability to ensure business continuity during disruptions.

Question 2 of 1823
Which of the following would be MOST useful when analyzing computer performance?
Correct Answer: C

The most useful option when analyzing computer performance is statistical metrics measuring capacity utilization. These metrics provide quantifiable data on how system resources such as CPU, memory, and storage are being utilized. By analyzing these metrics, one can identify bottlenecks, inefficiencies, and areas where resource optimization is needed, which is essential for improving overall system performance.

Question 3 of 1823
Which of the following is the GREATEST risk if two users have concurrent access to the same database record?
Correct Answer: D

When two users have concurrent access to the same database record, the greatest risk is data integrity. Data integrity ensures that the data is accurate, consistent, and reliable. Concurrent access can lead to conflicts and inconsistencies, such as overwriting data or creating discrepancies, compromising the accuracy and reliability of the database.

Question 4 of 1823
Which of the following is the MOST effective way for an organization to help ensure agreed-upon action plans from an IS audit will be implemented?
Correct Answer: A

The most effective way to ensure agreed-upon action plans from an IS audit will be implemented is to ensure ownership is assigned. Assigning ownership creates accountability, making it clear who is responsible for following through on the action plans. This accountability helps drive the implementation process and ensures that there is a specific person or team who will be held responsible for completing the necessary actions. Testing corrective actions or communicating audit results are important steps, but they are secondary to ensuring that someone is accountable for the implementation of the actions.

Question 5 of 1823
Which of the following issues associated with a data center's closed circuit television (CCTV) surveillance cameras should be of MOST concern to an IS auditor?
Correct Answer: A

The most concerning issue associated with a data center's closed-circuit television (CCTV) surveillance cameras is that CCTV recordings are not regularly reviewed. Regular review of CCTV footage is critical to detect and respond to security incidents in a timely manner. If the recordings are not reviewed consistently, potential breaches or unauthorized activities may go unnoticed, thereby compromising the security of the data center. This oversight is more critical than issues such as the duration of record retention, 24 x 7 recording, or camera placement in less critical areas like break rooms.