The ISACA Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the CISA certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. These study guide for the CISA will help guide you through the study process for your certification.

CISA ISACA Information Systems Auditor Exam Summary

Exam Name: ISACA Certified Information Systems Auditor (CISA)

Exam Code: CISA

Exam Price: $760 (USD)

Duration: 240 mins

Number of Questions: 150

Passing Score: 450/800

Reference Books: CISA requirements, CISA Review Manual

Schedule Exam: Exam Registration

Sample Questions: ISACA CISA Sample Questions

Recommended Practice: ISACA CISA Certification Practice Exam

Exam Syllabus: CISA ISACA Certified Information Systems Auditor (CISA)

1. Domain 1 (21%)

The Process of Auditing Information Systems

2. Domain 2 (16%)

Governance and Management of IT

3. Domain 3 (18%)

Information Systems Acquisition, Development and Implementation

4. Domain 4 (20%)

Information Systems Operations, Maintenance and Service Management

5. Domain 5 (25%)

Protection of Information Assets

ISACA CISACertification Sample Questions and Answers:-

To make you familiar with ISACA Information Systems Auditor (CISA) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for CISA CISACertification to test your understanding of ISACA CISAprocess with real ISACA certification exam environment.

CISA ISACA Information Systems Auditor Sample Questions:-

01. Which of the following would MOST effectively control the usage of universal storage bus (USB) storage devices?

a) Policies that require instant dismissal if such devices are found

b) Software for tracking and managing USB storage devices

c) Administratively disabling the USB port

d) Searching personnel for USB storage devices at the facility's entrance

02. An IS auditor finds that a DBA has read and write access to production datA. The IS auditor should:

a) accept the DBA access as a common practice.

b) assess the controls relevant to the DBA function.

c) recommend the immediate revocation of the DBA access to production data.

d) review user access authorizations approved by the DBA.

03. What is the primary objective of a control self-assessment (CSA) program?

a) Enhancement of the audit responsibility

b) Elimination of the audit responsibility

c) Replacement of the audit responsibility

d) Integrity of the audit responsibility

04. Responsibility and reporting lines cannot always be established when auditing automated systems since:

a) diversified control makes ownership irrelevant.

b) staff traditionally changes jobs with greater frequency.

c) ownership is difficult to establish where resources are shared.

d) duties change frequently in the rapid development of technology.

05. Which of the following exposures could be caused by a line grabbing technique?

a) Unauthorized data access

b) Excessive CPU cycle usage

c) Lockout of terminal polling

d) Multiplexor control dysfunction

06. The GREATEST advantage of using web services for the exchange of information between two systems is:

a) secure communications.

b) improved performance.

c) efficient interfacing.

d) enhanced documentation.

07. Applying a digital signature to data traveling in a network provides:

a) confidentiality and integrity

b) security and nonrepudiation.

c) integrity and nonrepudiation.

d) confidentiality and nonrepudiation.

08. If the recovery time objective (RTO) increases:

a) the disaster tolerance increases.

b) the cost of recovery increases.

c) a cold site cannot be used.

d) the data backup frequency increases.

09. What uses questionnaires to lead the user through a series of choices to reach a conclusion?

a) Logic trees

b) Decision trees

c) Decision algorithms

d) Logic algorithms

10. Naming conventions for system resources are important for access control because they:

a) ensure that resource names are not ambiguous

b) reduce the number of rules required to adequately protect resources.

c) ensure that user access to resources is clearly and uniquely identified.

d) ensure that internationally recognized names are used to protect resources.

Answers:-

Answer 1 :- b

Answer 2 :- b

Answer 3 :- a

Answer 4 :- c

Answer 5 :- a

Answer 6 :- c

Answer 7 :- c

Answer 8 :- a

Answer 9 :- b

Answer 10:- b