Free CISA Practice Test Questions 2026

To ensure efficient and economic use of limited resources in supporting a local area network (LAN) infrastructure, it is advisable to:

A.

periodically rotate vendors to obtain the best price-to-performance ratio

B.

standardize on a limited number of device models and software applications

C.

quickly upgrade to the latest hardware and software versions to take advantage of new features

D.

recommend a variety of products so that user effectiveness and flexibility can be maximized.

Which of the following analytical methods would be MOST useful when trying to identify groups with similar behavior or characteristics in a large population?

A.

Classification

B.

Correlation analysis

C.

Clustering

D.

Deviation detection

An IS auditor begins an assignment and identifies audit components for which the auditor is not qualified to assess. Which of the following is the BEST course of anion?

A.

Exclude the related tests from the audit plan and continue the assignment

B.

Notify audit management for a decision on how to proceed

C.

Complete the audit and give full disclosure in the final audit report

D.

Complete the work assignment to the best of the auditor's Ability

Requiring that passwords contain a combination of numeric and alphabetic characters is MOST effective against which type of attack?

A.

Dictionary

B.

Denial of service

C.

Social engineering

D.

Programmed

internal IS auditor recommends that incoming accounts payable payment files be encrypted. Which type of control is the auditor recommending?

A.

Directive

B.

Detective

C.

Preventive

D.

Corrective

.. Implementing which of the following would BEST address issues relating to the aging of IT systems?

A.

IT project management

B.

Configuration management

C.

Application portfolio management

D.

Release management

select a sample for testing, which must include the 80 largest client balances and a random sample of the rest, the IS auditor should recommend:

A.

use of generalized audit software.

B.

development of an integrated test facility (ITF).

C.

applying attribute sampling using software.

D.

sorting the file with a utility Release management

Which of the following is the PRIMARY objective of the IS audit function?

A.

Certify the accuracy of financial data

B.

Facilitate extraction of computer-based data for substantive testing

C.

Perform reviews based on standards developed by professional organizations

D.

Report to management on the functioning of internal controls.

When replacing a critical software application, which of the following provides for the LOWEST risk of interruption to business processes?

A.

Big-bang implementation

B.

Parallel implementation

C.

Pilot implementation

D.

Incremental implementation

During a review of an insurance company s claims system, the IS auditor learns that claims for specific medical procedures are acceptable only from females This is an example of a:

A.

logical relationship check

B.

key verification.

C.

completeness check.

D.

reasonableness check

Which of the following is the BEST time for an IS auditor to perform hich of the following is the BEST way to protect the confidentiality of data on a corporate smartphone?

A.

Using encryption

B.

Using remote data wipe capabilities

C.

Disabling public wireless connections

D.

Changing the default PIN for Bluetooth connections

Which of the following is the PRIMARY advantage of using virtualization technology for corporate applications?

A.

Increased application performance

B.

Improved disaster recovery

C.

Stronger data security

D.

Better utilization of resources