Free CISA Practice Test Questions 2026

Which of the following should be of GREATEST concern to an IS auditor reviewing actions taken during a forensic investigation?

A.

The investigation report does not indicate a conclusion.

B.

An image copy of the attacked system was not taken.

C.

The proper authorities were not notified.

D.

The handling procedures of the attacked system are not documented.

Which of the following should be of MOST concern to an IS auditor reviewing an organization’s disaster recovery plan (DRP)?

A.

Copies of the DRP are not kept in a secure offsite location.

B.

The CIO has not signed off on the DRP

C.

The disaster recovery steps are not detailed.

D.

The responsibility for declaring a disaster is not identified

Which of the following data would be used when performing a business impact analysis (BIA)?

A.

Cost benefit analysis of running the current business

B.

Projected impact of current business on future business

C.

Expected costs for recovering the business

D.

Cost of regulatory compliance

An IS auditor conducting audit follow-up activities learns that some previously agreed-upon corrective actions have not been taken and that the associated risk has been accepted by senior management. If the auditor disagrees with management s decision what is the BEST way to address the situation? 

A.

Report the issue to the chief audit executive for resolution

B.

Repeat the audit with audit scope only covering areas with accepted risks. 

C.

Take no action since management s decision has been made

D.

Recommend new corrective actions to mitigate the accepted risk.

During the procurement process which of the following would be the BEST indication that prospective vendors will meet the organization's needs?

A.

service catalog is documented

B.

An account transition manager has been identified.

C.

Expected service levels are defined

D.

The vendor's subcontractors have been identified

A database administrator (DBA) extracts a user listing for an auditor as testing evidence. Which of the following will provide the GREATEST assurance that the user listing is reliable'

A.

Obtaining sign-off from the DBA to attest that the list is complete

B.

Requesting a copy of the query that generated the user listing

C.

Requesting a query that returns the count of the users

D.

Witnessing the DBA running the query in-person

Which of the following communication modes should be of GREATEST concern to an IS auditor evaluating end user networking?

A.

Peer-to-peer

B.

Client-to-server

C.

Host-to-host

D.

System-to-system

Which of the following would be of MOST concern during an audit of an end-user computing system containing sensitive information?

A.

Audit logging is not available

B.

Secure authorization is not available

C.

System data is not protected.

D.

The system is not included in inventory.

An IS auditor discovered that a firewall has more services than needed The IS auditor's
FIRST recommendation should be to:

A.

review configurations

B.

deploy a network penetration team.

C.

ensure logging is turned on.

D.

Eliminate services except for HTTPS.

An IS auditor is evaluating the log management system for an organization with devices and systems in multiple geographic locations. Which of the following is MOST important for e auditor to verify?

A.

Log files w concurrently updated

B.

Log files are encrypted and digitally signed.

C.

Log files are reviewed in multiple locations.

D.

Log files of the servers are synchronized.

Which of the following is MOST important when an incident may lead to prosecution?

A.

Independent assessment

B.

Timely incident detection

C.

Impact analysis

D.

Preservation of evidence

Which of the following is the MOST effective mechanism for ensuring that critical IT operational problems are reported to executive management in a timely manner?

A.

Escalation procedures

B.

Service level monitoring

C.

Regular meetings

D.

Periodic status reports