Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCISADomainsInformation Systems Acquisition, Development and Implementation
CISAFree — No Signup

Information Systems Acquisition, Development and Implementation

Practice CISA Information Systems Acquisition, Development and Implementation questions with full explanations on every answer.

146questions

Start practicing

Information Systems Acquisition, Development and Implementation — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CISA Domains

Governance and Management of ITInformation Systems Acquisition, Development and ImplementationInformation Systems Operations and Business ResilienceProtection of Information AssetsInformation System Auditing Process

Practice Information Systems Acquisition, Development and Implementation questions

10Q20Q30Q50Q

All CISA Information Systems Acquisition, Development and Implementation questions (146)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A company is replacing its legacy on-premises ERP system with a cloud-based SaaS solution. The project manager is concerned about data migration risks. Which of the following is the BEST approach to mitigate data integrity issues during migration?

2

An organization is developing a new customer portal. The development team wants to use an agile methodology. Which of the following is a key benefit of using agile for this project?

3

During the user acceptance testing (UAT) phase of a new financial application, the business users report that the system calculates interest incorrectly for certain loan types. The project manager wants to fix this quickly. Which of the following is the BEST course of action?

4

An IT auditor is reviewing the system development life cycle (SDLC) process for a critical application. Which of the following findings would be of MOST concern?

5

When implementing a commercial off-the-shelf (COTS) software package, which of the following is the MOST important activity to ensure the software meets business requirements?

6

A company is implementing a new procurement system. The project team is considering using a rapid application development (RAD) methodology. Which of the following is a potential risk of using RAD?

7

An organization is developing a mobile app that will handle personal health information (PHI). The security team mandates that data must be encrypted both in transit and at rest. Which of the following implementation strategies BEST ensures compliance?

8

In a traditional waterfall SDLC, when should the test plan be developed?

9

An IT auditor is evaluating the change management process for a financial trading system. Which of the following is the BEST indicator of a mature change management process?

10

A company is integrating a third-party payment gateway into its e-commerce platform. Which of the following is the MOST important security control to implement?

11

During a post-implementation review of a new HR system, the auditor finds that the system's disaster recovery plan (DRP) was not tested before go-live. Which of the following is the BEST recommendation?

12

Which TWO of the following are key activities in the system design phase of the SDLC?

13

Which THREE of the following are common risks associated with outsourcing software development?

14

Which TWO of the following are benefits of using a version control system in software development?

15

Which THREE of the following are key considerations when selecting a software development methodology for a project?

16

Refer to the exhibit. An administrator applied this ACL to a VLAN interface. The server at 10.0.0.100 hosts a web application. What is the effect of this ACL?

17

Refer to the exhibit. A developer is inserting a new employee record. What is the cause of this error?

18

Refer to the exhibit. A cloud load balancer uses this JSON configuration. A request arrives from source IP 10.0.1.100 to port 80. Which backend pool will receive the request?

19

A multinational corporation is replacing its legacy on-premises customer relationship management (CRM) system with a new cloud-based CRM solution. The project involves migrating data from the old system, customizing the new system to match business processes, and integrating with an existing enterprise resource planning (ERP) system. The project has a tight deadline of six months. During the planning phase, the project team decides to use a waterfall methodology because the requirements are well-defined. However, three months into the project, the business users request significant changes to the customer data fields, which were not originally specified. The project manager is concerned that accommodating these changes will delay the project. The integration with the ERP system is also proving more complex than anticipated, with data mapping errors causing delays. The go-live date is fixed due to the end-of-support for the legacy system. What is the BEST course of action for the project manager?

20

A hospital is implementing a new electronic health records (EHR) system. The system will be used by doctors, nurses, and administrative staff. During the user acceptance testing (UAT) phase, the nursing staff reports that the interface for entering patient vitals is too slow and requires many clicks, which slows down their workflow. The project team has already completed system testing and is preparing for go-live in two weeks. The development team can make a quick fix to streamline the vital signs entry by adding a shortcut, but this change has not been tested. The IT director is concerned about patient safety and wants to ensure the system is usable. What is the BEST course of action?

21

An organization is implementing a new financial system and has completed user acceptance testing (UAT). The project manager reports that all critical defects have been fixed and retested, but several low-severity issues remain unresolved. What is the BEST course of action?

22

During a nightly batch job, the above error appears in the application logs. The transaction table ACCT_TRANS has a unique constraint on the REF_NUM column. Which of the following is the MOST likely root cause?

23

A company is implementing a new customer relationship management (CRM) system. The project team is currently defining user roles and permissions. Which of the following is the PRIMARY reason to enforce segregation of duties (SoD) within the CRM?

24

An organization is developing a web application using an Agile methodology. The security team wants to integrate security testing early in the development lifecycle. Which of the following is the BEST approach to achieve this?

25

During a system development project, the project manager notices that the actual cost is significantly higher than the planned cost at the 50% completion point. The earned value (EV) is $500,000, the actual cost (AC) is $600,000, and the planned value (PV) is $550,000. Which of the following is the MOST appropriate action?

26

An organization is planning to replace its legacy accounting system with a commercial off-the-shelf (COTS) software package. Which of the following is the PRIMARY risk of using a COTS solution?

27

A company is migrating its on-premises data center to a public cloud provider. Which of the following is the MOST important control to implement before migration to ensure data security?

28

Which TWO of the following are key benefits of using a system development life cycle (SDLC) methodology? (Select exactly two.)

29

Which THREE of the following are common challenges when integrating a software package with existing legacy systems? (Select exactly three.)

30

Refer to the exhibit. An application log shows an error. What is the MOST likely cause of this error?

31

Refer to the exhibit. A security administrator is troubleshooting why external users cannot reach the web server at 203.0.113.10 from the internet. Based on the configuration, what is the MOST likely issue?

32

You are the IT audit manager for a multinational corporation. The company recently implemented a new enterprise resource planning (ERP) system using a phased rollout approach. The first phase (finance module) was deployed to three regional offices six months ago. During a post-implementation review, you discovered that the user acceptance testing (UAT) for the finance module was completed in only two days instead of the planned two weeks. The UAT was performed by a small group of power users selected by the project manager, and they reported no critical issues. However, after go-live, several finance staff in one region found that the system does not support a statutory reporting requirement specific to that country, which was not tested. The project manager argues that the requirement was never documented in the business requirements specification. The system has been live for six months, and the missing functionality requires a significant customization that will take three months and cost $200,000. Management is reluctant to fund the customization because the budget is exhausted. As the IT auditor, what is the BEST course of action?

33

During user acceptance testing (UAT) of a new financial system, users report that the system fails to enforce a segregation of duties rule where the same user should not be able to create a purchase order and approve it. The requirement was documented in the functional specifications. Which of the following is the MOST likely cause of this issue?

34

An IS auditor is reviewing the system development life cycle (SDLC) for a custom application. The project manager has decided to skip the design phase and proceed directly from requirements to coding. Which of the following risks are MOST likely to increase as a result? (Choose two.)

35

Order the steps for conducting an audit engagement from start to finish.

36

Arrange the steps to implement a password policy in the correct order.

37

Match each type of access control to its definition.

38

Match each encryption key type to its usage.

39

During the feasibility study for a new inventory system, the project team identifies that the expected benefits are significantly lower than the initial estimates. What is the MOST appropriate action for the IS auditor to recommend?

40

A company is implementing a new ERP system. The project team plans to use a parallel conversion strategy. What is the PRIMARY advantage of this approach?

41

An organization is developing a custom application. The project manager reports that the development team has implemented 80% of the features but only 50% of the budget is used. What is the MOST significant risk from an IS audit perspective?

42

During a post-implementation review of a financial system, an IS auditor finds that several critical reports are not being generated correctly. Which of the following should the auditor recommend FIRST?

43

An organization is considering outsourcing its IT infrastructure management. Which of the following is the MOST important factor to include in the service level agreement (SLA)?

44

During data conversion from a legacy system to a new ERP, the project team decides to clean data during extraction but not during loading. What is the PRIMARY risk associated with this approach?

45

An IS auditor is reviewing the system development life cycle (SDLC) methodology. Which phase should include the development of detailed test plans?

46

A company is using an agile development methodology for a critical business application. The IS auditor is concerned about the lack of formal documentation. What is the BEST approach to mitigate this risk?

47

A multinational corporation is implementing a global HR system. The project team decides to use a pilot implementation in one region before rolling out to others. What is the PRIMARY risk if the pilot region is not representative of the entire organization?

48

Refer to the exhibit. The IS auditor reviews the router's version output during an audit. What is the MOST significant finding?

49

Refer to the exhibit. An IS auditor finds this bucket policy attached to an S3 bucket storing sensitive customer data. What should the auditor recommend?

50

Refer to the exhibit. An IS auditor is reviewing the architecture. Which of the following is the MOST critical security weakness?

51

Which TWO of the following are essential components of a business case for a new system?

52

Which THREE of the following are best practices for managing system testing in an IS development project?

53

Which TWO of the following are indicators of poor project governance that an IS auditor should identify?

54

During the requirements gathering phase for a new financial system, stakeholders disagree on the priority of security controls versus user convenience. Which of the following is the BEST approach?

55

A company is migrating from a legacy system to a cloud-based ERP. Which of the following is the MOST important control to ensure data integrity during data conversion?

56

An organization is developing a critical application using an agile methodology. The project sponsor demands frequent deliveries but the development team is concerned about insufficient testing. Which of the following BEST mitigates this risk?

57

Which of the following is the PRIMARY benefit of using a prototype during system development?

58

A company decides to outsource the development of a customer portal. Which of the following is the MOST critical control to include in the contract?

59

During system implementation, a critical defect is found in the production environment. The project manager wants to apply an emergency patch without full testing. Which of the following is the BEST course of action?

60

What is the PRIMARY purpose of a post-implementation review?

61

An organization is implementing a new identity management system. Which testing approach is MOST effective for verifying access controls?

62

A project uses a waterfall model. After design, the team discovers that the requirements have changed significantly. What is the BEST action?

63

Which TWO of the following are key controls for ensuring data privacy during system development?

64

Which TWO of the following are BEST indicators that a system development project is at risk of failure?

65

Which THREE of the following are essential components of a change management process?

66

During a system deployment, the above error occurs. What is the MOST likely cause?

67

During user acceptance testing, a user with the above permission set cannot execute a fund transfer. What is the MOST likely reason?

68

A security review of the above Apache configuration identifies a critical vulnerability. Which of the following is the MOST significant issue?

69

A project manager is selecting a development methodology for a project with well-defined requirements and low uncertainty. Which methodology is most appropriate?

70

An IS auditor is reviewing a system development project and notices that user acceptance testing (UAT) is being conducted in the production environment due to lack of a separate test environment. What is the primary risk?

71

An organization is implementing a COTS application. The project team plans to heavily customize the application to meet unique business processes. Which of the following is the most significant risk?

72

Which of the following is the BEST control to ensure that system changes are authorized?

73

An IS auditor finds that a project failed to meet its objectives because key stakeholders were not involved in the requirements definition phase. Which phase of the SDLC was most neglected?

74

In an agile development environment, an IS auditor reviews the backlog and finds that security requirements are not explicitly included. What is the best recommendation?

75

Which of the following is the MOST important objective of system testing?

76

An organization is acquiring a third-party SaaS application. Which of the following should be included in the contract to ensure data protection?

77

During a post-implementation review, an IS auditor identifies that the system's actual transaction processing time is significantly higher than the benchmark specified in the service level agreement (SLA). The vendor claims it is due to inadequate network bandwidth provided by the client. What should the auditor do first?

78

An IS auditor is evaluating the controls over program changes. Which TWO of the following are essential controls?

79

A company is developing a new financial application. Which THREE of the following are valid reasons to involve internal audit during the development phase?

80

An IS auditor is reviewing a request for proposal (RFP) for a new system. Which TWO elements should be included in the RFP?

81

An IS auditor is reviewing the configuration for a web application. Which of the following is the MOST significant security weakness?

82

An IS auditor reviews the change request. Which of the following is the most significant risk?

83

An IS auditor is evaluating the security of the architecture. Which of the following is the MOST critical finding?

84

A company is developing a custom application. During the requirements phase, the project manager documents that the system must encrypt all sensitive data at rest. Which of the following is the BEST control to ensure this requirement is met throughout the development lifecycle?

85

An organization is transitioning from a waterfall to an agile development methodology. Which of the following is a key risk that the IS auditor should highlight?

86

During a third-party software vendor audit, the IS auditor discovers that the vendor uses a common shared database for multiple clients and relies on application-level access controls. Which of the following is the GREATEST concern?

87

An organization is replacing its legacy customer relationship management (CRM) system. Which of the following is the MOST important control to ensure data integrity during the data conversion process?

88

A project team is using a prototyping approach for a new system. Which of the following is the BEST control to ensure the prototype accurately reflects user needs?

89

An IS auditor is reviewing the change management process for a financial institution. The auditor finds that emergency changes bypass normal approval but are documented and reviewed within 48 hours. Which of the following is the BEST recommendation?

90

An organization is selecting a vendor for a new enterprise resource planning (ERP) system. Which of the following is the MOST critical factor in the vendor selection process?

91

A company is developing a mobile application that processes credit card payments. During the testing phase, which of the following types of testing is MOST critical to ensure security?

92

An IS auditor is evaluating a system development project that uses an outsourced team. The contract allows the vendor to reuse some of the developed code in other projects. What is the auditor's PRIMARY concern?

93

Which TWO of the following are key controls that an IS auditor should expect to find in a well-managed system development life cycle (SDLC)?

94

Which TWO of the following are indicators that a project is at risk of failure according to ISACA's project governance framework?

95

Which THREE of the following are typical phases in the system development life cycle (SDLC)?

96

An organization is implementing a new financial system. Which of the following is the MOST important control to ensure data integrity during the data migration phase?

97

During system development, the project team discovers that the original requirements are incomplete. What is the BEST course of action?

98

An organization is adopting agile development methodology. Which control is MOST critical to ensure security is integrated?

99

Which testing phase is MOST effective for validating that the system meets business needs?

100

A company is outsourcing software development. What is the IS auditor's PRIMARY concern?

101

In a DevOps environment, which practice BEST supports auditability?

102

When implementing a commercial off-the-shelf (COTS) system, what is the MOST important factor?

103

Which of the following is the BEST method to ensure that a system development project is completed on time?

104

During a systems audit, the auditor finds that the project did not follow the organization's systems development methodology. What should the auditor do FIRST?

105

Which TWO of the following are key controls in the system development life cycle?

106

Which TWO of the following are common risks in the procurement of custom-developed software?

107

Which THREE of the following are typical objectives of an IT governance framework for system acquisition?

108

During a security audit, which rule poses the greatest risk?

109

What is the primary control weakness in this IAM policy?

110

What is the primary security concern in this architecture?

111

A company is in the process of acquiring a new customer relationship management (CRM) system. During which phase of the systems development life cycle (SDLC) should the business requirements be formally documented?

112

An organization is implementing a custom ERP system. During user acceptance testing (UAT), critical bugs are found that affect core financial processing. The project sponsor suggests deploying the system on schedule and fixing bugs after go-live. What is the BEST course of action?

113

During the design phase of a waterfall project, the development team discovers that a key security requirement was omitted from the functional specification. The design has already been partially completed based on the flawed specification. What is the MOST appropriate action?

114

An IS auditor is reviewing a system development project to assess whether it is on schedule. Which of the following would provide the BEST evidence of project progress against the planned timeline?

115

In an Agile software development project, who is primarily responsible for prioritizing the product backlog?

116

A bank is converting data from its legacy core banking system to a new platform. Which control is MOST critical to ensure the completeness and accuracy of data conversion?

117

A company plans to implement a commercial off-the-shelf (COTS) application and requires significant customization to match its unique business processes. The vendor advises against extensive customization because it may complicate future upgrades. What is the BEST course of action?

118

During system development, which testing phase is performed by developers to verify that individual program units function correctly?

119

What is the PRIMARY purpose of conducting a feasibility study before acquiring a new information system?

120

Which TWO of the following are key objectives of a post-implementation review of a new system?

121

Which THREE of the following are common risks associated with the prototyping methodology?

122

Which TWO of the following are essential elements of a business continuity plan (BCP) for a newly developed system?

123

Refer to the exhibit. A tester executes test case TC-101 and records the result shown. What is the NEXT appropriate step in the testing process?

124

A large organization is implementing a new HR management system to handle payroll and employee data. The project is currently in the build phase with a planned go-live in three months. Recently, the vendor notified the project team that a critical security patch will be released in two months that addresses a data leakage vulnerability present in the current version. The patch includes new features that are not in the contract. The project manager estimates that integrating the patch and re-testing will delay the project by at least four months. Business stakeholders insist on meeting the original go-live date because the legacy system is being decommissioned. The organization has a strict policy that all systems processing sensitive data must have the latest security patches within 30 days of release. What should the project team do?

125

A company has been developing a custom inventory management system using Scrum. In the current sprint, the team discovered that the integration module with the legacy ERP system has severe performance issues: under peak load, transactions time out and fail. The product owner is concerned because the release is scheduled in two weeks. The development team estimates that a proper fix will take three weeks. A similar issue occurred in a previous sprint and was temporarily resolved by reducing the number of concurrent transactions, which lowered performance but kept the system operational. The stakeholders are anxious about the deadline because the legacy ERP will be retired shortly after the planned go-live. What is the BEST action for the team to take?

126

During the implementation of a new ERP system, the project team discovers that the legacy system data cannot be directly migrated due to incompatible data formats. The project manager proposes building a custom script to extract, transform, and load (ETL) data. Which of the following is the BEST course of action?

127

A systems analyst is gathering requirements for a new customer relationship management (CRM) system. Which of the following is the MOST important activity to ensure that the final system meets user needs?

128

An organization is adopting an agile development methodology for a new financial application. During a sprint review, the product owner expresses concern that the system does not enforce segregation of duties (SoD). The development team argues that SoD will be addressed in a future sprint. As the IS auditor, what is the BEST recommendation?

129

During the acquisition of a new software package, the procurement team evaluates two vendors. Vendor A offers a lower upfront cost but higher annual maintenance fees. Vendor B has a higher upfront cost but includes three years of maintenance. What is the MOST important factor for the IS auditor to consider?

130

A company is developing a mobile banking application. Which test phase is MOST critical to ensure that the application functions correctly from the end user's perspective?

131

An IS auditor is reviewing the design phase of a new procurement system. Which TWO of the following controls are MOST critical to include in the system design to prevent unauthorized purchases?

132

An organization is implementing a new cloud-based HR system. The project sponsor wants to skip regular project status meetings to speed up delivery. Which THREE of the following are the MOST significant risks of eliminating these meetings?

133

During the system development life cycle (SDLC), which THREE of the following are recognized benefits of involving internal audit early in the process?

134

A financial services company is developing a new customer-facing web application for account management. The project is using a waterfall methodology. The initial requirements were gathered six months ago, and the coding phase is nearly complete. The business sponsor now requests a new feature that allows customers to view transaction receipts online. The project manager is concerned that this change will delay the project by two months and exceed the budget. The sponsor insists that the feature is critical for customer satisfaction and that the project must adapt. The development team estimates it will take 200 hours to implement. The steering committee is divided. As an IS auditor, what would be the BEST recommendation to resolve this?

135

A hospital is implementing a new electronic health record (EHR) system. The project team includes clinicians and IT staff. During integration testing, the system fails to exchange lab results with the existing legacy system due to format mismatches. The IT team suggests developing a custom interface. The clinical team is concerned that any custom solution may not comply with health data privacy regulations. The project sponsor pressures the team to quickly fix the issue to avoid delays. The IS auditor is reviewing this situation. What is the MOST appropriate action for the auditor to recommend?

136

A small manufacturing company decides to acquire an off-the-shelf inventory management system. The purchasing manager selects a vendor based solely on the lowest price, ignoring the vendor's financial stability and support history. After purchase, the vendor declares bankruptcy, leaving the company without support. The system has a critical bug that halts inventory tracking. The IT manager considers hiring a consultant to fix the bug. As an IS auditor, what should the auditor's PRIMARY concern be?

137

A government agency is developing a case management system for law enforcement. The project follows an agile approach, releasing iterations every two weeks. During a sprint demo, users discover that the system does not redact personally identifiable information (PII) in documents shared with external parties, violating privacy laws. The development team says they planned to add redaction in a future sprint. The product owner wants to prioritize PII redaction immediately. The project manager is concerned that this will disrupt the release schedule. The IS auditor is assessing the project's risk management. Which of the following is the BEST recommendation?

138

A university is implementing a new student information system. The project team uses an iterative development approach. During user acceptance testing, students report that the online course registration portal crashes when more than 100 users register simultaneously. The development team identifies a database connection pooling issue and estimates a fix will take three weeks. The project deadline is in two weeks. The project manager suggests deploying the system as is and fixing the issue after go-live, as the crash is rare. The IS auditor is consulted. What should the auditor recommend?

139

A multinational corporation is implementing a new enterprise resource planning (ERP) system across multiple regions. The project uses a phased roll-out. After the first phase in Asia, the system experiences intermittent synchronization errors between the central database and regional servers. The IT team suspects network latency but cannot reproduce the issue consistently. The project sponsor wants to proceed with the next phase in Europe to avoid further delays. The IS auditor is performing a post-implementation review. What is the MOST appropriate recommendation?

140

A nonprofit organization develops a small online donation platform using a third-party payment gateway. The project team skips formal security testing because of budget constraints. After launch, a security researcher discovers that the application fails to validate input on the donation amount field, allowing manipulation. The nonprofit loses several thousand dollars before the issue is patched. The IS auditor is asked to review the system development process. Which of the following is the PRIMARY finding?

141

Which TWO of the following are essential controls to ensure data integrity during a cloud migration project?

142

A mid-sized company is upgrading its legacy financial system to a new cloud-based ERP. The project manager has decided to use a big-bang cutover approach to minimize costs and time. During the first week post-go-live, users report that several critical reports are generating incorrect totals. An initial investigation reveals that the data mapping from the old system to the new system was not fully validated. Which of the following should the IS auditor recommend as the most appropriate corrective action?

143

A large financial institution is developing a new online banking platform using an Agile methodology. The development team has implemented continuous integration and continuous deployment (CI/CD) pipeline. During a routine security scan, the IS auditor discovers that a developer accidentally committed a configuration file containing database credentials into the public-facing code repository. The credentials were exposed for 48 hours before being detected. Which of the following is the most critical control failure that allowed this incident to occur?

144

An organization is evaluating a vendor for a custom application development. The vendor states they are assessed at CMMI Level 2 (Managed). Which of the following best describes the implication of this rating?

145

During a data migration from a legacy system to a new ERP, the following log entries were generated. Which TWO issues should the IS auditor flag as high risk?

146

A large financial institution is implementing a new core banking system to replace a legacy system. The project has been underway for 18 months and is behind schedule. User acceptance testing (UAT) has revealed significant data integrity issues, including missing customer records and incorrect interest calculations. The project manager, under pressure from senior management to meet a regulatory deadline, proposes going live with a promise to fix the issues in a post-implementation phase. The development team has been making ad hoc code changes directly in the test environment without version control or proper testing. Additionally, the IS auditor discovers that the business requirements were never formally signed off by the user community; only verbal approvals were obtained. The project has consumed 90% of the budget but only 60% of the functionality is tested. Which of the following is the BEST course of action for the IS auditor to recommend?

Practice all 146 Information Systems Acquisition, Development and Implementation questions

Other CISA exam domains

Governance and Management of ITInformation Systems Operations and Business ResilienceProtection of Information AssetsInformation System Auditing Process

Frequently asked questions

What does the Information Systems Acquisition, Development and Implementation domain cover on the CISA exam?

The Information Systems Acquisition, Development and Implementation domain covers the key concepts tested in this area of the CISA exam blueprint published by ISACA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CISA domains — no account required.

How many Information Systems Acquisition, Development and Implementation questions are in the CISA question bank?

The Courseiva CISA question bank contains 146 questions in the Information Systems Acquisition, Development and Implementation domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Information Systems Acquisition, Development and Implementation for CISA?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Information Systems Acquisition, Development and Implementation questions for CISA?

Yes — the session launcher on this page draws questions exclusively from the Information Systems Acquisition, Development and Implementation domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CISA domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

CISMCRISC