Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Information Systems Acquisition, Development, and Implementation practice sets

CISA Information Systems Acquisition, Development, and Implementation • Complete Question Bank

CISA Information Systems Acquisition, Development, and Implementation — All Questions With Answers

Complete CISA Information Systems Acquisition, Development, and Implementation question bank — all 0 questions with answers and detailed explanations.

108
Questions
Free
No signup
Certifications/CISA/Practice Test/Information Systems Acquisition, Development, and Implementation/All Questions
Question 1mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a post-implementation review of a new financial system, the IS auditor finds that user acceptance testing (UAT) was completed with only 60% of test cases passed. Which of the following is the MOST significant risk?

Question 2hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is implementing an enterprise resource planning (ERP) system. The project team plans to migrate legacy data without performing a full reconciliation between source and target systems. As an IS auditor, which of the following should be your PRIMARY concern?

Question 3easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

In a waterfall SDLC, which phase requires formal sign-off from the business owner before proceeding to the next phase?

Question 4mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing an agile software development project. Which of the following would be the BEST evidence that adequate controls are in place for user acceptance?

Question 5mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a vendor evaluation for a critical system, the IS auditor notes that the vendor's SOC 2 report includes an adverse opinion. What should be the auditor's PRIMARY recommendation?

Question 6hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is using a spiral model for a high-risk project. The IS auditor wants to ensure that risk assessment is performed at each iteration. Which of the following is the BEST evidence that this control is effective?

Question 7easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which of the following is a primary advantage of fixed-price contracts in systems acquisition?

Question 8mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing change management procedures. Which of the following situations would be of GREATEST concern?

Question 9mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a build vs. buy analysis, the IS auditor observes that the organization decided to build a custom application because no vendor solution met all requirements. Which of the following risks should the auditor emphasize?

Question 10hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is deploying a major system upgrade. The change request has been approved by CAB, but the deployment plan does not include a rollback procedure. As an IS auditor, what should you recommend?

Question 11easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which of the following is a key objective of the design phase in the SDLC?

Question 12mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is assessing an ERP implementation. Which of the following control concerns is MOST likely to arise from segregation of duties conflicts?

Question 13mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which TWO of the following are typical controls in the testing phase of the SDLC? (Select two.)

Question 14hardmulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which THREE of the following are essential elements of an emergency change request? (Select three.)

Question 15mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which TWO of the following are benefits of an iterative SDLC approach compared to waterfall? (Select two.)

Question 16easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During which phase of the SDLC should security requirements be formally documented and approved by the business owner?

Question 17mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing an agile software development project. Which of the following practices would BEST help ensure that security controls are adequately addressed?

Question 18hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is implementing a large ERP system. The project team plans to migrate legacy data to the new system. Which of the following is the MOST significant risk associated with data migration?

Question 19mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is evaluating the change management process. Which of the following is the BEST indicator that emergency changes are being properly controlled?

Question 20easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

In a waterfall SDLC, when should user acceptance testing (UAT) typically occur?

Question 21mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is considering whether to build a custom application or purchase a commercial off-the-shelf (COTS) product. Which of the following factors is MOST important when deciding to build rather than buy?

Question 22hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing a contract with a vendor for a new financial system. Which of the following clauses is MOST critical to ensure auditability?

Question 23mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a post-implementation review of a system, an IS auditor finds that the actual transaction processing time is 30% slower than projected. What should the auditor recommend FIRST?

Question 24easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which of the following is a key control in the deployment phase of the SDLC?

Question 25mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is assessing the controls in an agile development environment. What is the MOST effective way to verify that security testing is performed iteratively?

Question 26hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

In a spiral model SDLC, risk analysis is performed at the beginning of each iteration. What is the PRIMARY benefit of this approach?

Question 27mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is implementing a new ERP system and is concerned about segregation of duties (SoD) conflicts. What is the BEST approach to address this during the implementation?

Question 28mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing a vendor's SOC 2 report as part of a systems acquisition. Which TWO aspects should the auditor verify to ensure the report is reliable?

Question 29hardmulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is adopting a DevOps approach for system development. Which THREE controls should an IS auditor expect to see in place to maintain security and compliance?

Question 30easymulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which TWO of the following are characteristics of the iterative SDLC model?

Question 31easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is considering replacing its legacy financial system with a new ERP solution. Which of the following is the PRIMARY advantage of purchasing a commercial off-the-shelf (COTS) ERP package over building a custom system?

Question 32mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a post-implementation review of a new customer relationship management (CRM) system, the IS auditor finds that the system is processing transactions slower than anticipated. What is the BEST initial course of action for the auditor?

Question 33hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is implementing an agile methodology for a new software project. Which of the following is the MOST effective control to ensure that security requirements are addressed?

Question 34mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which of the following is the PRIMARY purpose of a change advisory board (CAB) in the change management process?

Question 35easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing a software development project that follows the waterfall model. Which of the following is the MAIN advantage of this methodology?

Question 36mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During an ERP implementation, the project team decides to customize the software to align with existing business processes. Which of the following risks is MOST likely to increase as a result of extensive customization?

Question 37hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing the change management process for a critical financial application. Which of the following findings would be of GREATEST concern?

Question 38mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which of the following is the BEST control to ensure that user acceptance testing (UAT) is effective?

Question 39easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

What is the PRIMARY purpose of conducting a static application security testing (SAST) during the development phase?

Question 40mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is selecting a vendor for a new procurement system. Which of the following is the MOST important factor to include in the contract?

Question 41hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a spiral model SDLC project, an IS auditor is reviewing risk assessment documentation. Which of the following would be the GREATEST concern?

Question 42mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which of the following BEST describes the role of threat modeling in the design phase of the SDLC?

Question 43mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is implementing a new payroll system using an agile methodology. Which TWO of the following are the MOST important controls for the IS auditor to assess?

Question 44hardmulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a post-implementation review of a new accounting system, the IS auditor notes the following: the project was completed on time and within budget, but user satisfaction is low and there are several outstanding defect reports. Which THREE of the following are the MOST appropriate recommendations?

Question 45mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is migrating from a legacy system to a new ERP. Which TWO of the following are the HIGHEST risks during data migration?

Question 46easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is implementing a new financial system using the waterfall SDLC model. Which of the following is the MOST critical control to ensure that business requirements are met?

Question 47mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During an agile software development project, a sprint review meeting is conducted. What is the PRIMARY purpose of this meeting from an IS audit perspective?

Question 48mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing a systems acquisition project that involves purchasing an ERP system. Which of the following is the MOST significant risk related to data migration during implementation?

Question 49hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is deciding between developing a custom application and purchasing a commercial off-the-shelf (COTS) product. The project manager favors a COTS solution because it offers faster deployment. Which of the following is the MOST important consideration for the IS auditor to evaluate in this build vs. buy decision?

Question 50mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During an SDLC audit, the IS auditor finds that security requirements were not formally documented during the requirements phase. Which of the following is the BEST recommendation to mitigate the associated risk?

Question 51hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing an emergency change that was implemented to fix a critical security vulnerability. Which of the following post-implementation controls is MOST important to ensure the change was properly managed?

Question 52easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which of the following is the PRIMARY objective of a post-implementation review of an information system?

Question 53mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing a contract for a new software solution. Which of the following contract types poses the HIGHEST risk to the buyer if requirements are not well-defined?

Question 54easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

In a spiral SDLC model, what is the primary purpose of risk analysis in each iteration?

Question 55hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During an ERP implementation, the project team decides to disable segregation of duties (SoD) controls in the system to accelerate go-live. After go-live, the IS auditor identifies that a single user can perform incompatible functions. What is the BEST course of action?

Question 56mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing change management procedures and finds that standard changes are approved by the change manager without CAB review. What is the auditor's BEST conclusion?

Question 57mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a system development project, the IS auditor notes that code reviews are performed only after the code is unit tested. Which of the following is the MOST significant risk associated with this practice?

Question 58mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is evaluating an organization's SDLC controls for a new system. Which TWO of the following are key controls that should be in place during the design phase? (Select TWO.)

Question 59hardmulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is implementing a new CRM system using an iterative development methodology. The IS auditor wants to verify that appropriate controls are in place. Which THREE of the following are essential controls for iterative development? (Select THREE.)

Question 60mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing vendor management practices for a cloud-based SaaS solution. Which TWO of the following are critical elements to include in the contract's service level agreement (SLA)? (Select TWO.)

Question 61easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During which phase of the SDLC should security requirements be formally documented and approved?

Question 62mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is implementing an ERP system and is concerned about segregation of duties conflicts. What is the most effective control to address this risk during implementation?

Question 63mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing an agile software development project. Which of the following is the most important control to assess?

Question 64hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is deciding between building a custom application and purchasing a commercial off-the-shelf (COTS) product. The primary factor favoring the build option is:

Question 65easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which of the following is a key objective of a post-implementation review?

Question 66mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

In the context of ITIL change management, which change type requires approval from the Change Advisory Board (CAB)?

Question 67mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is evaluating the vendor selection process for a new system. Which of the following is the most important factor to include in the contract?

Question 68hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a spiral SDLC project, the IS auditor should focus on which aspect as the primary risk?

Question 69easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which testing type is performed by end-users to verify that the system meets their needs?

Question 70mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is migrating data from a legacy system to a new ERP. What is the most critical data migration risk?

Question 71mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which of the following is an example of a detective control in the SDLC testing phase?

Question 72hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing an emergency change that was implemented to fix a critical security vulnerability. What is the most important post-implementation step?

Question 73mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which TWO of the following are key elements of a change request document?

Question 74mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which THREE of the following are typical controls in the design phase of the SDLC?

Question 75hardmulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing an agile project. Which THREE of the following are controls the auditor should evaluate?

Question 76mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing a waterfall SDLC project that has completed the requirements phase. Which of the following is the greatest risk to the project?

Question 77easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During an agile software development project, which of the following events provides the best opportunity for the IS auditor to assess the effectiveness of controls implemented in the current sprint?

Question 78mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is considering whether to build a custom application or purchase a commercial off-the-shelf (COTS) product. Which of the following factors would most strongly support a build decision?

Question 79hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing a post-implementation review report for a new ERP system. Which of the following findings would be of greatest concern to the auditor?

Question 80mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a change management audit, the IS auditor notes that an emergency change was implemented to fix a critical security vulnerability. Which of the following should the auditor expect to find in the change documentation?

Question 81easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which of the following is the primary purpose of conducting a static application security test (SAST) during the development phase of the SDLC?

Question 82mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is acquiring a new financial system. The contract includes a clause that allows the organization to audit the vendor's controls. Which type of report would most efficiently provide assurance over the vendor's internal controls?

Question 83hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During an ERP implementation, data migration is a critical activity. Which of the following controls would be most effective in ensuring the accuracy and completeness of migrated data?

Question 84mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing the system design phase of a project. Which of the following activities is most important to ensure that security is adequately addressed?

Question 85easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which of the following is a key advantage of using an iterative SDLC model over a waterfall model?

Question 86hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is evaluating the change management process for a critical financial application. The auditor finds that all standard changes are approved by the Change Advisory Board (CAB). However, emergency changes are approved by the IT manager and later ratified by the CAB. Which of the following is the greatest risk associated with this process?

Question 87mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is implementing a new CRM system using an agile methodology. The IS auditor wants to assess whether security requirements are being addressed. What is the best evidence for the auditor to review?

Question 88mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing a post-implementation review of a new payroll system. Which TWO findings should most concern the auditor? (Select two.)

Question 89hardmulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is planning to purchase a cloud-based HR system. Which THREE of the following should be included in the vendor contract to ensure adequate control and oversight? (Select three.)

Question 90mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a change management audit, which TWO of the following are essential elements of a normal change request? (Select two.)

Question 91easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During which phase of the waterfall SDLC should security requirements be formally documented and approved by the business owner?

Question 92mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing an agile project that uses Scrum. Which event provides the best opportunity for the auditor to assess whether completed user stories meet the defined acceptance criteria?

Question 93hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is considering acquiring a commercial off-the-shelf (COTS) ERP system. Which of the following risks is most effectively mitigated by including a contractual clause for audit rights?

Question 94mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing a post-implementation review report for a new financial system. Which finding would most indicate that the project did not meet its objectives?

Question 95easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which type of change in ITIL requires approval from the Change Advisory Board (CAB) before implementation?

Question 96mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is implementing a new CRM system and has chosen a build (in-house development) approach over buying a COTS product. Which of the following is the most significant risk of this decision?

Question 97hardmultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a spiral SDLC project, the project team has completed a risk analysis and created a prototype. What is the most likely next step in the spiral model?

Question 98mediummultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing the change management process for a critical financial application. Which of the following is the most important element to verify in an emergency change request?

Question 99easymultiple choice
Read the full Information Systems Acquisition, Development, and Implementation explanation →

Which of the following is a key control during the deployment phase of a system development life cycle?

Question 100mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is evaluating two vendors for a critical cloud-based ERP system. Which TWO contractual clauses are most important to include to ensure the organization can monitor vendor performance and security? (Select TWO)

Question 101hardmulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing a project that uses an iterative SDLC approach. Which THREE controls should the auditor expect to see in place during the development iterations? (Select THREE)

Question 102mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a post-implementation review of a new payroll system, the IS auditor identifies several outstanding issues. Which TWO issues should be considered most critical to address immediately? (Select TWO)

Question 103hardmulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is implementing a large ERP system. The project manager is concerned about segregation of duties conflicts. Which THREE controls should the IS auditor recommend to mitigate segregation of duties risks during implementation? (Select THREE)

Question 104mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing a change management process. Which TWO elements should be documented in a normal change request to ensure adequate governance? (Select TWO)

Question 105easymulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During the design phase of an SDLC, which TWO activities should be performed to ensure security is integrated into the system? (Select TWO)

Question 106mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An IS auditor is reviewing an agile software development project. Which TWO controls should the auditor expect to see in place?

Question 107hardmulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

During a post-implementation review of a new ERP system, the IS auditor identified that the project was delivered within budget but user satisfaction scores are low. Which THREE areas should the auditor examine further?

Question 108mediummulti select
Read the full Information Systems Acquisition, Development, and Implementation explanation →

An organization is implementing a new customer relationship management (CRM) system using an agile methodology. Which THREE areas should the IS auditor focus on to assess the effectiveness of controls during the development process?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CISA Practice Test 1 — 25 Questions→CISA Practice Test 2 — 25 Questions→CISA Practice Test 3 — 25 Questions→CISA Practice Test 4 — 25 Questions→CISA Practice Test 5 — 25 Questions→CISA Practice Exam 1 — 20 Questions→CISA Practice Exam 2 — 20 Questions→CISA Practice Exam 3 — 20 Questions→CISA Practice Exam 4 — 20 Questions→Free CISA Practice Test 1 — 30 Questions→Free CISA Practice Test 2 — 30 Questions→Free CISA Practice Test 3 — 30 Questions→CISA Practice Questions 1 — 50 Questions→CISA Practice Questions 2 — 50 Questions→CISA Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Governance and Management of ITInformation Systems Acquisition, Development and ImplementationInformation Systems Operations and Business ResilienceInformation System Auditing ProcessInformation Systems Acquisition, Development, and ImplementationProtection of Information Assets

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Information Systems Acquisition, Development, and Implementation setsAll Information Systems Acquisition, Development, and Implementation questionsCISA Practice Hub