Back to Certified Information Systems Auditor CISA questions

Scenario-based practice

Drag and Drop Matching Questions

Practise Certified Information Systems Auditor CISA practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

10
scenario questions
CISA
exam code
ISACA
vendor

Scenario guide

How to approach drag and drop matching questions

Matching questions give you two columns — concepts, commands, or protocols on the left, and their definitions or use-cases on the right. You drag each left item to its correct match. These appear on most certification exams and punish superficial memorisation.

Quick answer

Drag and Drop Matching Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related CISA topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummatching
Full question →

Match each disaster recovery site type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Fully equipped and ready within hours

Partially configured, ready in days

Basic infrastructure, no equipment

Portable unit deployed as needed

Question 2mediummatching
Full question →

Match each COBIT 5 domain to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Evaluate, Direct, and Monitor

Align, Plan, and Organize

Build, Acquire, and Implement

Deliver, Service, and Support

Monitor, Evaluate, and Assess

Question 3mediummatching
Full question →

Match each type of access control to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Owner determines access permissions

System-enforced based on labels

Roles assigned to users

Attributes used to grant access

Question 4mediummatching
Full question →

Match each encryption key type to its usage.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Same key for encrypt and decrypt

Public/private key pair

Temporary key for a session

Kept secret by owner

Question 5mediummatching
Full question →

Match each log type to its typical content.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

System and application events

User login attempts and access

Changes to sensitive data

System errors and failures

Question 6mediummatching
Full question →

Match each testing technique to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Simulated attack to find weaknesses

Automated check for known flaws

Manual inspection of source code

Manipulating people to divulge info

Question 7mediummatching
Full question →

Match each security control to its category.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Preventive

Detective

Corrective

Administrative

Technical

Question 8mediummatching
Full question →

Match each regulatory standard to its focus area.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Financial reporting controls

Payment card data security

Health information privacy

Personal data protection

Question 9mediummatching
Full question →

Match each audit risk component to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Risk without controls

Risk that controls fail

Risk that audit misses errors

Overall risk of incorrect opinion

Question 10mediummatching
Full question →

Match each CISA domain to its focus.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Information System Auditing Process

Governance and Management of IT

Information Systems Acquisition, Development, and Implementation

Information Systems Operations and Business Resilience

Protection of Information Assets

These CISA practice questions are part of Courseiva's free ISACA certification practice question bank. Courseiva provides original exam-style CISA questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.