Back to Certified Information Systems Auditor CISA questions

Scenario-based practice

Select Two (Multi-Select) Questions

Practise Certified Information Systems Auditor CISA practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
CISA
exam code
ISACA
vendor

Scenario guide

How to approach select two (multi-select) questions

Multi-select questions tell you to 'Choose TWO' or 'Choose THREE'. Getting partial credit is not a thing — you must select all correct answers with no incorrect ones. The stem always states how many to choose, so trust it. These questions require precision, not best-guess elimination.

Quick answer

Select Two (Multi-Select) Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related CISA topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1easymulti select
Full question →

An organization is implementing a data loss prevention (DLP) solution. Which TWO of the following are key considerations for effective DLP deployment?

Question 2mediummulti select
Full question →

Which TWO of the following are the MOST effective controls to prevent unauthorized changes to production data?

Question 3hardmulti select
Full question →

Which THREE of the following are key elements that should be included in a risk assessment report for information systems?

Question 4mediummulti select
Full question →

Which TWO of the following are key benefits of using a system development life cycle (SDLC) methodology? (Select exactly two.)

Question 5mediummulti select
Full question →

Which TWO of the following are key activities in the system design phase of the SDLC?

Question 6mediummulti select
Full question →

Which TWO of the following are effective controls to prevent unauthorized access to sensitive data in a database? (Choose two.)

Question 7hardmulti select
Full question →

Which THREE of the following are key components of an effective information security awareness program? (Choose three.)

Question 8mediummulti select
Full question →

Which TWO of the following are key responsibilities of an IT steering committee?

Question 9hardmulti select
Full question →

An IS auditor is reviewing the system development life cycle (SDLC) for a custom application. The project manager has decided to skip the design phase and proceed directly from requirements to coding. Which of the following risks are MOST likely to increase as a result? (Choose two.)

Question 10hardmulti select
Full question →

Based on the backup logs, the backup administrator notices that the incremental backup job failed due to insufficient storage. Which TWO actions should the administrator take to resolve the immediate issue and prevent recurrence?

Exhibit

Refer to the exhibit.

```
Backup Log for ArcServe UDP – 2024-05-21
========================================
Job Name: Full_Backup_Weekly
Start Time: 02:00
End Time: 04:30
Status: Completed with warnings
Details:
- Volume C: Backup successful (40.5 GB)
- Volume D: Backup successful (120.2 GB)
- Volume E: Backup failed (error code 0x80070020 – file in use)
- Volume F: Backup successful (25.0 GB)

Job Name: Incremental_Backup_Daily
Start Time: 12:00
End Time: 12:45
Status: Failed
Details:
- Volume C: Backup failed (error code 0x807800C5 – insufficient storage)
- Volume D: Backup failed (error code 0x807800C5 – insufficient storage)
- Volume E: Backup failed (error code 0x807800C5 – insufficient storage)
- Volume F: Backup failed (error code 0x807800C5 – insufficient storage)
```
Question 11hardmulti select
Full question →

Which THREE of the following are common challenges when integrating a software package with existing legacy systems? (Select exactly three.)

Question 12hardmulti select
Full question →

Which TWO are primary objectives of an identity and access management (IAM) program? (Select exactly 2.)

Question 13mediummulti select
Full question →

Which TWO of the following are key components of an IT governance framework?

Question 14hardmulti select
Full question →

Which THREE of the following are key metrics to include in a disaster recovery test report? (Select exactly 3.)

Question 15hardmulti select
Full question →

Which THREE of the following are components of a typical IT governance framework?

Question 16easymulti select
Full question →

Which TWO of the following are benefits of implementing an IT governance framework?

Question 17mediummulti select
Full question →

Which TWO of the following are key responsibilities of an IT steering committee?

Question 18hardmulti select
Full question →

Which THREE of the following are key considerations when selecting a software development methodology for a project?

Question 19hardmulti select
Full question →

Which THREE of the following are common risks associated with outsourcing software development?

Question 20easymulti select
Full question →

Which TWO of the following are benefits of using a version control system in software development?

These CISA practice questions are part of Courseiva's free ISACA certification practice question bank. Courseiva provides original exam-style CISA questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.