Back to Certified Information Systems Auditor CISA questions

Scenario-based practice

Troubleshooting Scenario Questions

Practise Certified Information Systems Auditor CISA practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

7
scenario questions
CISA
exam code
ISACA
vendor

Scenario guide

How to approach troubleshooting scenario questions

These questions describe a network symptom and ask you to identify the root cause or the correct fix. They appear across all certification exams and reward systematic thinking over memorisation. The best candidates follow a consistent troubleshooting framework even under time pressure.

Quick answer

Troubleshooting Scenario Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related CISA topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummultiple choice
Full question →

During user acceptance testing (UAT) of a new financial system, users report that the system fails to enforce a segregation of duties rule where the same user should not be able to create a purchase order and approve it. The requirement was documented in the functional specifications. Which of the following is the MOST likely cause of this issue?

Question 2hardmultiple choice
Full question →

Refer to the exhibit. A security administrator is troubleshooting why external users cannot reach the web server at 203.0.113.10 from the internet. Based on the configuration, what is the MOST likely issue?

Exhibit

Refer to the exhibit.

```
! Cisco ASA configuration snippet
access-list OUTSIDE_IN extended permit tcp any host 203.0.113.10 eq www
access-list OUTSIDE_IN extended permit tcp any host 203.0.113.10 eq https
access-list OUTSIDE_IN extended deny ip any any log
!
object network WEB_SERVER
 host 203.0.113.10
nat (inside,outside) source static any any destination static WEB_SERVER WEB_SERVER no-proxy-arp route-lookup
!
```
Question 3easymulti select
Read the full NAT/PAT explanation →

During a disaster recovery test, the team discovers that the backup server is unable to restore data because of incompatible software versions. Which TWO controls should have been implemented to prevent this?

Question 4mediummultiple choice
Full question →

A company's IT service desk receives multiple reports of users being unable to access a cloud-based CRM system. The network team confirms that internet connectivity is working. Which of the following should be the FIRST step in troubleshooting the issue?

Question 5hardmultiple choice
Read the full NAT/PAT explanation →

An organization has recently implemented a cloud-based identity provider (IdP) for single sign-on (SSO) across all SaaS applications. Users authenticate using their corporate credentials via SAML 2.0. After a week, the IT security team notices a significant increase in failed login attempts from various IP addresses targeting a specific user account. The helpdesk reports that the user, a senior executive, has not complained about any issues. The security team investigates and finds that the account lockout policy is set to 5 failed attempts within 15 minutes, after which the account is locked for 30 minutes. The failed attempts are occurring in bursts of 4, then stopping, then resuming from different IPs. The organization uses conditional access policies that require MFA from unknown locations. However, the failed attempts appear to be stopped at the authentication prompt and never reach the MFA stage. What is the most likely explanation and the best course of action?

Question 6mediummultiple choice
Full question →

A hospital is implementing a new electronic health record (EHR) system. The project team includes clinicians and IT staff. During integration testing, the system fails to exchange lab results with the existing legacy system due to format mismatches. The IT team suggests developing a custom interface. The clinical team is concerned that any custom solution may not comply with health data privacy regulations. The project sponsor pressures the team to quickly fix the issue to avoid delays. The IS auditor is reviewing this situation. What is the MOST appropriate action for the auditor to recommend?

Question 7easymultiple choice
Read the full NAT/PAT explanation →

A nonprofit organization develops a small online donation platform using a third-party payment gateway. The project team skips formal security testing because of budget constraints. After launch, a security researcher discovers that the application fails to validate input on the donation amount field, allowing manipulation. The nonprofit loses several thousand dollars before the issue is patched. The IS auditor is asked to review the system development process. Which of the following is the PRIMARY finding?

These CISA practice questions are part of Courseiva's free ISACA certification practice question bank. Courseiva provides original exam-style CISA questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.