CISA · topic practice

Information Systems Acquisition, Development and Implementation practice questions

Practise Certified Information Systems Auditor CISA Information Systems Acquisition, Development and Implementation practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Information Systems Acquisition, Development and Implementation

What the exam tests

What to know about Information Systems Acquisition, Development and Implementation

Information Systems Acquisition, Development and Implementation questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Information Systems Acquisition, Development and Implementation exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Information Systems Acquisition, Development and Implementation questions

20 questions · select your answer, then reveal the explanation

A company is replacing its legacy on-premises ERP system with a cloud-based SaaS solution. The project manager is concerned about data migration risks. Which of the following is the BEST approach to mitigate data integrity issues during migration?

An organization is developing a new customer portal. The development team wants to use an agile methodology. Which of the following is a key benefit of using agile for this project?

During the user acceptance testing (UAT) phase of a new financial application, the business users report that the system calculates interest incorrectly for certain loan types. The project manager wants to fix this quickly. Which of the following is the BEST course of action?

An IT auditor is reviewing the system development life cycle (SDLC) process for a critical application. Which of the following findings would be of MOST concern?

When implementing a commercial off-the-shelf (COTS) software package, which of the following is the MOST important activity to ensure the software meets business requirements?

A company is implementing a new procurement system. The project team is considering using a rapid application development (RAD) methodology. Which of the following is a potential risk of using RAD?

An organization is developing a mobile app that will handle personal health information (PHI). The security team mandates that data must be encrypted both in transit and at rest. Which of the following implementation strategies BEST ensures compliance?

In a traditional waterfall SDLC, when should the test plan be developed?

An IT auditor is evaluating the change management process for a financial trading system. Which of the following is the BEST indicator of a mature change management process?

A company is integrating a third-party payment gateway into its e-commerce platform. Which of the following is the MOST important security control to implement?

During a post-implementation review of a new HR system, the auditor finds that the system's disaster recovery plan (DRP) was not tested before go-live. Which of the following is the BEST recommendation?

Which TWO of the following are key activities in the system design phase of the SDLC?

Which THREE of the following are common risks associated with outsourcing software development?

Which TWO of the following are benefits of using a version control system in software development?

Which THREE of the following are key considerations when selecting a software development methodology for a project?

Question 16hardmultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. An administrator applied this ACL to a VLAN interface. The server at 10.0.0.100 hosts a web application. What is the effect of this ACL?

Exhibit

Refer to the exhibit.

SW1(config)# access-list 101 permit tcp any host 10.0.0.100 eq 443
SW1(config)# access-list 101 deny tcp any host 10.0.0.100 eq 80
SW1(config)# access-list 101 permit ip any any
SW1(config)# interface vlan 10
SW1(config-if)# ip access-group 101 in

Refer to the exhibit. A developer is inserting a new employee record. What is the cause of this error?

Exhibit

Refer to the exhibit.

ERROR: ORA-00001: unique constraint (HR.EMP_EMAIL_UK) violated
INSERT INTO employees (employee_id, email) VALUES (101, 'john.doe@example.com');

Refer to the exhibit. A cloud load balancer uses this JSON configuration. A request arrives from source IP 10.0.1.100 to port 80. Which backend pool will receive the request?

Exhibit

Refer to the exhibit.

{
  "version": "2.0",
  "routeSelection": "lowest-cost",
  "rules": [
    {
      "action": "forward",
      "match": {
        "sourceIp": "10.0.1.0/24",
        "destinationPort": 8080
      },
      "target": "backend-pool-1"
    },
    {
      "action": "forward",
      "match": {
        "sourceIp": "10.0.2.0/24",
        "destinationPort": 80
      },
      "target": "backend-pool-2"
    }
  ]
}
Question 19hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation is replacing its legacy on-premises customer relationship management (CRM) system with a new cloud-based CRM solution. The project involves migrating data from the old system, customizing the new system to match business processes, and integrating with an existing enterprise resource planning (ERP) system. The project has a tight deadline of six months. During the planning phase, the project team decides to use a waterfall methodology because the requirements are well-defined. However, three months into the project, the business users request significant changes to the customer data fields, which were not originally specified. The project manager is concerned that accommodating these changes will delay the project. The integration with the ERP system is also proving more complex than anticipated, with data mapping errors causing delays. The go-live date is fixed due to the end-of-support for the legacy system. What is the BEST course of action for the project manager?

Question 20mediummultiple choice
Read the full NAT/PAT explanation →

A hospital is implementing a new electronic health records (EHR) system. The system will be used by doctors, nurses, and administrative staff. During the user acceptance testing (UAT) phase, the nursing staff reports that the interface for entering patient vitals is too slow and requires many clicks, which slows down their workflow. The project team has already completed system testing and is preparing for go-live in two weeks. The development team can make a quick fix to streamline the vital signs entry by adding a shortcut, but this change has not been tested. The IT director is concerned about patient safety and wants to ensure the system is usable. What is the BEST course of action?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Information Systems Acquisition, Development and Implementation sessions

Start a Information Systems Acquisition, Development and Implementation only practice session

Every question in these sessions is drawn from the Information Systems Acquisition, Development and Implementation domain — nothing else.

Related practice questions

Related CISA topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CISA exam test about Information Systems Acquisition, Development and Implementation?
Information Systems Acquisition, Development and Implementation questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Information Systems Acquisition, Development and Implementation questions in a focused session?
Yes — the session launcher on this page draws every question from the Information Systems Acquisition, Development and Implementation domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CISA topics?
Use the topic links above to move to related areas, or go back to the CISA question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CISA exam covers. They are not copied from any real exam or dump site.