CISA Domain 2A Practice Test 001

This practice test covers Domain 2 (Governance & Management of IT) Subdomain A (IT Governance) from the CISA exam content outline.

These questions are inspired by the ISACA CISA exam and are designed to help you test your knowledge of information systems auditing, governance, risk management, IT operations, business resilience, and information asset protection.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the audit judgment, control evaluation, and risk-based decision-making skills tested in the CISA exam.

Note: CISA and Certified Information Systems Auditor are registered trademarks of ISACA. This content is not affiliated with or endorsed by ISACA.

To choose CISA practice tests based on specific domains and subdomains, click that link.

CISA Practice Test — 2A (IT Governance)
10 questions • Single best answer
Question 1
An IS auditor evaluating IT governance at a hospital network finds the IT steering committee has not convened in over a year, and major IT investment decisions are made solely by the CIO. Which is the auditor's MOST significant concern?
    Question 2
    During a regulatory examination of a bank, an IS auditor assesses whether the IT strategy supports business goals. Which finding provides the BEST evidence of alignment?
      Question 3
      An IS auditor is engaged to assess a government agency's compliance with data protection requirements across multiple jurisdictions. What should the auditor do FIRST?
        Question 4
        During an audit of an enterprise's governance documents, an IS auditor finds the information security policy was approved five years ago and has never been reviewed or updated. Which is the MOST significant concern?
          Question 5
          An IS auditor evaluates how IT risk is governed at an insurance company. Which provides the BEST assurance that IT risk is managed within the enterprise's risk appetite?
            Question 6
            A privacy audit at an e-commerce company reviews how personal data is handled across the business. Which is the BEST indicator of an effective privacy program?
              Question 7
              An IS auditor reviewing an enterprise's data governance practices finds that no data classification scheme has been established. Which risk is MOST significant?
                Question 8
                A post-implementation review across several business units reveals multiple overlapping applications performing the same function. Which governance weakness does this MOST likely indicate?
                  Question 9
                  An IS auditor observes that when IT control failures occur, no business or IT owner is clearly accountable for remediation. To strengthen IT governance, which is MOST important?
                    Question 10
                    A financial services firm adopts a recognized IT governance framework. Which activity BEST reflects the board's governance responsibility rather than management's role?

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top