CISA Domain 2B Practice Test 001

This practice test covers Domain 2 (Governance & Management of IT) Subdomain B (IT Management) from the CISA exam content outline.

These questions are inspired by the ISACA CISA exam and are designed to help you test your knowledge of information systems auditing, governance, risk management, IT operations, business resilience, and information asset protection.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the audit judgment, control evaluation, and risk-based decision-making skills tested in the CISA exam.

Note: CISA and Certified Information Systems Auditor are registered trademarks of ISACA. This content is not affiliated with or endorsed by ISACA.

To choose CISA practice tests based on specific domains and subdomains, click that link.

CISA Practice Test — 2B (IT Management)
10 questions • Single best answer
Question 1
During a review of a manufacturing company's outsourced IT operations, an IS auditor finds the service contract has no defined service level agreements or performance penalties. Which is the auditor's MOST significant concern?
    Question 2
    An IS auditor is evaluating IT resource management at an enterprise where several critical projects are delayed. Investigation shows the same senior engineers are assigned across most initiatives with no capacity planning. Which recommendation is MOST appropriate?
      Question 3
      An audit manager reviews IT performance reports presented to executive leadership. The reports show only system uptime percentages. Which is the auditor's BEST observation regarding the reporting?
        Question 4
        During an audit of IT quality management, an IS auditor notes that quality metrics are collected but no corrective actions follow identified defects. Which conclusion is MOST appropriate?
          Question 5
          A financial institution outsources core processing to a cloud provider that in turn relies on a subcontractor for data storage. The audit finds no assessment of the subcontractor. Which risk should the IS auditor highlight FIRST?
            Question 6
            An IS auditor evaluates how IT performance is monitored at a government agency. Metrics exist but thresholds triggering escalation are undefined. Which control improvement provides the BEST assurance?
              Question 7
              An IS auditor reviews a technology firm's project portfolio and finds IT resources are allocated on a first-come, first-served basis without reference to strategic priorities. Which is the MOST significant governance weakness?
                Question 8
                During an audit of vendor management at a retailer, an IS auditor finds the cloud services contract omits a right-to-audit clause. Which is the auditor's BEST course of action?
                  Question 9
                  An IS auditor examines IT service level management at an insurer. Incidents are resolved, but resolution times are not measured against agreed targets. Which finding is MOST significant?
                    Question 10
                    An IS auditor evaluates key risk indicators reported by IT management at an energy company. The KRIs are tracked but never reviewed by the board or risk committee. Which is the MOST appropriate recommendation?

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top