Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 52

  1. Which of the following would be an IS auditor’s GREATEST concern when reviewing the early stages of a software development project?

    • The lack of acceptance criteria behind user requirements
    • The lack of completion of all requirements at the end of each sprint
    • The lack of technical documentation to support the program code
    • The lack of a detailed unit and system test plan
  2. An organization is developing a web portal using some external components. Which of the following should be of MOST concern to an IS auditor?

    • Open-source components were integrated during development.
    • Some of the developers are located in another country.
    • The organization has not reviewed the components for known exploits. 
    • Staff require additional training in order to perform code review.
  3. Which of the following is the BEST indication of control maturity in an organization’s systems development and implementation processes?

    • Code changes are tested and deployed manually.
    • Code changes are deployed to a test server and then to production.
    • Code changes are documented and approved.
    • Code changes are tested and deployed through automation.
  4. Which of the following is the MOST important consideration when developing an online business architecture and recovery strategy?

    • Vendors’ network security
    • Immediate problem resolution
    • Vendors’ financial stability
    • Single points of failure
  5. When initiating an IT project, which of the following should be completed FIRST?

    • Project plan
    • Request for proposal
    • Feasibility study 
    • Requirements definition
  6. Which of the following BEST supports an organization’s planning efforts for investments in IT initiatives?

    • Capability maturity model
    • Enterprise architecture 
    • Agile project management
    • Continuous gap assessment
  7. When designing a data analytics process, which of the following should be the stakeholder’s role in automating data extraction and validation?

    • Performing the business case analysis for the data analytics initiative
    • Indicating which data elements are necessary to make informed decisions
    • Designing the workflow necessary for the data analytics tool to evaluate the appropriate data
    • Allocating the resources necessary to purchase the appropriate software packages
  8. As part of a quality assurance initiative, an organization has engaged an external auditor to evaluate the internal IS audit function. Which of the following observations should be of MOST concern?

    • Audit reports are not approved by the audit committee.
    • Audit reports do not state they are conducted in accordance with industry standards. 
    • The audit team is not sufficiently leveraging data analytics.
    • Audit engagements are not risk-based.
  9. Which of the following is the BEST way to help ensure new IT implementations align with enterprise architecture principles and requirements?

    • Conduct enterprise architecture reviews as part of the change advisory board.
    • Consider stakeholder concerns when defining the enterprise architecture.
    • Document the security view as part of the enterprise architecture.
    • Perform mandatory post-implementation reviews of IT implementations
  10. Which of the following is MOST important for the successful completion of a new application system?

    • Appropriate training of system analysts
    • Steering committee approval of the new system
    • Completion of a positive cost-benefit analysis
    • User participation in the project development
  11. An IS auditor was involved in the design phase for a new system’s security architecture. For the planned post-implementation audit, which of the following would be the MOST appropriate course of action for the auditor?

    • Have another auditor review the security architecture. 
    • Disclose the independence issues in the audit report.
    • Change the audit scope to exclude security architecture.
    • Postpone the post-implementation audit to a later date.
  12. Of the following, who should authorize a project management team’s request to take a mission-critical application offline to implement a new release and configuration?

    • Chief information security officer (CISO)
    • Project manager
    • Application administrator
    • Business process owner
  13. An IS auditor is asked to provide feedback on the systems options analysis for a new project. The BEST course of action for the IS auditor would be to:

    • identify the best alternative.
    • request at least one other alternative.
    • comment on the criteria used to assess the alternatives. 
    • retain comments as findings for the audit report.
  14. An IS audit had identified that default passwords for a newly implemented application were not changed. During the follow-up audit, which of the following would provide the BEST evidence that the finding was effectively addressed?

    • Written confirmation from management that the passwords were changed
    • Screenshots of system parameters requiring password changes on next login
    • Application log files that record the password changes 
    • System-generated emails requiring application users to change passwords
  15. Which of the following is the PRIMARY function of technology-driven enterprise architecture?

    • To provide guidance on technological decisions in the context of business strategy
    • To determine how new technologies fit into existing networks and data flows
    • To help develop project documentation and related business process roadmaps
    • To re-engineer business processes to make better use of technology
  16. Which of the following helps to ensure the integrity of data for an interface between a new billing system and an accounts receivable system?

    • Audit logs are available for 30 days.
    • Access to the data requires authentication.
    • Data files are encrypted during transmission.
    • Control totals are calculated.
  17. The results of a feasibility study for acquiring a new system should provide management with a clear understanding of:

    • the approach to meeting data processing needs. 
    • how hardware selection criteria are aligned with the IS strategic plan.
    • critical application systems’ utilization of computer resources.
    • application security over critical data processing.
  18. A configuration management audit identified that predefined automated procedures are used when deploying and configuring application infrastructure in a cloud-based environment. Which of the following is MOST important for the IS auditor to review?

    • Contracts of vendors responsible for maintaining provisioning tools
    • Processes for making changes to cloud environment specifications
    • Storage location of configuration management documentation
    • Number of administrators with access to cloud management consoles
  19. Which of the following is the PRIMARY objective of using a capability maturity model as a tool to communicate audit results to senior management?

    • To evaluate management’s action plan 
    • To confirm audit findings
    • To illustrate improvement opportunities
    • To prioritize remediation efforts
  20. Which of the following is the GREATEST advantage of implementing an IT enterprise architecture framework within an organization?

    • It helps to identify security issues in systems across the organization.
    • It better equips an organization to adopt innovative and emerging technologies.
    • It reduces the overlap of infrastructure technologies within the organization.
    • It improves the organization’s ability to meet service level agreements (SLAs).