Last Updated on December 13, 2021 by Admin 3
CISA : Certified Information Systems Auditor : Part 56
- CISA : Part 1 - 40
- CISA : Part 41 - 80
- CISA : Part 81 - 120
- CISA : Part 121 - 160
- CISA : Part 161 - 172
-
Implementing which of the following would BEST address issues relating to the aging of IT systems?
- IT project management
- Release management
- Application portfolio management
- Configuration management
-
The MOST efficient way to confirm that an ERP system being implemented satisfies business expectations is to utilize which of the following types of testing?
- Parallel
- Pilot
- Sociability
- Alpha
-
An organization has implemented a distributed security administration system to replace the previous centralized one. The IS auditor’s GREATEST concern should be that:
- security procedures may be inadequate to support the change.
- end-user acceptance of the new system is likely to be difficult to obtain.
- the new system will require additional training.
- a distributed security system is inherently a weak security system.
-
Which of the following is the BEST indication of the completeness of interface control documents used for the development of a new application?
- All documents have been reviewed by end users.
- All inputs and outputs for potential actions are included.
- Failed interface data transfers prevent subsequent processes.
- Both successful and failed interface data transfers are recorded.
-
An IS auditor identified hard-coded credentials within the source code of recently developed software when evaluating its readiness for implementation. Which of the following would be the auditor’s BEST recommendation?
- Ensure source code reviews and debugging are performed and documented.
- Ensure revisions of source code can be tracked and rollback can be performed.
- Ensure documented evidence of source code being kept in escrow is retained.
- Ensure log reports are retained of all persons updating software source code.
-
Assurance tasks required to support security accreditation/certification should be identified:
- during the project planning stage.
- after necessary modifications are completed.
- during the user acceptance phase.
- after the quality-assurance plan development.
-
During an audit in a small organization, an IS auditor finds that some developers have access to migrate changes to the production environment. Which of the following should the auditor do NEXT?
- Review change logs for segregation of duties.
- Verify whether compensating controls exist.
- Advise immediate removal of developer access to production.
- Review the information security policy.
-
What is the PRIMARY reason for conducting a risk assessment when developing an annual IS audit plan?
- Identify and prioritize audit areas
- Determine the existence of controls in audit areas
- Provide assurance material items will be covered
- Decide which audit procedures and techniques to use
-
An IS auditor is preparing a data set for a data analytics project. The data will be used to benchmark a new computer-assisted audit technique (CAAT) tool being developed. Which of the following will help to ensure the data cannot be identified?
- Data masking
- Encryption
- Anonymization
- Data redaction
-
Which of the following is MOST important to have in place before developing a disaster recovery plan (DRP)?
- A duplicate processing facility
- Defined acceptable downtime
- Appropriate insurance coverage
- System restoration procedures
-
Which of the following should be of MOST concern to an IS auditor reviewing the information systems acquisition, development, and implementation process?
- Data owners are not trained on the use of data conversion tools.
- There is no process for post-implementation approval of emergency changes.
- System deployment is routinely performed by contractors.
- There is no system documentation available for review.
-
During which process is regression testing MOST commonly used?
- Stress testing
- Program development
- System modification
- Unit testing
-
A startup company is considering the use of a cloud service provider to obtain additional computing power needed for software development and testing. Which of the following service models is MOST appropriate in this situation?
- Database as a Service (DBaaS)
- Software as a Service (SaaS)
- Storage as a Service (STaaS)
- Platform as a Service (PaaS)
-
An organization is planning to develop a system using rapid application development (RAD) in order to meet quick turnaround times. Which of the following is the GREATEST potential risk associated with this type of application development?
- Users may be unavailable to contribute.
- Costs could spiral out of control.
- User requirements may not be met.
- The project deadline could be delayed.
-
For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization’s information security plan includes:
- security training prior to implementation.
- security requirements for the new application.
- attributes for system passwords.
- the firewall configuration for the web server.
-
Which of the following risk management activities is MOST important to complete before implementing an enterprise resource planning (ERP) system?
- Optimize business process designs.
- Validate compliance with applicable local financial regulations.
- Define the organization’s control objectives.
- Appoint an independent risk advisory firm to provide support.
-
An organization has contracted with a third party to implement and configure a new accounting application. Once the application is implemented, in-house staff will provide all application support and maintenance. Which of the following is MOST important to the success of this initiative?
- Documenting an implementation plan
- Establishing a knowledge transfer plan
- Conducting a post-implementation review
- Ensuring the third party completed testing
-
When participating as a member of a system development team, the IS auditor should be aware that:
- as a control specialist, the auditor can provide significant value to the project team by making the final decision on specific controls.
- the auditor’s ability to perform an independent evaluation of the application after implementation will be impaired.
- for ongoing evaluation capability, the auditor should ensure that computer audit software is implemented in all applications.
- the auditor should sign a statement of independence prior to participating in the project team.
-
Who is PRIMARILY responsible for data integrity and security when implementing a new application?
- Application end users
- Project manager
- Data custodian
- Data owner
-
Which of the following would MOST likely lead an organization to consider implementing an IT quality assurance (QA) program?
- Decrease in stakeholder satisfaction with IT projects
- Increase in the use of non-standard IT infrastructure
- Increase in cyber intrusions across the organization
- Overspend of IT budgets in various IT projects
- CISA : Part 1 - 40
- CISA : Part 41 - 80
- CISA : Part 81 - 120
- CISA : Part 121 - 160
- CISA : Part 161 - 172