Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 56

  1. Implementing which of the following would BEST address issues relating to the aging of IT systems?

    • IT project management
    • Release management
    • Application portfolio management
    • Configuration management
  2. The MOST efficient way to confirm that an ERP system being implemented satisfies business expectations is to utilize which of the following types of testing?

    • Parallel
    • Pilot
    • Sociability
    • Alpha
  3. An organization has implemented a distributed security administration system to replace the previous centralized one. The IS auditor’s GREATEST concern should be that:

    • security procedures may be inadequate to support the change.
    • end-user acceptance of the new system is likely to be difficult to obtain.
    • the new system will require additional training.
    • a distributed security system is inherently a weak security system.
  4. Which of the following is the BEST indication of the completeness of interface control documents used for the development of a new application?

    • All documents have been reviewed by end users.
    • All inputs and outputs for potential actions are included.
    • Failed interface data transfers prevent subsequent processes.
    • Both successful and failed interface data transfers are recorded.
  5. An IS auditor identified hard-coded credentials within the source code of recently developed software when evaluating its readiness for implementation. Which of the following would be the auditor’s BEST recommendation?

    • Ensure source code reviews and debugging are performed and documented.
    • Ensure revisions of source code can be tracked and rollback can be performed.
    • Ensure documented evidence of source code being kept in escrow is retained.
    • Ensure log reports are retained of all persons updating software source code.
  6. Assurance tasks required to support security accreditation/certification should be identified:

    • during the project planning stage.
    • after necessary modifications are completed.
    • during the user acceptance phase.
    • after the quality-assurance plan development.
  7. During an audit in a small organization, an IS auditor finds that some developers have access to migrate changes to the production environment. Which of the following should the auditor do NEXT?

    • Review change logs for segregation of duties.
    • Verify whether compensating controls exist.
    • Advise immediate removal of developer access to production.
    • Review the information security policy.
  8. What is the PRIMARY reason for conducting a risk assessment when developing an annual IS audit plan?

    • Identify and prioritize audit areas
    • Determine the existence of controls in audit areas
    • Provide assurance material items will be covered
    • Decide which audit procedures and techniques to use
  9. An IS auditor is preparing a data set for a data analytics project. The data will be used to benchmark a new computer-assisted audit technique (CAAT) tool being developed. Which of the following will help to ensure the data cannot be identified?

    • Data masking
    • Encryption
    • Anonymization
    • Data redaction
  10. Which of the following is MOST important to have in place before developing a disaster recovery plan (DRP)?

    • A duplicate processing facility
    • Defined acceptable downtime
    • Appropriate insurance coverage
    • System restoration procedures
  11. Which of the following should be of MOST concern to an IS auditor reviewing the information systems acquisition, development, and implementation process?

    • Data owners are not trained on the use of data conversion tools.
    • There is no process for post-implementation approval of emergency changes.
    • System deployment is routinely performed by contractors.
    • There is no system documentation available for review.
  12. During which process is regression testing MOST commonly used?

    • Stress testing
    • Program development
    • System modification
    • Unit testing
  13. A startup company is considering the use of a cloud service provider to obtain additional computing power needed for software development and testing. Which of the following service models is MOST appropriate in this situation?

    • Database as a Service (DBaaS)
    • Software as a Service (SaaS)
    • Storage as a Service (STaaS)
    • Platform as a Service (PaaS)
  14. An organization is planning to develop a system using rapid application development (RAD) in order to meet quick turnaround times. Which of the following is the GREATEST potential risk associated with this type of application development?

    • Users may be unavailable to contribute.
    • Costs could spiral out of control.
    • User requirements may not be met.
    • The project deadline could be delayed.
  15. For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization’s information security plan includes:

    • security training prior to implementation.
    • security requirements for the new application.
    • attributes for system passwords.
    • the firewall configuration for the web server.
  16. Which of the following risk management activities is MOST important to complete before implementing an enterprise resource planning (ERP) system?

    • Optimize business process designs.
    • Validate compliance with applicable local financial regulations.
    • Define the organization’s control objectives.
    • Appoint an independent risk advisory firm to provide support.
  17. An organization has contracted with a third party to implement and configure a new accounting application. Once the application is implemented, in-house staff will provide all application support and maintenance. Which of the following is MOST important to the success of this initiative?

    • Documenting an implementation plan
    • Establishing a knowledge transfer plan
    • Conducting a post-implementation review
    • Ensuring the third party completed testing
  18. When participating as a member of a system development team, the IS auditor should be aware that:

    • as a control specialist, the auditor can provide significant value to the project team by making the final decision on specific controls.
    • the auditor’s ability to perform an independent evaluation of the application after implementation will be impaired.
    • for ongoing evaluation capability, the auditor should ensure that computer audit software is implemented in all applications.
    • the auditor should sign a statement of independence prior to participating in the project team.
  19. Who is PRIMARILY responsible for data integrity and security when implementing a new application?

    • Application end users
    • Project manager
    • Data custodian
    • Data owner
  20. Which of the following would MOST likely lead an organization to consider implementing an IT quality assurance (QA) program?

    • Decrease in stakeholder satisfaction with IT projects
    • Increase in the use of non-standard IT infrastructure
    • Increase in cyber intrusions across the organization
    • Overspend of IT budgets in various IT projects