CISA : Certified Information Systems Auditor : Part 56

Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 56

1. Implementing which of the following would BEST address issues relating to the aging of IT systems?

   • IT project management
   • Release management
   • Application portfolio management
   • Configuration management

2. The MOST efficient way to confirm that an ERP system being implemented satisfies business expectations is to utilize which of the following types of testing?

   • Parallel
   • Pilot
   • Sociability
   • Alpha

3. An organization has implemented a distributed security administration system to replace the previous centralized one. The IS auditor’s GREATEST concern should be that:

   • security procedures may be inadequate to support the change.
   • end-user acceptance of the new system is likely to be difficult to obtain.
   • the new system will require additional training.
   • a distributed security system is inherently a weak security system.

4. Which of the following is the BEST indication of the completeness of interface control documents used for the development of a new application?

   • All documents have been reviewed by end users.
   • All inputs and outputs for potential actions are included.
   • Failed interface data transfers prevent subsequent processes.
   • Both successful and failed interface data transfers are recorded.

5. An IS auditor identified hard-coded credentials within the source code of recently developed software when evaluating its readiness for implementation. Which of the following would be the auditor’s BEST recommendation?

   • Ensure source code reviews and debugging are performed and documented.
   • Ensure revisions of source code can be tracked and rollback can be performed.
   • Ensure documented evidence of source code being kept in escrow is retained.
   • Ensure log reports are retained of all persons updating software source code.

6. Assurance tasks required to support security accreditation/certification should be identified:

   • during the project planning stage.
   • after necessary modifications are completed.
   • during the user acceptance phase.
   • after the quality-assurance plan development.

7. During an audit in a small organization, an IS auditor finds that some developers have access to migrate changes to the production environment. Which of the following should the auditor do NEXT?

   • Review change logs for segregation of duties.
   • Verify whether compensating controls exist.
   • Advise immediate removal of developer access to production.
   • Review the information security policy.

8. What is the PRIMARY reason for conducting a risk assessment when developing an annual IS audit plan?

   • Identify and prioritize audit areas
   • Determine the existence of controls in audit areas
   • Provide assurance material items will be covered
   • Decide which audit procedures and techniques to use

9. An IS auditor is preparing a data set for a data analytics project. The data will be used to benchmark a new computer-assisted audit technique (CAAT) tool being developed. Which of the following will help to ensure the data cannot be identified?

   • Data masking
   • Encryption
   • Anonymization
   • Data redaction

10. Which of the following is MOST important to have in place before developing a disaster recovery plan (DRP)?

    • A duplicate processing facility
    • Defined acceptable downtime
    • Appropriate insurance coverage
    • System restoration procedures

11. Which of the following should be of MOST concern to an IS auditor reviewing the information systems acquisition, development, and implementation process?

    • Data owners are not trained on the use of data conversion tools.
    • There is no process for post-implementation approval of emergency changes.
    • System deployment is routinely performed by contractors.
    • There is no system documentation available for review.

12. During which process is regression testing MOST commonly used?

    • Stress testing
    • Program development
    • System modification
    • Unit testing

13. A startup company is considering the use of a cloud service provider to obtain additional computing power needed for software development and testing. Which of the following service models is MOST appropriate in this situation?

    • Database as a Service (DBaaS)
    • Software as a Service (SaaS)
    • Storage as a Service (STaaS)
    • Platform as a Service (PaaS)

14. An organization is planning to develop a system using rapid application development (RAD) in order to meet quick turnaround times. Which of the following is the GREATEST potential risk associated with this type of application development?

    • Users may be unavailable to contribute.
    • Costs could spiral out of control.
    • User requirements may not be met.
    • The project deadline could be delayed.

15. For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization’s information security plan includes:

    • security training prior to implementation.
    • security requirements for the new application.
    • attributes for system passwords.
    • the firewall configuration for the web server.

16. Which of the following risk management activities is MOST important to complete before implementing an enterprise resource planning (ERP) system?

    • Optimize business process designs.
    • Validate compliance with applicable local financial regulations.
    • Define the organization’s control objectives.
    • Appoint an independent risk advisory firm to provide support.

17. An organization has contracted with a third party to implement and configure a new accounting application. Once the application is implemented, in-house staff will provide all application support and maintenance. Which of the following is MOST important to the success of this initiative?

    • Documenting an implementation plan
    • Establishing a knowledge transfer plan
    • Conducting a post-implementation review
    • Ensuring the third party completed testing

18. When participating as a member of a system development team, the IS auditor should be aware that:

    • as a control specialist, the auditor can provide significant value to the project team by making the final decision on specific controls.
    • the auditor’s ability to perform an independent evaluation of the application after implementation will be impaired.
    • for ongoing evaluation capability, the auditor should ensure that computer audit software is implemented in all applications.
    • the auditor should sign a statement of independence prior to participating in the project team.

19. Who is PRIMARILY responsible for data integrity and security when implementing a new application?

    • Application end users
    • Project manager
    • Data custodian
    • Data owner

20. Which of the following would MOST likely lead an organization to consider implementing an IT quality assurance (QA) program?

    • Decrease in stakeholder satisfaction with IT projects
    • Increase in the use of non-standard IT infrastructure
    • Increase in cyber intrusions across the organization
    • Overspend of IT budgets in various IT projects