Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 58

  1. Which of the following is MOST important to verify when implementing an organization’s information security program?

    • The IT department has developed and implemented training programs.
    • The security program is adequately funded in the budget.
    • The organization’s security strategy is documented and approved.
    • The security program has been benchmarked to industry standards.
  2. The results of an IS audit indicating the need to strengthen controls has been communicated to the appropriate stakeholders. Which of the following is the BEST way for management to enforce implementation of the recommendations?

    • Copy senior management on communications related to the audit
    • Have stakeholders develop a business case for control changes
    • Assign ownership to each remediation activity
    • Request auditors to design a roadmap for closure
  3. During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:

    • proposed functionality of the application.
    • development methodology employed.
    • future compatibility of the design.
    • controls incorporated into the system specifications.
  4. Which of the following is a challenge in developing a service level agreement (SLA) for network services?

    • Reducing the number of entry points into the network
    • Ensuring that network components are not modified by the client
    • Establishing a well-designed framework for network services
    • Finding performance metrics that can be measured properly
  5. Which of the following is the MOST appropriate role for an IS auditor assigned as a team member for a software development project?

    • Implementing controls within the software
    • Performing a mid-team evaluation of the project management process
    • Monitoring assessed risk for the project
    • Developing user acceptance testing (UAT) scripts
  6. The IS auditor has recommended that management test a new system before using it in production mode. The BEST approach for management in developing a test plan is to use processing parameters that are:

    • randomly selected by a test generator
    • simulated by production entities and customers
    • provided by the vendor of the application
    • randomly selected by the user
  7. An IS auditor assessing the controls within a newly implemented call center would FIRST:

    • review the manual and automated controls in the call center
    • test the technical infrastructure at the call center
    • evaluate the operational risk associated with the call center
    • gather information from the customers regarding response times and quality of service
  8. A small financial institution is preparing to implement a check image processing system to support planned mobile banking product offerings. Which of the following is MOST critical to the successful implementation of the system?

    • Feasibility studies
    • Control design
    • Integration testing
    • End user training
  9. During a project meeting for the implementation of an enterprise resource planning (ERP), a new requirement is requested by the finance department. Which of the following would BEST indicate to an IS auditor that the resulting risk to the project has been assessed?

    • The analysis of the cost and time impact of the requirement
    • The updated business requirements
    • The project status as reported in the meeting minutes
    • The approval of the change by the finance department
  10. An organization has recently implemented a Voice-over IP (VoIP) communication system. Which of the following should be the IS auditor’s PRIMARY concern?

    • Lack of integration of voice and data communications
    • A single point of failure for both voice and data communications
    • Voice quality degradation due to packet loss
    • Inability to use virtual private networks (VPNs) for internal traffic
  11. Which of the following would be MOST useful to an organization planning to adopt a public cloud computing model?

    • Independent control assessment
    • Audit report prepared by the service provider
    • Management attestation report
    • Service level agreement (SLA) performance metrics
  12. An organization plans to implement a virtualization strategy enabling multiple operating systems on a single host. Which of the following should be the GREATEST concern with this strategy?

    • Adequate storage space
    • Complexity of administration
    • Network bandwidth
    • Application performance
  13. An organization considers implementing a system that uses a technology that is not in line with the organization’s IT strategy. Which of the following is the BEST justification for deviating from the IT strategy?

    • The system has a reduced cost of ownership.
    • The organization has staff familiar with the technology.
    • The business benefits are achieved even with extra costs.
    • The system makes use of state-of-the-art technology.
  14. When introducing a maturity model to the IT management process, it is BEST to align the maturity level to a point that reflects which of the following?

    • Ideal business production level
    • Minimum cost expenditure level
    • Maximum risk tolerance level
    • Industry-standard practice level
  15. Which of the following methodologies is MOST appropriate to use for developing software with incomplete requirements?

    • Process-based
    • Critical chain
    • Waterfall
    • Agile
  16. Which of the following is MOST important to the effective management of an end user-developed application?

    • Implementing best practice folder structures
    • Continuous monitoring to facilitate prompt escalation of issues
    • Assigning risk ratings based on probability and impact
    • Stress testing the application through use of data outliers
  17. A development team has designed a new application and incorporated best practices for secure coding. Prior to launch, which of the following is the IS auditor’s BEST recommendation to mitigate the associated security risk?

    • User acceptance testing
    • Unit testing
    • Integration testing
    • Penetration testing
  18. Which of the following should be reviewed FIRST when assessing the effectiveness of an organization’s network security procedures and controls?

    • Data recovery capability
    • Inventory of authorized devices
    • Vulnerability remediation
    • Malware defenses
  19. An organization is implementing the use of mobile devices that will connect to sensitive corporate applications. Which of the following is the BEST recommendation to mitigate risk of data leakage?

    • Remote data wipe
    • GPS tracking software
    • Encrypted RFID tags
    • Data encryption
  20. The PRIMARY responsibility of a project steering committee is to:

    • ensure that each project deadline is met
    • undertake final acceptance of the system for implementation
    • ensure that systems developed meet business needs
    • provide day-to-day guidance and oversight