Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 73

  1. Which of the following tools are MOST helpful for benchmarking an existing IT capability?

    • Prior IS audit reports
    • IT maturity models
    • Risk assessments
    • IT balanced scorecards
  2. Which of the following documents would be MOST useful in detecting a weakness in segregation of duties?

    • Entity-relationship diagram
    • Process flowchart 
    • Data flow diagram
    • Systems flowchart
  3. Which of the following test approaches would utilize data analytics to validate customer authentication controls for banking transactions?

    • Review transactions completed for one period that have blank customer identification fields. 
    • Attempt to complete a monetary transaction and leave the customer identification fields blank. 
    • Review the business requirements document for customer identification requirements.
    • Evaluate configuration settings for transactions requiring customer identification.
  4. The purpose of data migration testing is to validate data:

    • availability.
    • retention.
    • completeness.
    • confidentiality
  5. Which of the following is the BEST method to assess the adequacy of security awareness in an organization?

    • Confirming a security awareness program exists
    • Interviewing employees about security responsibility
    • Administering security survey questionnaires 
    • Observing employee security behaviors
  6. An organization uses a web server hosting critical applications. Which of the following would represent the HIGHEST risk regarding the availability and integrity of the web server?

    • Inadequate rotation of backups
    • Not disabling the server’s external drives
    • Not applying program fixes on a regular basis 
    • Placing the web server in the DMZ
  7. Which of the following tools is MOST helpful in estimating budgets for tasks within a large IT business application project?

    • Balanced scorecard
    • Gantt chart
    • Function point analysis (FPA)
    • Critical path methodology (CPM)
  8. The MAIN objective of incident management is to:

    • have an external computer security incident response team assess damage.
    • permit the incident to go on and follow the trail back to the beginning.
    • test for readiness to respond when facing an incident. 
    • keep the business going while the response is occurring.
  9. An organization is moving its on-site application servers to a service provider that operates a virtualized environment shared by multiple customers. Which of the following is the MOST significant risk to the organization?

    • Account hacking from other clients
    • Competing workloads from other clients 
    • Service provider access to organizational data
    • Service provider limiting the right to audit
  10. During a post-implementation review, which of the following is the BEST evidence that user requirements have been met?

    • Help desk incident tickets 
    • End-user documentation
    • Operator error logs
    • User acceptance testing sign-offs
  11. The application systems quality assurance (QA) function should:

    • assist programmers in designing and developing applications.
    • design and develop quality applications by employing system development methodology.
    • compare programs to approved system changes.
    • ensure adherence of programs to standards.
  12. During a post-implementation review, a step in determining whether a project met user requirements is to review the:

    • integrity of key calculations.
    • change requests initiated after go-live. 
    • completeness of user documentation.
    • effectiveness of user training.
  13. Which of the following reports can MOST effectively be used to analyze a systems performance problem?

    • Synchronization report
    • Console log 
    • Utilization report
    • Database usage log
  14. The PRIMARY objective of parallel testing an application is to confirm that:

    • the results of calculations in the new system are as accurate as the old system. 
    • system response times in the new system are better than the old system.
    • the costs of running the new system are the same as running the old system.
    • new system processing times are similar to those of the old system.
  15. Which of the following areas are the MOST likely cause of an application producing several erroneous reports?

    • A deficiency in user acceptance testing
    • A deficiency in patch management
    • A deficiency in IT resource allocation
    • A deficiency in database administration
  16. Which of the following is the BEST sampling method to use when estimating the rate of occurrence of a specific quality in a population?

    • Attribute sampling 
    • Stop-or-go sampling
    • Statistical sampling
    • Discovery sampling
  17. Which of the following is the BEST way to reduce the risk of vulnerabilities during the rapid deployment of container-based applications to a hybrid cloud?

    • Conduct a post-deployment security audit to identify vulnerabilities.
    • Conduct security auditing during the development life cycle.
    • Review a sample of historical production changes to identify abnormalities.
    • Review development and operations (DevOps) policies and procedures.
  18. Which of the following is the BEST evidence of the maturity of an organization’s information security program?

    • The number of reported incidents has increased.
    • The information security department actively monitors security operations.
    • The number of reported incidents has decreased.
    • IT security staff implements strict technical security controls.
  19. Which of the following types of controls would be MOST important to implement when digitizing human resource (HR) records?

    • Change management controls
    • Software development controls
    • Project management controls
    • Access management controls
  20. Senior management has allocated funding to each of the organization’s divisions to address information security vulnerabilities. The funding is based on each division’s technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?

    • Redundant controls may be implemented across divisions
    • Information security governance could be decentralized by divisions
    • Areas of highest risk may not be adequately prioritized for treatment
    • Return on investment may be inconsistently reported to senior management