Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
CISA
Free trial
Verified
Question 26
In an organization's feasibility study to acquire hardware to support a new web server, omission of which of the following would be of MOST concern?
- A: Reputation of potential vendors
- B: Alternatives for financing the acquisition
- C: Financial stability of potential vendors
- D: Cost-benefit analysis of available products
Question 27
Which of the following is MOST helpful for understanding an organization’s key driver to modernize application platforms?
- A: Network architecture diagrams
- B: Inventory of end-of-life software
- C: Vendor software invoices
- D: System-wide incident reports
Question 28
An IS auditor is reviewing results from the testing of an organization’s disaster recovery plan (DRP). Which of the following findings should be of GREATEST concern?
- A: The testing was done after implementing a business application.
- B: The backups at the DR site are not encrypted.
- C: The testing was done during critical business hours.
- D: The backups at the DR site are unreadable.
Question 29
Demonstrated support from which of the following roles in an organization has the MOST influence over information security governance?
- A: Information security steering committee
- B: Chief information security officer (CISO)
- C: Board of directors
- D: Chief information officer (CIO)
Question 30
An employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?
- A: Automated logging of changes to development libraries should be instituted.
- B: Procedures should be established to ensure that program changes are identified and approved.
- C: Additional staff should be recruited to provide separation of duties.
- D: Access control should prevent the operator from making program modifications.
Question 31
A national bank recently migrated a large number of business-critical applications to the cloud. Which of the following is MOST important to ensuring the resiliency of the applications?
- A: Conducting periodic system stress testing
- B: Negotiating a service level agreement (SLA) with the provider
- C: Using a monitoring tool to assess uptime
- D: Creating restore points for critical applications
Question 32
Which of the following should be an IS auditor's PRIMARY consideration when evaluating the development and design of a privacy program?
- A: Policies and procedures consistent with privacy guidelines
- B: Industry practice and regulatory compliance guidance
- C: Information security and incident management practices
- D: Privacy training and awareness program for employees
Question 33
Which of the following should be of GREATEST concern to an IS auditor reviewing an organization’s newly established enterprise architecture (EA)?
- A: The business leaders were not consulted when designing the IT architecture.
- B: Standard architecture methodology was not adopted for designing the IT architecture.
- C: Staff responsible for designing the IT architecture do not hold a related certification.
- D: External experts were not consulted when designing the IT architecture.
Question 34
Which of the following BEST enables an organization to manage unexpected or on-request jobs?
- A: Service level agreements (SLAs)
- B: Job scheduling software
- C: Job scheduling by the service desk
- D: Console logs
Question 35
When protecting mobile devices, which of the following is the PRIMARY risk mitigated by authentication controls?
- A: Software updates
- B: Data availability and integrity
- C: Internal or external security breaches
- D: IT service failure
Question 36
Which of the following BEST helps to ensure data integrity across system interfaces?
- A: Reconciliations
- B: Environment segregation
- C: Access controls
- D: System backups
Question 37
During a review of an organization’s technology policies, which of the following observations should be of MOST concern to the IS auditor?
- A: Business objectives are not defined.
- B: Legal requirements are not considered.
- C: A globally acknowledged framework is not used.
- D: The policies have not been reviewed within the last three years.
Question 38
Which of the following provides a new IS auditor with the MOST useful information to evaluate overall IT performance?
- A: Prior audit reports
- B: IT balanced scorecard
- C: Vulnerability assessment report
- D: IT value analysis
Question 39
Which risk response has been adopted by a risk owner postponing the implementation of proper controls due to budget constraints?
- A: Transfer
- B: Acceptance
- C: Avoidance
- D: Mitigation
Question 40
Before the release of a new application into an organization's production environment, which of the following should be in place to ensure that proper testing has occurred and rollback plans are in place?
- A: Independent third-party approval
- B: Standardized change requests
- C: Secure code review
- D: Change approval board
Question 41
Which of the following BEST describes the role of the IS auditor in a control self-assessment (CSA)?
- A: Implementer
- B: Approver
- C: Reviewer
- D: Facilitator
Question 42
Which of the following is the BEST indication that there are potential problems within an organization's IT service desk function?
- A: Lack of key performance indicators (KPIs)
- B: An excessive backlog of user requests
- C: Undocumented operating procedures
- D: Lack of segregation of duties
Question 43
Which of the following is the PRIMARY objective of cyber resiliency?
- A: To efficiently and effectively recover from an incident with limited operational impact
- B: To prevent potential attacks or disruptions in operations
- C: To limit the severity of security breaches and maintain continuous operations
- D: To resume normal operations after service disruptions
Question 44
During a post-implementation review, which of the following provides the BEST evidence that user requirements have been met?
- A: Operator error logs
- B: End-user documentation
- C: User acceptance testing (UAT)
- D: Management interviews
Question 45
An IS auditor assessing an organization’s information systems needs to understand management’s approach regarding controls. Which documentation should the auditor review FIRST?
- A: Policies
- B: Standards
- C: Guidelines
- D: Procedures
Question 46
Which of the following is MOST useful for matching records of incoming and outgoing personnel to identify tailgating in physical security logs?
- A: Discovery sampling methodology
- B: Continuous auditing
- C: Data analytics tools
- D: Reconciliation with HR records
Question 47
Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts payable system. Which of the following is the IS auditor's BEST recommendation for a compensating control?
- A: Require written authorization for all payment transactions.
- B: Review payment transaction history.
- C: Reconcile payment transactions with invoices.
- D: Restrict payment authorization to senior staff members.
Question 48
An IS auditor assesses an organization's backup management practices for optimization potential. Which of the following features of a regular backup tape reorganization job BEST enables the organization to realize cost savings?
- A: Refreshed data written on tapes
- B: Rotation of backup tapes
- C: Decommissioning of old tapes
- D: Defragmentation of data on tapes
Question 49
Which of the following is MOST important to define within a disaster recovery plan (DRP)?
- A: Roles and responsibilities for recovery team members
- B: Test results for backup data restoration
- C: A comprehensive list of disaster recovery scenarios and priorities
- D: Business continuity plan (BCP)
Question 50
Which of the following findings should be of MOST concern to an IS auditor assessing agile software development practices?
- A: There is a low acceptance rate by the business of delivered software.
- B: Testing is performed by both software developers and testers.
- C: Release plans have been revised several times before actual release.
- D: The IT team feels unable to strictly follow standard agile practices.
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!