CISA exam

Which of the following is MOST important for an effective control self-assessment (CSA) program?A . Determining the scope of the assessmentB . Performing detailed test proceduresC . Evaluating changes to the risk environmentD . Understanding the business processView AnswerAnswer: D Explanation: Understanding the business process is the most important factor...

Which of the following would be an IS auditor's GREATEST concern when reviewing the early stages of a software development project?A . The lack of technical documentation to support the program codeB . The lack of completion of all requirements at the end of each sprintC . The lack of...

Which of the following is MOST important with regard to an application development acceptance test?A . The programming team is involved in the testing process.B . All data files are tested for valid information before conversion.C . User management approves the test design before the test is started.D . The...

An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?A . Obtain error codes indicating failed data feeds.B . Appoint data quality champions across the organization.C ....

During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?A . Rollback strategyB . Test casesC . Post-implementation review objectivesD . Business caseView AnswerAnswer: D Explanation: The most important consideration for a go-live decision when implementing...

What is MOST important to verify during an external assessment of network vulnerability?A . Update of security information event management (SIEM) rulesB . Regular review of the network security policyC . Completeness of network asset inventoryD . Location of intrusion detection systems (IDS)View AnswerAnswer: C Explanation: An external assessment of...

During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:A . allocation of resources during an emergency.B . frequency of system testing.C . differences in IS policies and procedures.D . maintenance of hardware and software compatibility.View AnswerAnswer: A Explanation:...

Which of the following should an IS auditor recommend as a PRIMARY area of focus when an organization decides to outsource technical support for its external customers?A . Align service level agreements (SLAs) with current needs.B . Monitor customer satisfaction with the change.C . Minimize costs related to the third-party...

Which of the following BEST guards against the risk of attack by hackers?A . TunnelingB . EncryptionC . Message validationD . FirewallsView AnswerAnswer: B Explanation: The best guard against the risk of attack by hackers is encryption. Encryption is the process of transforming data into an unreadable format using a...

An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system. End users indicated concerns with the accuracy of critical automatic calculations made by the system. The auditor's FIRST course of action should be to:A . review recent changes to the system.B . verify completeness of...