Tag - CISA exam

 Which of the following observations of change management should be considered by the information system auditor to be the most serious risk?A . Two weeks after the approval, the changes were deployed.B . The change has not been approved by the business ownerC . No software tracking change management.D...

 Which of the following methods provides the best assurance and user confidence when companies move data to more complex enterprise resource planning (ERP) systems?A . User acceptance testB . Staged conversionC . Pilot testD . Parallel processingView AnswerAnswer: A

 Conduct a web review to assess security risks. During the review process, which of the following questions will be most noticed?A . Accessing the Internet from PC via a modemB . Accessing the Internet through the router through the internal networkC . Access to the internal network through the...

 Which of the following is the main benefit of using an integrated audit approach?A . Increased resource allocation and reduced audit costsB . A comprehensive perspective on overall risk and a better understanding of controlC . Higher acceptance of audited business areasD . Avoid duplication of work and redundancy...

 Information system auditors have identified separation of duties in enterprise resource planning (ERP) systems. Which of the following is the best way to prevent repetitive configuration from occurring?A . Use a role-based model to grant user accessB . Regularly monitor access rightsC . Correcting separation of dutiesD . Reference...

 Which of the following is the biggest concern for open USB ports on end-user computers?A . Data corruptionB . Connecting personal devicesC . Install the unauthorized softwareD . Data leakageView AnswerAnswer: D

 For information systems auditors, which of the following is critical to assessing fire prevention measures in a manpowered data center located on the upper floors of a multi-story building?A . Documentary records of regular inspections by local fire departmentsB . Documentary records of tested emergency evacuation plansC . If...

 Which of the following should be the most important factor driving a single application availability requirement when developing a disaster recovery plan?A . Confidentiality of data processed by the applicationB . The criticality of the business processes supported by the applicationC . Total cost of ownership (TCO) of the...

 Which of the following is the best way to identify fraudulent activity in a transaction processing system?A . Check the authorized traffic and time saved by the systemB . Check the source code of the applicationC . Statistical analysis and classification of all transactionsD . Review whether the transaction...

 What are the main reasons for including source code escrow terms in the application vendor agreement?A . Make sure the source code remains availableB . Isolation system development and on-site environmentC . Protecting companies from copyright disputesD . Make sure the source code changes are recordedView AnswerAnswer: A