CISA Online Practice Questions and Answers

Which of the following findings should be of GREATEST concern to an IS auditor assessing the risk associated with end-user computing (EUC) in an organization?

A. Insufficient processes to track ownership of each EUC application?

B. Insufficient processes to lest for version control

C. Lack of awareness training for EUC users

D. Lack of defined criteria for EUC applications

Controls related to authorized modifications to production programs are BEST tested by:

A. tracing modifications from the original request for change forward to the executable program.

B. tracing modifications from the executable program back to the original request for change.

C. testing only the authorizations to implement the new program.

D. reviewing only the actual lines of source code changed in the program.

Which of the following should an IS auditor verify when auditing the effectiveness of virus protection?

A. Frequency of IDS log reviews

B. Currency of software patch application

C. Schedule for migration to production

D. Frequency of external Internet access

Which of the following is the BEST compensating control for a lack of proper segregation of duties in an IT department?

A. Authorization forms

B. Audit trail reviews

C. System activity logging

D. Control self-assessment (CSA)

An information security manager is developing evidence preservation procedures for an incident response plan. Which of the following would be the BEST source of guidance for requirements associated with the procedures?

A. IT management

B. Executive management

C. Legal counsel

D. Data owners

Which of the following would be MOST useful for determining whether the goals of IT are aligned with the organization's goals?

A. Balanced scorecard

B. Enterprise architecture

C. Key performance indicators

D. Enterprise dashboard

Which of the following type of testing has two major categories: QAT and UAT?

A. Interface testing

B. Unit Testing

C. System Testing

D. Final acceptance testing

Which of the following is MOST important to ensure when reviewing a global organization's controls to protect data held on its IT infrastructure across all of its locations?

A. Relevant data protection legislation and regulations for each location are adhered to.

B. Technical capabilities exist in each location to manage the data and recovery operations

C. The capacity of underlying communications infrastructure in the host locations is sufficient.

D. The threat of natural disasters in each location hosting infrastructure has been accounted for.

Which of the following implementation strategies for new applications presents the GREATEST risk during data conversion and migration from an old system to a new system?

A. Pilot implementation

B. Phased implementation

C. Direct cutover

D. Parallel simulation

When deploying an application that was created using the programming language and tools supported by the cloud provider, the MOST appropriate cloud computing model for an organization to adopt is: A. Platform as a Service (PaaS).

B. Software as a Service (SaaS).

C. Infrastructure as a Service (laaS).

D. Identity as a Service (IDaaS).