Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 26

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2751

Question

The PRIMARY reason for allocating sufficient time between the `go-live` phase of a new system and conducting a post-implementation review is to:

A. update project requirements and design documentation
B. increase availability of system implementation team resources
C. allow the system to stabilize in production
D. obtain sign-off on the scope of post-implementation review

Answer

C. allow the system to stabilize in production

CISA Question 2752

Question

Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?

A. Periodic risk assessment
B. Full operational test
C. Frequent testing of backups
D. Annual walk-through testing

Answer

B. Full operational test

CISA Question 2753

Question

Which of the following MUST be included in emergency change control procedures?

A. Obtaining user management approval before implementing the changes
B. Updating production source libraries to reflect the changes
C. Using an emergency ID to move production programs into development
D. Requesting that the help desk makes the changes

Answer

A. Obtaining user management approval before implementing the changes

CISA Question 2754

Question

To develop meaningful recommendations for findings, which of the following is MOST important for an IS auditor to determine and understand?

A. Criteria
B. Responsible party
C. Impact
D. Root cause

Answer

C. Impact

CISA Question 2755

Question

During development of an information security policy, which of the following would BEST ensure alignment to business objectives?

A. Incorporation of industry best practices
B. Linkage between policy and procedures
C. Use of a balanced scorecard
D. Input from relevant stakeholders

Answer

C. Use of a balanced scorecard

CISA Question 2756

Question

A company is using a software developer for a project. At which of the following points should the software quality assurance (QA) plan be developed?

A. As part of software definition
B. During the feasibility phase
C. Prior to acceptance testing
D. As part of the design phase

Answer

D. As part of the design phase

CISA Question 2757

Question

The GREATEST benefit of using a prototyping approach in software development is that it helps to:

A. decrease the time allocated for user testing and review
B. minimize scope changes to the system
C. conceptualize and clarify requirements
D. improve efficiency of quality assurance (QA) testing

Answer

C. conceptualize and clarify requirements

CISA Question 2758

Question

Which of the following would create the GREATEST risk when migrating a critical legacy system to a new system?

A. Using agile development methodology
B. Following a phased approach
C. Following a direct cut-over approach
D. Maintaining parallel systems

Answer

C. Following a direct cut-over approach

CISA Question 2759

Question

An IT management group has developed a standardized security control checklist and distributed it to the control self-assessors in each organizational unit. Which of the following is the GREATEST risk in this approach?

A. Delayed feedback may increase exposures
B. Over time the checklist may become outdated
C. Assessors may manipulate the results
D. Business-specific vulnerabilities may be overlooked

Answer

D. Business-specific vulnerabilities may be overlooked

CISA Question 2760

Question

Hamid needs to shift users from using the application from the existing (Old) system to the replacing (new) system. His manager Lily has suggested he uses an approach in which the newer system is changed over from the older system on a cutoff date and time and the older system is discontinued once the changeover to the new system takes place. Which of the following changeover approach is suggested by Lily?

A. Parallel changeover
B. Phased changeover
C. Abrupt changeover
D. Pilot changeover

Answer

C. Abrupt changeover

Explanation

In the abrupt changeover approach the newer system is changed over from the older system on a cutoff date and time, and the older system is discontinued once changeover to the new system takes place.
Changeover refers to an approach to shift users from using the application from the existing (old) system to the replacing (new) system.
Changeover to newer system involves four major steps or activities
Conversion of files and programs; test running on test bed
Installation of new hardware, operating system, application system and the migrated data.
Training employees or user in groups
Scheduling operations and test running for go-live or changeover
Some of the risk areas related to changeover includes:
Asset safeguarding –
Data integrity –
System effectiveness –
Change management challenges –
Duplicate or missing records –

The following were incorrect answers:
Parallel changeover – This technique includes running the old system, then running both the old and new systems in parallel and finally full changing over to the new system after gaining confidence in the working of new system.
Phased Changeover -In this approach the older system is broken into deliverables modules. Initially, the first module of older system is phased out using the first module of a new system. Then, the second module of the newer system is phased out, using the second module of the newer system and so forth until reaching the last module.
Pilot changeover – Not a valid changeover type.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker