Certified Information Systems Auditor
CISA Exam Questions With Verified
Solutions!!
Information system auditors have identified separation of duties in enterprise
resource planning (ERP) systems.
Which of the following is the best way to prevent repetitive configuration from
occurring?
A. Use a role-based model to grant user access
B. Regularly monitor access rights
C. Correcting separation of duties
D. Reference standard user access matrix - ANSWERA. Use a role-based model to
grant user access
Which of the following should be the most important factor driving a single
application availability requirement when developing a disaster recovery plan?
A. Confidentiality of data processed by the application
B. The criticality of the business processes supported by the application
C. Total cost of ownership (TCO) of the application
D. Support the application's network bandwidth - ANSWERB. The criticality of the
business processes supported by the application
In order to develop a robust data security program, the first step you should take is:
A. Talk to the senior management level of IT.
B. Implement monitoring controls.
C. Implement data loss prevention measures
D. Perform inventory of assets - ANSWERD. Perform inventory of assets
he advantage of object-oriented system development is that it:
A. Suitable for data with complex relationships
B. Partition the system as a client server architecture
C. Easier to program than procedural languages
D. Reduce system documentation requirements - ANSWERA. Suitable for data with
complex relationships
The company's operational procedures require urgent changes to be approved for
business within 7 days of the occurrence. The Information Systems Auditor indicates
that the manager verifies process compliance by performing a monthly review via
uncompleted urgent change.
In this case, which one is the biggest risk?
A. Audit risk
B. Detection risk
C. Inherent risk
D. Control risk - ANSWERC. Inherent risk
An information system auditor who is conducting an application development review
is attending a meeting of the development team.
CISA Exam Questions With Verified
Solutions!!
Information system auditors have identified separation of duties in enterprise
resource planning (ERP) systems.
Which of the following is the best way to prevent repetitive configuration from
occurring?
A. Use a role-based model to grant user access
B. Regularly monitor access rights
C. Correcting separation of duties
D. Reference standard user access matrix - ANSWERA. Use a role-based model to
grant user access
Which of the following should be the most important factor driving a single
application availability requirement when developing a disaster recovery plan?
A. Confidentiality of data processed by the application
B. The criticality of the business processes supported by the application
C. Total cost of ownership (TCO) of the application
D. Support the application's network bandwidth - ANSWERB. The criticality of the
business processes supported by the application
In order to develop a robust data security program, the first step you should take is:
A. Talk to the senior management level of IT.
B. Implement monitoring controls.
C. Implement data loss prevention measures
D. Perform inventory of assets - ANSWERD. Perform inventory of assets
he advantage of object-oriented system development is that it:
A. Suitable for data with complex relationships
B. Partition the system as a client server architecture
C. Easier to program than procedural languages
D. Reduce system documentation requirements - ANSWERA. Suitable for data with
complex relationships
The company's operational procedures require urgent changes to be approved for
business within 7 days of the occurrence. The Information Systems Auditor indicates
that the manager verifies process compliance by performing a monthly review via
uncompleted urgent change.
In this case, which one is the biggest risk?
A. Audit risk
B. Detection risk
C. Inherent risk
D. Control risk - ANSWERC. Inherent risk
An information system auditor who is conducting an application development review
is attending a meeting of the development team.
