CISA—Certified Information Systems Auditor - Part 373

1. Which of the following controls BEST ensures appropriate segregation of duties within an accounts payable department?

A) Ensuring that audit trails exist for transactions
B) Restricting access to update programs to accounts payable staff only
C) Restricting program functionality according to user security profiles
D) Including the creator's user ID as a field in every transaction record created



2. When reviewing the process by which a contract for the outsourcing of various IT functions was completed, an IS auditor would ensure that the successful contractor:

A) has eliminated the risks of outsourcing.
B) maintains an internal audit function.
C) requires a confidentiality agreement to be signed by all employees.
D) was selected according to established business criteria.



3. Which of the following would be the PRIMARY benefit of replacing physical keys with an electronic entry system for a data center?

A) Creates an audit trail
B) Enables data mining
C) Ensures compliance
D) Reduces cost



4. Which of the following is the BEST way to determine if IT is delivering value to the business?

A) Distribute surveys to various end users of IT services.
B) Interview key IT managers and service providers.
C) Review IT service level agreement (SLA) metrics.
D) Analyze downtime frequency and duration.



5. Following an IS audit recommendation, all Telnet and File Transfer Protocol (FTP) connections have been replaced by Secure Socket Shell (SSH) and Secure FileTransfer Protocol (SFTP). Which risk treatment approach has the organization adopted?

A) Acceptance
B) Mitigation
C) Avoidance
D) Transfer