CISA—Certified Information Systems Auditor - Part 375

1. A recent audit identified duplicate software licenses and technologies. Which of the following would be MOST helpful to prevent this type of duplication in the future?

A) Centralizing IT procurement and approval practices
B) Updating IT procurement policies and procedures
C) Conducting periodic inventory reviews
D) Establishing a project management office



2. An IS auditor finds multiple situations where the help desk resolved security incidents without notifying IT security as required by policy. Which of the following is the BEST audit recommendation?

A) Display the incident response hotline in common areas.
B) Have IT security review problem management policy.
C) Reinforce the incident escalation process.
D) Redesign the help desk reporting process.



3. After threats to a data center are identified, an IS auditor would expect management to FIRST:

A) recommend required actions to executive management.
B) discuss risk management practices with neighboring firms.
C) implement procedures to address all identified threats.
D) establish and quantify the potential effects if each threat occurs.



4. During a review of information security procedures for disabling user accounts, an IS auditor discovers that IT is only disabling network access for terminated employees. IT management maintains if terminated users cannot access the network, they will not be able to access any applications. Which of the following is the GREATEST risk associated with application access?

A) Unauthorized access to data
B) Inability to access data
C) Lack of segregation of duties
D) Loss of non-repudiation



5. Adopting a service-oriented architecture would MOST likely:

A) inhibit integration with legacy systems.
B) compromise application software security.
C) facilitate connectivity between partners.
D) streamline all internal processes.