CISA—Certified Information Systems Auditor - Part 378

1. Which of the following is the MOST significant risk when an application uses individual end user accounts to access the underlying database?

A) User accounts may remain active after a termination.
B) Multiple connects to the database are used and slow the process.
C) Application may not capture a complete audit trail.
D) Users may be able to circumvent application controls.



2. An IS auditor is assessing the results of an organization's post-implementation review of a newly developed information system. Which of the following should be the auditor's MAIN focus?

A) The procurement contract has been closed.
B) Lessons learned have been identified.
C) The disaster recovery plan has been updated.
D) Benefits realization analysis has been completed.



3. Which of the following is the MOST effective way to maintain network integrity when using mobile devices?

A) Perform network reviews.
B) Implement network access control.
C) Implement outbound firewall rules.
D) Review access control lists.



4. Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?

A) Business plans
B) Business processes
C) IT strategic plans
D) Portfolio management



5. During a follow-up audit, an IS auditor discovers that a recommendation has not been implemented. However, the auditee has implemented a manual workaround that addresses the identified risk, through far less efficiency than the recommended action would. Which of the following would be the auditor's BEST course of action?

A) Notify management that the risk has been addressed and take no further action.
B) Escalate the remaining issue for further discussion and resolution.
C) Note that the risk has been addressed and notify management of the inefficiency.
D) Insist to management that the original recommendation be implemented.