CISA—Certified Information Systems Auditor - Part 381

1. An IS auditor is reviewing the results of a business process improvement project. Which of the following should be performed FIRST?

A) Evaluate control gaps between the old and the new processes.
B) Develop compensating controls.
C) Document the impact of control weaknesses in the process.
D) Ensure that lessons learned during the change process are documented.



2. Which of the following controls can BEST detect accidental corruption during transmission of data across a network?

A) Sequence checking
B) Parity checking
C) Symmetric encryption
D) Check digit verification



3. An IS auditor is asked to identify risk within an organization's software development project. The project manager tells the auditor that an agile development methodology is being used to minimize the lengthy development process. Which of the following would be of GREATEST concern to the auditor?

A) Each team does its own testing.
B) The needed work has not yet been fully identified.
C) Some of the developers have not attended recent training.
D) Elements of the project have not been documented.



4. Which of the following must be in place before an IS auditor initiates audit follow-up activities?

A) A heat map with the gaps and recommendations displayed in terms of risk
B) A management response in the final report with a committed implementation date
C) Supporting evidence for the gaps and recommendations mentioned in the audit report
D) Available resources for the activities included in the action plan



5. To maintain the confidentiality of information moved between office and home on removable media, which of the following is the MOST effective control?

A) Mandatory file passwords
B) Security awareness training
C) Digitally signed media
D) Data encryption