CISA—Certified Information Systems Auditor - Part 383

1. What is the MOST difficult aspect of access control in a multiplatform, multiple-site client/server environment?

A) Creating new user IDs valid only on a few hosts
B) Maintaining consistency throughout all platforms
C) Restricting a local user to necessary resources on a local platform
D) Restricting a local user to necessary resources on the host server



2. Which of the following cloud deployment models would BEST meet the needs of a startup software development organization with limited initial capital?

A) Private
B) Public
C) Community
D) Hybrid



3. An IS auditor is reviewing documentation of application systems change control and identifies several patches that were not tested before being put into production. Which of the following is the MOST significant risk from this situation?

A) Developer access to production
B) Lack of system integrity
C) Outdated system documentation
D) Loss of application support



4. Which of the following would BEST help ensure information security is effective following the outsourcing of network operations?

A) Test security controls periodically.
B) Review security key performance indicators (KPIs).
C) Establish security service level agreements (SLAs).
D) Appoint a security service delivery monitoring manager.



5. As part of a mergers and acquisitions activity, an acquiring organization wants to consolidate data and system from the organization being acquired into existing systems. To ensure the data is relevant, the acquiring organization should:

A) obtain data quality software.
B) define data quality requirements based on business needs.
C) automate the process of data collection and cleaning.
D) implement a data warehouse solution.