FREE Certified Information Systems Auditor Questions and Answers

Question 1

An IS auditor notices that a corporation has contracted out software development to a startup company as a third party.
Which of the following should the IS auditor advise the firm to implement in order to protect the investment they have made in software?

Accepted Answer

There should be a source code escrow agreement in place.

Answer

A high penalty clause should be included in the contract.

Answer

Due diligence should be performed on the software vendor.

Answer

A quarterly audit of the vendor facilities should be performed.

Question 2

A data center's physical security controls are being examined by an IS auditor, who finds various cause for concern. Which one of the following is the MOST crucial?

Accepted Answer

The emergency exit door is blocked.

Answer

There are no security cameras inside the data center.

Answer

The emergency power off button cover is missing.

Answer

Scheduled maintenance of the fire suppression system was not performed.

Question 3

The BEST method for determining an enterprise's risk appetite is:

Accepted Answer

the steering committee

Answer

the chief legal officer

Answer

security management

Answer

the audit committee

Question 4

The activities that should be chosen for determining an earlier project completion time, which is to be gained by paying a premium for early completion, are those that:

Accepted Answer

that have zero slack time

Answer

whose sum of slack time is the shortest

Answer

whose sum of activity time is the shortest

Answer

that give the longest possible completion time

Question 5

An IS auditor is tasked with auditing a software development project that is more than 80% finished but has already gone over budget by 25% and by 10% in terms of time. What should the IS auditor do out of the following?

Accepted Answer

Review the conduct of the project and the business case.

Answer

Review the IT governance structure.

Answer

Report that the organization does not have effective project management.

Answer

Recommend the project manager be changed.

Question 6

The original code was later restored when a malicious programmer changed a production software to alter data. Which of the following would be able to catch the malicious activity the BEST?

Accepted Answer

Reviewing system log files

Answer

Comparing object code

Answer

Comparing source code

Answer

Reviewing executable and source code integrity

Question 7

Which of the following would BEST guarantee that a wide area network (WAN) is continuously operational throughout the organization?

Accepted Answer

Built-in alternative routing

Answer

Complete full system backup daily

Answer

A duplicate machine alongside each server

Answer

A repair contract with a service provider