FREE Certified Information Systems Auditor Questions and Answers
An IS auditor notices that a corporation has contracted out software development to a startup company as a third party. Which of the following should the IS auditor advise the firm to implement in order to protect the investment they have made in software?
A source code escrow agreement is primarily advised to assist safeguard the enterprise's investment in software because the source code will be accessible through a reliable third party and can be retrieved in the event that the start-up vendor goes out of business.
The BEST method for determining an enterprise's risk appetite is:
Due to the fact that the steering committee includes senior management in its membership, it is ideally suited to ascertain the enterprise's risk appetite.
The activities that should be chosen for determining an earlier project completion time, which is to be gained by paying a premium for early completion, are those that:
The activity time of a crucial path is longer than that of any other path in the network. This route is crucial because, if everything goes according to plan, its length provides the project's quickest completion time. Activities that are on the critical route are at risk of crashing (i.e., for reduction in their time by payment of a premium for early completion). Activities with zero slack time are on a crucial path, and vice versa, activities on a critical path have zero slack time. A curve representing overall project expenditures vs time can be generated by gradually relaxing operations along a critical path.
Which of the following would BEST guarantee that a wide area network (WAN) is continuously operational throughout the organization?
Due to the possibility of automatic message rerouting, alternative routing would guarantee that the network would function even in the event of a communication device malfunction or a broken link.
A data center's physical security controls are being examined by an IS auditor, who finds various cause for concern. Which one of the following is the MOST crucial?
The obstruction of the emergency escape is the most significant issue because life safety is always the top priority.
The original code was later restored when a malicious programmer changed a production software to alter data. Which of the following would be able to catch the malicious activity the BEST?
The only trail that could lead to details about the illegal activity in the production library is a review of system log files.
An IS auditor is tasked with auditing a software development project that is more than 80% finished but has already gone over budget by 25% and by 10% in terms of time. What should the IS auditor do out of the following?
An IS auditor must comprehend the project and the causes that led to it going over budget and behind time before making any recommendations.