FREE Certified Information Systems Auditor Questions and Answers

Question 1

An IS auditor notices that a corporation has contracted out software development to a startup company as a third party. Which of the following should the IS auditor advise the firm to implement in order to protect the investment they have made in software?

Accepted Answer

There should be a source code escrow agreement in place.

Answer

A source code escrow agreement is primarily advised to assist safeguard the enterprise's investment in software because the source code will be accessible through a reliable third party and can be retrieved in the event that the start-up vendor goes out of business.

Question 2

A data center's physical security controls are being examined by an IS auditor, who finds various cause for concern. Which one of the following is the MOST crucial?

Accepted Answer

The emergency exit door is blocked.

Answer

The obstruction of the emergency escape is the most significant issue because life safety is always the top priority.

Question 3

The BEST method for determining an enterprise's risk appetite is:

Accepted Answer

the steering committee

Answer

Due to the fact that the steering committee includes senior management in its membership, it is ideally suited to ascertain the enterprise's risk appetite.

Question 4

The activities that should be chosen for determining an earlier project completion time, which is to be gained by paying a premium for early completion, are those that:

Accepted Answer

that have zero slack time

Answer

To achieve an earlier project completion time by paying a premium, activities on the critical path should be targeted. These are the activities with zero slack time, meaning any delay in them will directly delay the entire project. Accelerating activities with slack time would not shorten the overall project duration, making them inefficient for 'crashing' a project.

Question 5

An IS auditor is tasked with auditing a software development project that is more than 80% finished but has already gone over budget by 25% and by 10% in terms of time. What should the IS auditor do out of the following?

Accepted Answer

Review the conduct of the project and the business case.

Answer

When a project is significantly over budget and behind schedule, the IS auditor's primary role is to investigate the underlying causes. This involves reviewing the project's execution and management practices (conduct) and re-evaluating the original justification and expected benefits (business case). This comprehensive review helps identify root problems and provides actionable insights for corrective measures, rather than just stating a problem or recommending personnel changes without a full understanding.

CISA - Certified Information Systems Auditor Practice Test

CISA - Certified Information Systems Auditor Practice Test

FREE Certified Information Systems Auditor Questions and Answers