Online Access Free ISACA.CISA.v2025-06-11.q606 Practice Test (Page 28)

CISA Exam Question 131

Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?

A.The IS auditor provided consulting advice concerning application system best practices.

B.The IS auditor participated as a member of the application system project team, but did not have operational responsibilities.

C.The IS auditor designed an embedded audit module exclusively for auditing the application system.

D.The IS auditor implemented a specific control during the development of the application system.

CISA Exam Question 132

Which of the following is the MAIN risk associated with adding a new system functionality during the development phase without following a project change management process?

A.The project may fail to meet the established deadline.

B.The project may go over budget.

C.The new functionality may not meet requirements.

D.The added functionality has not been documented.

CISA Exam Question 133

Which of the following concerns is MOST effectively addressed by implementing an IT framework for alignment between IT and business objectives?

A.Inaccurate business impact analysis (BIA)

B.Inadequate IT change management practices

C.Lack of a benchmark analysis

D.Inadequate IT portfolio management

Correct Answer: D

An IT framework for alignment between IT and business objectives is a set of principles, guidelines, and practices that help an organization to ensure that its IT investments support its strategic goals, deliver value, manage risks, and optimize resources. One of the benefits of implementing such a framework is that it enables an effective IT portfolio management, which is the process of selecting, prioritizing, monitoring, and evaluating the IT projects and services that comprise the IT portfolio. An IT portfolio is a collection of IT assets, such as applications, infrastructure, data, and capabilities, that are aligned with the business needs and objectives. An IT portfolio management helps an organization to achieve the following outcomes:
* Align the IT portfolio with the business strategy and vision
* Balance the IT portfolio among different types of investments, such as innovation, growth, maintenance, and compliance
* Optimize the IT portfolio performance, value, and risk
* Enhance the IT portfolio decision-making and governance
* Improve the IT portfolio communication and transparency
Therefore, an inadequate IT portfolio management is a major concern that can be addressed by implementing an IT framework for alignment between IT and business objectives. An inadequate IT portfolio management can result in the following issues:
* Misalignment of the IT portfolio with the business needs and expectations
* Imbalance of the IT portfolio among competing demands and priorities
* Suboptimal use of the IT resources and capabilities
* Lack of visibility and accountability of the IT portfolio outcomes and impacts
* Poor communication and collaboration among the IT portfolio stakeholders The other possible options are:
* Inaccurate business impact analysis (BIA): A BIA is a process of identifying and assessing the potential effects of a disruption or disaster on the critical business functions and processes. A BIA helps an organization to determine the recovery priorities, objectives, and strategies for its business continuity plan. A BIA is not directly related to an IT framework for alignment between IT and business objectives, although it may use some inputs from the IT portfolio management. Therefore, an inaccurate BIA is not a concern that can be effectively addressed by implementing an IT framework for alignment between IT and business objectives.
* Inadequate IT change management practices: IT change management is a process of controlling and managing the changes to the IT environment, such as hardware, software, configuration, or documentation. IT change management helps an organization to minimize the risks and disruptions caused by the changes, ensure the quality and consistency of the changes, and align the changes with the business requirements. IT change management is not directly related to an IT framework for alignment between IT and business objectives, although it may support some aspects of the IT portfolio management. Therefore, inadequate IT change management practices are not a concern that can be effectively addressed by implementing an IT framework for alignment between IT and business objectives.
* Lack of a benchmark analysis: A benchmark analysis is a process of comparing an organization's performance, processes, or practices with those of other organizations or industry standards. A benchmark analysis helps an organization to identify its strengths and weaknesses, set realistic goals and targets, and implement best practices for improvement. A benchmark analysis is not directly related to an IT framework for alignment between IT and business objectives, although it may provide some insights for the IT portfolio management. Therefore, lack of a benchmark analysis is not a concern that can be effectively addressed by implementing an IT framework for alignment between IT and business objectives. References: 1: What is Portfolio Management? | Smartsheet 2: What Is Portfolio Management? - Definition from Techopedia 3: What Is Project Portfolio Management (PPM)? | ProjectManager.com 4: What Is Business Impact Analysis? | Smartsheet 5: What Is Change Management? - Definition from Techopedia 6: Benchmarking - Wikipedia

CISA Exam Question 134

During a closing meeting, the IT manager disagrees with a valid audit finding presented by the IS auditor and requests the finding be excluded from the final report. Which of the following is the auditor's BEST course of action?

A.Remove the finding from the report and continue presenting the remaining findings.

B.Provide the evidence which supports the finding and keep the finding in the report.

C.Request that the IT manager be removed from the remaining meetings and future audits.

D.Modify the finding to include the IT manager's comments and inform the audit manager of the changes.

CISA Exam Question 135

A mission-critical application utilizes a one-node database server. On multiple occasions, the database service has been stopped to perform routine patching, causing application outages. Which of the following should be the IS auditor's GREATEST concern?

A.A large number of scheduled database changes

B.Revenue lost due to application outages

C.Patching performed by the vendor

D.The presence of a single point of failure

Other Version: 5812ISACA.CISA.v2025-06-20.q647; 2259ISACA.CISA.v2023-03-04.q272; 2353ISACA.CISA.v2022-10-31.q203; 2452ISACA.CISA.v2022-03-29.q126; 123ISACA.Examprepaway.CISA.v2022-02-10.by.barret.126q.pdf; 8614ISACA.CISA.v2021-11-29.q567; 36ISACA.Actualvce.CISA.v2021-08-31.by.ralap.101q.pdf

Latest Upload: 306ISACA.CGEIT.v2025-09-19.q537; 155Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62; 156Scrum.SAFe-Practitioner.v2025-09-18.q63; 146Workday.Workday-Prism-Analytics.v2025-09-17.q17; 131Oracle.1Z0-1055-24.v2025-09-17.q28; 129Oracle.1Z1-182.v2025-09-17.q32; 246Nutanix.NCP-US-6.5.v2025-09-16.q73; 266Oracle.1z0-071.v2025-09-16.q232; 203Oracle.1Z1-922.v2025-09-16.q125; 326CyberArk.PAM-CDE-RECERT.v2025-09-15.q100

CISA Exam Question 131

CISA Exam Question 132

CISA Exam Question 133

CISA Exam Question 134

CISA Exam Question 135

Download PDF File