An IS auditor finds that the process for removing access for terminated employees is not documented What is the MOST significant risk from this observation?
Correct Answer: D
The most significant risk from this observation is that access rights may not be removed in a timely manner. If the process for removing access for terminated employees is not documented, there is no clear guidance or accountability for who, how, when, and what actions should be taken to revoke the access rights of the employees who leave the organization. This could result in delays, inconsistencies, or omissions in removing access rights, which could allow terminated employees to retain unauthorized access to the organization's systems and data. This could compromise the security, confidentiality, integrity, and availability of the information assets. References: * CISA Review Manual (Digital Version) * CISA Questions, Answers & Explanations Database
CISA Exam Question 152
An IS auditor wants to gain a better understanding of an organization's selected IT operating system software. Which of the following would be MOST helpful to review?
Correct Answer: C
CISA Exam Question 153
When auditing the security architecture of an online application, an IS auditor should FIRST review the:
Correct Answer: D
The security architecture of an online application is a design that describes how various security components and controls are integrated and configured to protect the application from internal and external threats. When auditing the security architecture of an online application, an IS auditor should first review the location of the firewall within the network, as this determines how effectively the firewall can filter and monitor the traffic between different network segments and zones. The firewall standards, configuration, and firmware version are also important aspects to review, but they are secondary to the location of the firewall.
CISA Exam Question 154
When reviewing an IT strategic plan, the GREATEST concern would be that
Correct Answer: B
The greatest concern when reviewing an IT strategic plan is B. The plan does not support relevant organizational goals. This is because an IT strategic plan should align and integrate the IT goals and objectives with the organization's overall strategy and vision, and ensure that IT supports and enables the business processes and functions1. If the IT strategic plan does not support relevant organizational goals, it may lead to: Suboptimal or negative outcomes and value for the organization, as IT investments and initiatives may not align with the organization's priorities, needs, or expectations1. Conflicts or inconsistencies between IT and business functions, as IT may not deliver the expected level of service, quality, or performance2. Wasted or inefficient use of resources, as IT may spend time, money, or effort on projects or activities that are not relevant or beneficial for the organization2.
CISA Exam Question 155
Which of the following is the BEST testing approach to facilitate rapid identification of application interface errors?
Correct Answer: C
The best testing approach to facilitate rapid identification of application interface errors is automated testing. Automated testing is the use of software tools or scripts to execute predefined test cases, compare expected and actual outcomes, and report any discrepancies. Automated testing can help to speed up the testing process, increase test coverage, reduce human errors, and improve test accuracy and consistency. Automated testing can also help to detect interface errors that may occur due to incompatible data formats, communication protocols, or system configurations. References: * CISA Review Manual (Digital Version), Chapter 3, Section 3.3.11 * CISA Online Review Course, Domain 2, Module 2, Lesson 1
