Isaca Certified Information Systems Auditor CISA Exam Questions

Answer : A

Answer : B

Answer : D

Post-implementation testing is the process of verifying and validating the functionality, performance, and security of a system after it has been deployed to the production environment1. Post-implementation testing is important for ensuring that the system meets the user requirements and expectations, as well as the operational and business objectives.Post-implementation testing also helps to identify and resolve any defects, errors, or issues that may have occurred during the deployment process or that may have been missed during the previous testing stages2.

Therefore, the observation that post-implementation testing is not conducted for all system releases should be of greatest concern to an IS auditor performing an audit of change and release management controls for a new complex system developed by a small in-house IT team. This observation indicates that the system may have quality, reliability, or security problems that could affect the user satisfaction, system performance, or data integrity. This observation also suggests that the change and release management controls are not adequate or effective, as they do not ensure that all system releases are properly tested and validated before and after deployment.

Option A is not correct because access to change testing strategy and results is not restricted to staff outside the IT team is not a major concern for an IS auditor. While it is good practice to limit access to sensitive or confidential information, such as test data or test cases, to authorized personnel only, access to change testing strategy and results may not pose a significant risk to the system or the organization. Moreover, access to change testing strategy and results may be beneficial for some stakeholders outside the IT team, such as business users, project managers, or auditors, who may need to review or evaluate the testing process or outcomes.

Option B is not correct because some user acceptance testing (UAT) was completed by members of the IT team is not a major concern for an IS auditor.User acceptance testing is the process of verifying and validating that the system meets the user requirements and expectations by involving actual or representative users in the testing process3. While it is preferable to have independent and unbiased users perform UAT, it may not be feasible or practical for some organizations, especially those with small or limited resources. Therefore, some UAT may be completed by members of the IT team, as long as they have sufficient knowledge and experience of the user needs and expectations, and as long as they follow the UAT plan and criteria.

Option C is not correct because IT administrators have access to the production and development environment is not a major concern for an IS auditor.IT administrators are responsible for managing and maintaining the IT infrastructure, including the production and development environments4. Therefore, it is reasonable and necessary for them to have access to both environments, as long as they follow the appropriate policies and procedures for accessing, using, and securing them. Moreover, IT administrators may need to perform tasks such as backup, restore, patching, or troubleshooting in both environments.

What Is Post Implementation Testing?1

Post Implementation Review (PIR) - Definition & Process2

User Acceptance Testing (UAT): Definition & Examples3

What Is an IT Administrator?Definition & Examples4

Answer : D

The most important part of a feasibility study is the economics1.A cost-benefit analysis of available products is crucial as it helps to understand the economic viability of the project1.It compares the costs of the project with the benefits it is expected to deliver, which is essential for making informed decisions1. Omitting this could lead to investments in hardware that may not provide the expected returns or meet the organization's needs.

The Components of a Feasibility Study - ProjectEngineer

Answer : A

Comprehensive and Detailed Step-by-Step

Forensic investigations require unaltered digital evidenceto be admissible in court.Write-protectionensures that the original data remains intact.

Option A (Correct):Write-protecting mediapreventsaccidental or malicious changesto evidence, ensuring its integrity.

Option B (Incorrect):Creating a digital imageis useful, but if the original evidence is modified, the integrity is lost.

Option C (Incorrect):Hash valueshelp detect changes but donot preventthem.

Option D (Incorrect):Chain of custodyensures accountability but doesnot physically protect the evidence.

Answer : A

A data loss prevention (DLP) tool implemented in monitor mode only observes and logs potential data leakage but does not actively prevent it. This leaves the organization vulnerable to data breaches, making it the most critical concern in a pre-implementation review.

Crawlers for Sensitive Data (Option B):While crawlers may pose a performance impact, they are essential for discovering sensitive data.

Deep Packet Inspection (Option C):Though it introduces privacy considerations, it is a standard DLP functionality for inspecting data in transit.

Encryption Key Management (Option D):While important for security, improper management does not immediately prevent DLP functionality.

Answer : A

A firewall is a device or software that monitors and controls the incoming and outgoing network traffic based on predefined rules. A firewall can help protect an organization's network and information systems from unauthorized or malicious access, by filtering or blocking unwanted or harmful packets. The most important thing for an IS auditor to verify when evaluating an organization's firewall is that the logs are being collected in a separate protected host. Logs are records of events or activities that occur on a system or network, such as connections, requests, responses, errors, and alerts. Logs can provide valuable information for auditing, monitoring, troubleshooting, and investigating security incidents. However, logs can also be tampered with, deleted, or corrupted by attackers or insiders who want to hide their tracks or evidence of their actions. Therefore, it is essential that logs are stored in a separate host that is isolated and secured from the network and the firewall itself, to prevent unauthorized access or modification of the logs. Automated alerts are being sent when a risk is detected is a good practice for enhancing the security and efficiency of a firewall, but it is not the most important thing for an IS auditor to verify, as alerts may not always be accurate, timely, or actionable. Insider attacks are being controlled is a desirable outcome for a firewall, but it is not the most important thing for an IS auditor to verify, as insider attacks may involve other factors or methods that bypass or compromise the firewall, such as social engineering, credential theft, or physical access. Access to configuration files is restricted is a critical control for ensuring the security and integrity of a firewall, but it is not the most important thing for an IS auditor to verify, as configuration files may not reflect the actual state or performance of the firewall.