CISA 試験問題を無料オンラインアクセス

Which of the following would BEST help to ensure that potential security issues are considered by the development team as part of incremental changes to agile-developed software?

• A.Assign the security risk analysis to a specially trained member of the project management office.
• B.Include a mandatory step to analyze the security impact when making changes.
• C.Deploy changes in a controlled environment and observe for security defects.
• D.Mandate that the change analyses are documented in a standard format.

Which of the following is the MOST important action when populating a project risk register?

• A.Assigning risk ownership for identified risk
• B.Identifying the risk scoring criteria
• C.Creating risk action plans
• D.Conducting process walk-throughs

With regard to resilience, which of the following is the GREATEST risk to an organization that has implemented a new critical system?

• A.A business impact analysis (BIA) has not been performed
• B.The process owner has not signed off on user acceptance testing (UAT)
• C.Business data is not sanitized in the development environment
• D.There is no plan for monitoring system downtime

An organization ' s payroll department recently implemented a new Software as a Service (SaaS) tool for payment processing. Which of the following audits is MOST appropriate for an IS auditor to validate that the new tool is configured as expected to meet performance requirements?

• A.Administrative audit
• B.Functional audit
• C.Compliance audit
• D.Financial audit

Which of the following is an IS auditor's MOST important step in a privacy audit?

• A.Determine whether privacy training is being conducted for employees.
• B.Analyze all stages of the personally identifiable information (PII) data life cycle to identify potential risks.
• C.Review third-party agreements for adequate personally identifiable information (PII) protection measures.
• D.Assess the controls in place for data management.