CISA Review Question Answers R Explanations Manual 12" Edition eg Gere rman ah CISA sy rari}‘About ISACA. Rarer Sotn year ISACA® (ison) ta loa saciaton pe nv andeneprses ache the poste Prenat of tecvlogy. Toy weld pomered hy ecg, and ISACA equips roses with the weg, eescntaly edicts ta community fo chance tse cee an ansorm the oanizabons pong thse cei ISaCA avant an aides nse cic sls an edge ough he pally ested Ceri nfrmaton ‘Shatin Aa (CISA) Corie Rise and lnfrmaton Syston Como™ (CRISC™, Ceri Informe ‘ay Managers (C1SM®) an Cried inthe Govemanee of Ener I (COETT) credentials ISAC leverages the experts of 8 half milion eng professions nfrmaton and erect, rte, Shure at ination, 3 wl a seers pearance subsidy, CMMI tit, 0 ep adres imation through ecbmiogy ISACA has a besence ve ht ISCO, incall ne than 215 chapters Wowie and tics bth she Ute Stes ad Chin, ISACA Tas designed and crested CISH* Review Ques, dave & Explanations Manual 12 Eon pinay aan cational spree toast india prepring W be te CISA eration exam was pred independ from the CTSA exam and he C1 Coricaon Cries, wich has had no esponsibility forts enc Copies af texans are ot released 0 he nica were not me lable to ISACA fr pepatato ofthis publication ISACA, aks no rpresettons or waraies Whassever with regio hese or te ISACA publications assring antes rssge ofthe CISA eam {02019 ISACA. Al ight reserved. No prt ofthis pubiaon muy be wed cop epoluced, mode sib dsplayed sored in etc steam or transit in any fs by ay means leon, mecha hocopying ‘scr ore) witha! he pir wien suvzaton of ACA. Isaca 1700 Go Ron, Site 400 Schanrg IL 0173, USA Phone: #147540. 5508 Fe 18472531955 Contac ws ip hppa on, Wetsteswwrwcnca Parisipate nthe ISACA Online Forums: brps/engge sca oetineoeuns "ter: pier comTSACANEWs Linkedin pink ISACAOMTa acebook wa facta consiSACAHQ Instagram: wuinstagamcrvcanews! 198 9761-6020-7682 5 CCS" Review Question, Answers Explains Manual 12 Eon rtd in the Ue Sas of Anesca CCRISC i aden servie mark of ISACA. The mark haben apd oro rer in costo the Wo eee aPREFACE ISACA ileus to fer the 1.00 review ueton in the CS Review Qwest, Answers Explanations anal 12 Baton. The purpose oft malo prove te Cid Infomation Syste Aur (CTSA) cana with ‘sample questions alsin ope to help poate and tly Frshe CTSA ea "This al iacudes 100 mutipl-hoie study questions, answers and explanations, which ae ognized scoring to the newly rvned CISA jo practie dames These ques anor a expat tend to ntoaee CISA ‘andes th ype ction that may appro the CSA exam Thy a mo aca questions om he exam This ‘mul ako cola 10 queson snipe exam ich has thee prperon of Guin eae toca CISA job Practice dom he ctl xa The caidas ny watt obtain a cpy of he C184” Review Mon 27 Eaton, whish provi he foto knowledge of CISA." CISA Review Questions Answer & Explanations Datibse 12‘MonthSiernton cont ‘he sume qvestons Fut this mara na we-bwel aplcaen. Fale cnn ma la wat use he CISA (Online Review course cr CISA virtual ve extra tring forex preperation. ob practin study sere pidialy tense hat he CISA cenit cet aa lean. Father dts repaing the new jb racsice onthe "New eb Prati” stn in thi nea 'SACA crue ths piston as an eduational source at indvidnswho ae poping to ake th CSA ‘seam. Iw produced malep ely fom the CISA Cefcton Working Group, ih ena espns os ertet Copies of past ams ar not lea tothe public and re nol made unset candies ISACA rsh no representations or wares whatever egaring thse ce ter ISACA or HT Goverance Ise pubeatons sng Candies pase of fhe CISA ex 'SACA wishes you sues wih the CISA exam. Your cormminent to pursing he eating cect fo inrion syst (1) and asarance, seu at ono! pes exemplary. nid ISACA welcomes your commen and Suggestions onthe use nd cover of his mana compton ofthe exams, plese complete teenie eahation tha cortege o this publicaion enisuacormuvosentnaon) Your observations vl be naa nn ‘gests, ansyes and explains are pepe {isa Review Questing Arawers &Explontlons Mona 1 Eaton w "Bach alts eerACKNOWLEDGMENTS e Soa ACKNOWLEDGMENTS ‘hx CISA* Review Questions nowers & Explanations Manual 12 Edition ethers of the calsive efot ofmany volume. ISACA menbers lm Uroughout te we perce, geeroly fering tht tens and ‘aprine This inroatinal ear exhibed a spit a selflessness ht as come the bla f conkers to this ‘rule manual. Their paticpaon and isight ars uly pestOral NeW-cisA 108 PRACTICE NEW-CISA JOB PRACTICE aegining in 2019, th CeniedInfrmaton Systems Aur (CISA) exam ets the new CSA job practice, An intron jb price analysis conducted prolly to matin the valde CSA. cetiiation prorat ob rctie forms the bss ofthe CISA exam ‘The primary fous of ejb practice ion the caret asks fom ar the knowledge used by CISA. By sthering evidence of th euont wrk practice oF CISAs,ISACA ensues thatthe CISA program ontnis to mt he igh ‘ands for he ceri eaton of profesional topo the wold ‘The findings ofthe CSA jb pactice analysis ar caefly consid an deilyintiece the devsapment of ne test specications to ere that the CISA cx reise the most current best actos "hemo job practic reflects the aes of so obs teste nd is opt elo he previo tio he omg CISA job pce a wena. ober. Previous CISA Jab Practice ‘New CISA Job Practice Doman Te Pres f At Irfrnaon Systane (279) | Doma foto Syste Aug Process (273) Doman 2: Govemance nd Manager of (168) Domain 2: Gorerance and Maragement of (173) Doman 3: ifomaton ystems Acisiton Derdapmen’ and | Dnula 3: fomaton SysesAcqsion,Deveopment Imgemerttan TE) nd implemertation (23) Doman 4 flomaton tons Open, Martenace and | Domain 4: Ifemation Syste Operation nd Basins Sonice Margot (20%) Reslenee (234) Domain: Pretec ofnforation Rest (25%) Donan :rotecton of iomation Assets (278) eR ete Mave lens wana Eon vPage intentionally lft blank SeTABLE OF CONTENTS PREFACE. ACKNOW! SEMENTS. -. NEW—CISA JOM PRACTICE. : ivrropuction, OVERVIEW TYPES OF QUESTIONS ON THE CISA EXAM PRETEST QUESTIONS, ANSWERS AND EXPLANATIONS BY DOMAIN. [DOMAIN |--INFORMATION SYSTEM AUDITING PROCESS (219). DDOMAIN2- GOVERNANCE: AND MANAGEMENT OF TF (17%). DOMAIN 3 INFORMATION SYSTEMS ACQUISITION. DEVELOPAIENT AND IMPLEMENTATION (12%, DOMAIN 4-INFDRMATION SYSTEMS OPERATIONS AN) BUSINESS RESILIENCE (299), DOMAIN SPROTECTION OF INFORMATION ASSL1S 0). posttest, SAMPLE EXAM. SAMPLE EXAM ANSWER AND REFERENCE KEY, SAMPLE EXAM ANSWER SHEET (PRETEST) SAMPLE EXAM ANSWER SI EY osttesty, A Rv ausons avers & plats Maral Eon ‘TABLE OF CONTENTS a Es 467 5 “7Page intentionally left blank = “CISA Review Questions, Anowere & Explanations |er nrnopucTioN INTRODUCTION OVERVIEW “This man consis 1,000 ALAM, ct hpk-coie questions, answers and explanations. The questions ae mambered Questions Sorted by Domain ‘Quetens,answes and explanations are sre by the CISA jo practice dons. The CISA eamdate can rer to specific domain questions ocvlutecomprchensio ofthe tps dat are enced within eth rain. The ‘quetions are represenetive of CISA exam questions, log they ate cal cnn Hers The questions est he {CSA candidate nara the mater in the CIS Revi anel 2™ Edo adept the pe of questo Fonmat ipl Foundon the CISA exam, The nunber af questions anewers ad exlanstons proved ithe he oman scion this pubication provide the CISA cand wth he masinunmamber aay qestns, Sample Fa ‘sample ex of 15st so provi this an. Thi exam x erganizd according (the dea peveenages specitidin the CISA Job practie ahd wed onthe CISA eta Domain tnovaaton Siem Audie Proves 21 percent + Domain 2—Govermace ard Mangement of. 17 potent “Den 3—Infomaton Systems Acquisition, Deeiopmen ad mpmenition «12 percent {Doman ¢Inforiaton Sytcns Operation aa Busnes Resiicee 2s pocen + Daan $—Prtetion of Information Ast. Tat pereent ‘Candies are urge tase his sample exam and the ser shot provide ose an atl exam, Many andstes we this exam a pret to determine theses or meaknestes, ora a nal exe. The sample exam ser shoot provid fr both uses. fn ion a CISA sale cham answer and ference ey iincde Ut ‘toe reference the erm question 1 the questions in this publication, so ts convenient ee othe eapanatons (ofthe cotct answers. This publication i el to use with the C1SA* Review Mae 2>* Edit. he CISA* Reson Owasions. Answers & Explanations Manual 12 Eon wi developed to asst CISA cates instoying ar peeparng for the CISA exam As candidates we this publication oppure fr the xa they should ‘ot that covets a rca spectrum of I ula surance, contol al security ses Canis sould me mane {hat ending and woes trough the guest nthe man wl ly pat the or he ena, Bocuse nam ‘qestions en rl te picts experiences, CISA casas catoned wo yr totem experiences ad {eather pienso in the C784" Kew Mol 27 Elton. hes atonal erences te exelent Seurces of faker dete information and craton. recommended tht candies esate the jo pratce Choma in which hy fe weak oe require Tver wersting, and stay aceningy “This pbticaton uses snd American Engh, ‘TYPES OF QUESTIONS ON THE CISA EXAM (CISA exam questions we developed withthe inten of mesiring al esting practical knowlege al apn genera concepts and stars Questions are presente na auipe-cholc frm ad are designe To ane st ansmer The candids cationed ora cach question crfuly Many tines,» CISA exam gueston wil require he candle to choos the appropriate sve tht most kel tt or choowe x pace role ht Would Be peformed fs reltdto the ether anes. I vey esi, the ends esired to ved the question afl, ‘Smite known wong answer and then make the best chose pone: Kooi th hese peso questions te ‘sked and howto tay to ansver tho wil lp cats to dace hese types of questions caret. ‘SARs Seng Aor tin ana 7° een Pee ainrooucrion sue ach CISA question has. em custo) and fou options (answer choice) The cand is asked 0 choos the yestanuncr nm the opans Tesiem maybe in the frm of queton oe aemplte tenet In sme stances, Ssotario o desertion of a pbc maybe includ. These questions normally inclu adescrpion of itaton and reve the candidate o anger tw oF more questions based onthe informacion provide, When candats prepare forthe exam, they shold recnprize ht 1 ait aad conto i global profesional {nada perceptions and eapeinecs may not let the mre global postion orcicutance, Because the Xam AINICIA bunts te writ forthe international Stat and ental community a candate wil be requied to Shc Menibe wen res an sabi o cont! conn ht my Be contrary to candidate's expaiones I Should be ned that CISA exam questions ste writen by esperonod TS aut practitioners rom around the Wor tach uss the eka is evewe by ISACA CISA Tet Enbuncenet Susommite and CISA Ceriiation ‘Waring Group, which consist intraoral member. This gographeal epesenation ensures tht al ts questions tne undestood Squaly in cah cont) and anguags ‘Hua AEA Taio aml 2 Wig documents Av ooiosngy seine HAGA wal ws Tovefet such advance. Fath pds 10 di dacarent bof the dat oft exan cat be vowod at tendancy tdvaidpdates ‘Any suggestions enance the nari covered tin, oF referene mater, shoul be submit ontine ugportinaca on x ‘ISA Review Questions, Answers & planation Manan! 12° Eaton SS aeee.° PRETEST Ifyou wish to take a pretest to determine strengths and weaknesses, the Sample Exam begins on page 469 and the pretest answer sheet begins on page 493, You can score yout pretest with the Sample Exam Answer and Reference Key on page 491 ‘ISA Revien Questions Anewera& Explanations Mancal 12° EdieoPage intentionally left blank ‘ISA Reviow Gestion, Answers & Explanations Mancal 1° Elon@e= Down -romuaonssrem aun ROCESS QUESTIONS, ANSWERS & EXPLANATIONS BY DOMAIN DOMAIN 1—INFORMATION SYSTEM AUDITING PROCESS (21%) AAl-1 The iter ai parent wrote some serps that are wsed for continua uta of sme information systems. Te TT department asked fe copies the eri otha they can se them fr sting wp ‘ofinuustnontoring process on Key systems ne saving thee serps wh Tat he ai of Be 1S ‘ators to independ and objectively aot the fonction? [AL Sharing the scrips is ot permite because it nes the aby to re-ausytens nd anim sccun, compretensive ut 18 Sharing the scripts i eed becase IT must have the ability review ol pogtams at senate ‘hat a on 1 sats esas of sa independence, (Sharing the serps cpr IT rsopnzes that ais my ail be contd in areas not oven in the serps 1D. Staring the cits is not pent scans th Santos who wit the serps woul mat be permed to ad ay 1S Systm where the serps are Beng or monitoring. estan: i Av The ality of I to cosinsusy monitor and aes ny issues on Tsytems docs nat ae! he tliy of 1S aut perform a comprabense sat 1B Sharm the sorts maybe roe by policy for quality aesrane an configuration mangement tout tat doesnot mat the ability it {CIS anit cam si review all aspects ofthe systems. They may not be able rele the eee tveness of he Serpt,bat they ca il nuit the esters, An audio an IS rst encorpares maven ja the ontats covered in the seis |AL2-—Whichof te filing isthe BEST facto far dtm the reid extent of dt colton dering the nang pase of an IS compisce sit A Compesty ofthe nganiation’opeaion Finding and suc noted rom he pie yet C._Paros, objective and scope ofthe ait Adie’ aml withthe oganetion estate: {A Theaamplesiy ofthe enanizations operation fa fico inthe pening ofan a hut es nat ety aft the deerination of haw much data lec, The extent of cll fs sojet to th inten, scope an! purpose ofthe out B. Pre inings and bes ae ator in the plang of an abu ho ot stylet the lscrnination of hw much data ole. Data ms be lle out of ares of previous Tings © Theeatent Is relate directly the purpose, bjeive and seope of the aut. An adit with a narrow purpose and ined objective and scoped oat aly collection thaw an audit with ner porpose ope Statistical analysis may ale determine the extent of data calcio, such sy sample size trans of dats election .__Awatdtor’ fami withthe organization i Factor inthe planing fan ait bt does not hey afc the detrnnation of boa mich dts oll. The ut st Be bse slice ‘sidenee ofthe monorng of conte abd not andy nuencd by the alors fanaa with he ‘seanvaton {isa Revi Guesins Anewers& Explanations Manal 12° Fallon 7‘DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS. an ata [An IS autor developing ait plan fran enironmca tht ales new systems The organization's ‘managment wants ie 1S srr to Facer see plemented systems How should he I aioe reac? |A.- Auta now ystems a requested by management, Bult sytem sot included in at ear seeps C.__Doermine the highest systems and plan acon. 1. Auli both he syaans not east year Scope and the pew stems Cite corrctamever. estat erating the new stem docs an elec a rs-se appraich Although the stem can contin ‘Erste it ad ay reeson rik fdas ls rdclsuref the ganization, without ark ‘sesame the denon toy aut the ney inplemntd system fo rsk-baed decision 1s uating syste na in he peony mu dena efecto based proach In aton, snagemers may know about bic wih the ne yen and maybe etionaly {tying to soo te audit evay fom ta vulnerable area. Alough, ti, he neste may em to be the ski arco, am ansssment mst be condo rather han rying othe gmc ofthe 1S tude or muse (C.The best action iso conduc sk assessment and design the audit pan cover the areas of Iighest rs, SACA IS Andi and Assurance Standard 1202 (Risk Assessment in Planning), ‘ment 1203.1: "The IS audit an avarance fneton “preach and supporting methodelagy to develop the overall IS aut plan and determine rire forte elective allocation of I adit rexourecs™ , The ereation ofthe ant pln soul be partored in cooperation with mansgemert and based on ‘The IS bic should no arbre dese on what needs to be aad ‘An 1S ators evewing security controls fora ial web-nsed syste ior to implementation The ‘ents ofthe peetvin fest are nenclsive, sd th sul wil at be Ried pio w inplemestation {Which ofthe follows te BEST option fr te 1S autor” |A.Pubisha repr ass on the avilable informatio, highlighting he pots seerity weakness and the ejeemen ee fllon-up ait testing 18. Pubs rept omiting th areas where the evidence obtained rm testing was tconlaive {C._Requst dey ofthe implementation date wt etna scr testing can be complied and ‘rience of pyopit conta ca be obtained 1D. taf merges! ha abt work cannot De empl rae to implementation nd ecommend the the ait bs postpone ‘Aste correc anever ustieation: “Ah IS auditor cannot gain slicientatarance fra eral syst within the agreed time tame act shouldbe highlighted in the aut report and flle-xp testing should bescheduled br ater date. Managerent can then determine whether an of the potential ‘weaknesses beaied wore sigliicant enough t ly the ge-lve date for thex)tem, 1 Tisnot scope forthe IS ator o ignore ras af pots weakness because concisive tvidone souls he blaine within the agro wt tne fame, ISACA IS Att and Assurance Stn ae volo hee arene re ote om the aut por (¢._Entndng thes fre forthe ait and lying the give date uly wo be secptabl a hs ecnario where sytem ime since. Iman cae, dy the ove date mae Be te decison of business management, notte 1S ai 1a hs ono th Sate should pest bse manager wth all valle infrmaton by te ween date 1 Fare to obiansuicient evidenee i one part an ait engazercn doesnt jus cancelling oF esponing thea his volts the aac eieline ence dc profesional ear ‘CISA Review Questions, Answers & Explanations Manual 12 Eton Test atin areDOMAIN $~INFORMATION SYSTEM AUDITING PROCESS Which ofthe bifowing cons woul a IS autor look Fret envitenmet where dis canes fe snreopitely eprepel? A. Overaping cons Boudry coals cess cones 1 Compersting eons Date correct answer. asta arnt erlang contols ar two Gonos abessing the sae conto ebjctv or exposure. Bause rin cools canot be achived when dies cannot or ar ot appropri seBgate i {ict to stl relpping cones ‘Bounty controls esas he nef bstwse the would-be rer of compote system and he sytem elf and ae bv Based aot ole based cor (Guise het autor eqpss to find tas poron ha higher levels of access thane Hel. The TS Site wants to Find compensting cone to adress this Fisk ». i entrols that ae intended reduce the risk ofan extn, ay arise when dues cannot be appropriately segregate. |AL6 Which he following i the key bret of contol selFasesment? |A. Maragementsnetship of the incr consol sipprtng business objectives is reinforce 18 Aut apenas te edie when he aneent els are an inp to xtra a werk C.__ Frm etc is improved bss neal Bonen sal te caged in esting conto 1D. mera auditors ca shit wo comslaive aprcach by sing he result ofthe assent Ais the correct anser ustiication sre pe ete f contol ele asessmen (CS) 0 he business mangement Become more ane of theimportance of ternal control an he responsi aterm of corporat overance, 18 Rede aude espresso hey beri of CSA. Coe fut ect import bu ts portant a conta owmersbip I mt pina ectve of CSA. 1 Com my give mow insights 0 nema utr allowing thom to tke a more costae role Inomea ths an atonal Beet ot the key ene See ee eee eee eee ‘rs view Guestions Arawers @Eiplonations Mal 12° Eaton 3 See te ene,‘DOMAIN 1—INFORMATION SYSTEM AUDITING PROCESS Cds ‘Whats the PRIMARY requirments dts softwar tol shoul: ‘A. imerace with vais types ofeterprierxource planing software a dtabases 1B Sceurly capare dta om the ongntaionswystonswatoa exuing excessive pesrmance prblons caves audit hooks into the enatization’ inca systems supyrtconsinuous ating. 1. Recusomizale snd spec mkison of custom pogemming oa i vestigate analsis Be the correct anser. estat seer product mustintface withthe types oF tes sed by the onganiation an provide meaning it or anasis val the requirements that are sted as answer choices are desirable in sand ata mining parpees, the most eral requirement "yo the systems ofthe rani ‘¢.Thetol houldprably work on more han just Financia poms nl des not cosy ere implementation of audit hooks. 1p. Thetool shouldbe ste bt not neces casomizbl, should have bain tool fiware took thatthe oak -A long-term Temple with aston teil backerund and boa! managerial exericace has applied fora vac positon the I a department. Determining wether to hie thi aia for this poston sould be PRIMARILY based onthe indviea’s experience ant: [A tenth of servi, basse this wil lp ens techni ompsence. age Beane traning aut ecniqas maybe improtca. CT bnowtade, because this wil bing ented eet ode audit nto, 1 aly as an 18 wir 10 be ndepeent of existing I lationship she correct answer: justieation: AA Length of serie doot aot ensure echnical compet Evang an dvi’ quaietons based on thea ‘sill in macy pss ofthe work (CThe fc that he rpc has work in TT Fr many yar ny ot cose crs The 1S hai pant eds shoul be define, al any caso bs calted agaist those Teauirements 1. Independence shouldbe continually assessed by the actor and management. This ansesrmet sho consid” vec factors as changes in personal lationship, finan interests, sd pia Jb assignment and responsibilities ofthe individual ot a good exterion und SGclucnsennenbiliiconen ineamanianeaiaanasemaennenenseaenanasoak sn DOMAIN INFORMATION SYSTEM AUDITING PROCESS. ‘AL Forse bincss with large volume of ensations, which ofthe Following cult techniques isthe MOST appropiate For adleasing emerzing =i" A Use of computer assisted suit tehnigus B Quarry nak esesiments C_ Sampling of trarwaction oes Contin ai seen ting ivan tole sch as computer acid ai tchaigues to analyze tanscion dala eon ovide dtd analyse of tends ar potential ak, butt not fective a comnaous ating, hae here may bea tine dilercarilBetcenexcsting the softwar and aralyng the su. Quarry rk assesment may hea god ecnige Du mts responsie as cominaens ang 1b, The implementation of continous aut management through autonted reporting procenes Corrective atone more quicls ‘An 1S autor reviewing ace (0 a pplication o determine whoter ecenly eed acount wor rorprintely atria This an example of A. sari sumpting Bbsunive tng Comins testing DL soporgo sampling (Cin the correct anewer Justification ‘jo Nari sampling i so etimete aerial vlues sich a larvae 1D. Saosin ting ulate he inert fatal processing sich as balances on inca alcmants The developmen of sstunive tls fen dependent the otcore of orice Tet compliance stein that thre re gust intra coats, ten sibstantve es can te mina ©. Complance testing determines whether contrat are beng apple In compliance with plc This lisdes teste to determine whether new accounts ere appropriately anhorize 1. Stop-orgosimpling allows ett be stopp a ely a ensible an st appeopnite for hockirg wheter procedures have been followed ‘ISA Revlon Quvcions, AnewarsBExpnntons Manca! 1 Ellon 3 ‘aca Alea ereeDOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS. (odd ste “The decisions and atos ofan IS ato ne MOST Hkly tet which ofthe following types of sk? A. daheret B Decton © Contot D. Basins Sestieation seenlret ik ihe Fk that w material ero cou oom, here are no related intemal conto proven or dee he eco Inrent rl net usaly affected by an 1 ato. 1a, Detection risks rectly affected by the 1S audtors selection of anit procedares and echniqueeDecetion risks the risk that a reviem wil wot detect or nal a mater ¢. Cantl rok iste risk that «materi eer ox that would tbe prevented or tee on a Sith hs by ne systom of otra Como, Cont sk at esate by Hat ef Ue ‘rgniaton’s manager 1D. ines ik a probable situation wih uncertain fequeney Bosiess ek usally ox dtl aot by an Sato sgn of ks (or in. Which ofthe following is he MOST erica sep when pamsngan 1 ai? [AL Review ning: fom pio aus 1B. Excuarie mazes approval ft aac plan C._Review information wc pliis and pocehires Di Perform rik sessment (isthe correct aver. Jesineation: een Tpe findings ofa previous si a of intext othe ato, bt they ae not the moat xia step. The mos eal step ivoves ing the cae sues x his ores, ot even ths Tesla of eer ues A revi of istrsal aud Findings could niet thi management esulving the Hans or he rcommendation a natn 1, Eacctine manasmon is ot requrdto approve the aut plan. Iti pial apposed by the at Camm o bard of dices: Managerent ould esommend ares 10 ai (cReviowing inomnsion sscunty poles nd procedures i normaly be conde daring fickwar, ro planning 1b, full the tps ised, performing isk assessments the most critical. Risk assessments eaued by ACA Is Audit and Asarance Sandara 1202 (Risk Asessent In Fla engagements." In at he high-risk areas ofthe ade systems z {ISA Review Questions Answers & Eplanations Manual 12 Elonse DOMAIN 1~INFORWATION SYSTEM AUDITING PROCESS @= AL-A3-—_ An IS auiior is eviewing softwar pliestion hat sil onthe principe of Service arent rch, What nthe INITIAL oy [AL Undastaning services and thiallocation to snes aces ty reviewing the vie tepesitry secant. 'B,__Samling the we of service security tarda as eres bythe Sear Asertons Merkup Langage ©. Rewowing the service level arent elise fr all system provers Auda the cove service ane dependencies on the systems As the correct ansner. usta: [AL Alservice oriented architecture res onthe principles ofa distributed environment in which servies encapsulate busines loge ars blak bos and night be deliberately combined to depict "reab-sord business processes. Before eveing services in dtl is ene For the 1S suditar to comprehend the mapping of business processes to service 18 Saming the we of service secur stars as opened bythe Seti Asertons Markup ‘angeape isan essralfollow-p step to unerstanding services an halla Io Bsns But Fenothe ital son (©. Reviewing the servic eel agreement a eset follow-up sep to unending services ad tice lean o busines ba the ial sop. Aung te ewe servic anit dependencies With thers would most ely bea past ofthe au, but ie 1S ator must Fist gala an undrtincing of he baie processes an how the stems ‘Sippat thoe process ALLA An 8 audi conducting evew of software usage nd ces discovers hat namerous PCs contain ‘unuthorzt pftvare Which of the following scons should the I autre? ‘AL Delete al copies ofthe wrahvizod software 1 Reconmmond an automated process o moniter frcplance wih sofware licensing Repos thew of the unauthorised software an the nd fo potent ecu 1. Warmth end utr about the sk of ing gal software 1A” An ISaultor shold not ss the role ofthe fring officer and tke onary peson {nvohement in emoving the unauheiad soivae B. This ould dtet compliance with stare ceasing, However, an automate solution migh ma be the best option in al eases. C. Theme of unauthorized or ileal software shod be proibited by an orgeization, An 1S tar mas convince the wser and management ofthe risk andthe weed fe eine the sk. For esimpl, software pracy cam rel im exposure and severe fines. 1D. Aus mst report terial ndings to management fraction. Informing the users fish is ak the primary respossbiy of he IS ar “CSA Review Question, Answers & planation Nanaal Fallon Sen ae eee,coun ravemumonsrrnammncrmocss Ge ‘A ait cart shoul: ‘A. tedymamic and change comide withthe changing mature of technology andthe aut rosesion clearly sate at ebjecives for, and the delegation of aunt othe mamteance and review of ineral contol (¢. document he aut procedures designed to achieve the lant aut objectives online he over wthony, scape an espnsiiies ote aut unto, Dis the correct anser. estiieaton: ree The aut char should nol be subj fo changes in tetmagy and shuld ne significa change ver vime. The chr shoal be appoved athe highest eve of managment Anau carr stts the authoty an eporing egeements fo he at bat ol he dt of Cc. ‘Keauliccharte ino ats dts lee! and host, dos ot inl pie at objectives or procabucs 1b. Kn audit charter should tate managements objectives for and delegation of author 10 1 andor An IS audi is smal number of wser aos toques thal Were na aur by managers through the normal proefined worklow ips and escalation rls. The IS auditor shoul A. psform an slional analysis ‘port the problem to healt commie C.Gandact secur sk assent recommend thatthe ocr ofthe eaity management system fx he work low se ‘Ads the correct answer derstanding of the scope ofthe preblest shoul ety whether the se was ‘Caused by mangers na lloing procedures a prelcm with the wekflaw a the awomated Spaten oF «combination of the to The autor coos not yet hav enough information to report the problem, C. Changing the spe a the IS ait or conducting a secur risk sessment euies moe esd informaiton sou the process and violation being reviewed The autor mast fis dstermin the ont cane an impact ofthe Findings an dos ot hive Enough informaon fo recommend fixing the workllow snesCe Ai avis ne DOMAIN 1~INFORMATION SYSTEM AUOTTING PROCESS {Which ofthe lowing sampling methods MOST uss when esting for compliance? 1A. Atte smpting 2 Vorabiemping (C.Sttifed te per ani sampling ._Diferenoeertination sping vA teat sampling isthe primary srmpling method wid for compliance testing. Arete Sampling iw sampling mad! tha leased fo estimate the rte of ecarrence of specie qu ‘epilation an casein compliance esting to conirm whether the quality ean attrib sample ay check ll transactions ever a certain predefined per approvals. 18, Varabe sampling x bane ot the elelaton ofa mean fom a sample extrac fom teenie Poratacon ah sng hao estate he carter he ee pepn. Fo exam 8 ‘Spl of 10 sas hans an average pie of US Spe erm, For the ene population of 1.80 ‘ems the toa vale sextet be US 10,00. This sno a goa way to measure compliance swthaproces. c_Statifet cay sampling tpt 0 csi tat he etre population i reread in the sample “This snot an effective way to meme compliance .__Diffance etoton sampling examines measure devstions and extn tems and sno 00d vy to mmr compliance \Whea testing program change requests fra emt system an 1S aor inde hat the umber af anges ‘liable or sampling does nx provide a resonable level of sare, Wha ithe MOST appropri fetion fre auditor to ake? A. Devel an altemate esting procedire Repo the finding to management (C_Perform walkthrough ofthe change management proces 1B. Cecate ational mpl dato test inal changes. ‘sme comet ansmer. asia ‘A. Ia somplesize objective cannot be met with the given dat, the ‘ssuranesreperding the testing objective he estanee the 1S {dle management approval) a alternate esting procedure Theres not enuph evidence report the Finding a decency C.__-A'walthvough should not be nd uni an analyses performed confi tht his could provide the ered ssurance. 1 tnscnat appropriate fran IS attr crete sample dat fo the prpos ofthe audit ot provide tor should develop (i ‘ISA Reviow Questions Anevers& aponains Manus Eaton ‘Seen Atm enanny eeeeeneemnseadiidils _@s= any “Which ofthe ftlowirg stations could impair tn inperane of an 1S aor? The 1 ito |. jimplementd pei functionality during the Jewloment of an application. 1B devigned an embeded aadt module for satiog an apcaton, C_putipted a member of an aplication projet tam and da ot hve operational responsi. 1D. provided eonsulingulvceconceming application god pratics Independence may be fmpaired if a 1S auator i or hasbeen, atively Ivolved in the ‘development, acquisition and implementation ofthe application system. 18, Designing an enbdoénact module das not pair at 18 aor’ dependence © [Gmelin eboudd ao suit work that thay ave done bu js partcipating asx member of the ication syste project eam doesnot nai an TS aie’ epesece bb AniS anutors independence ot ipsa by proving advice oo knewa goo paces The PRIMARY adage of «contin st porch i ta it |A. des not eure an 1S euro cllect eden system ibility while procs is taking place 1, lows th aur 0 rviw an flow upon sa issues timely amr {C.__plce the esponsibility for enforcement a monitoring of contol onthe sserity depart lane of aa 1. Simplifies the ection an corsa of dats im mule and comple systems Bis the correct answer sustiteation ‘A Thecensinvous adi pps olen require un I abit colt evidence om sytem lity ie processing aking place. 18 Continuous ait allows audit a ‘ndings are plbered In near Fs Respnsibiiy for enforce and enntxing of cools primary the responsibility of Thea contmious audits nat based on he compleity cr mumber of syste being monitored sponse to audit isues in a hmely manner Because audit Which of the fllowirg would impair the independ of ay sssrce tai? 1A. Easting complance with development maa Checking the fot asumtins C.Conrsting cig ena rng the esting process 1. Chucking the oe o ensure proper documentation = "Enurng complince with development metho is valid quality asuance funtion (Cheking he es asurptns is. valid quality assurance fenton (Correction of de should not bea respons of the quality assurance team, because it would tot ensre segregation of dix und would ipa the team's dependence. 1, Chscking the cad ensure pope documentation is a aid quality assurance Function een cnrerareent seer rarou DOMAIN INFORMATION SYSTEM AUDITING PROCESS [A122 Inplaning an IS suit ths MOST cal sip ithe ieifcton ofthe A. areas of sigan isk BL hilt of te dt ta test sepe in be ait 1D time dt forthe aut Auth creer answer, determine the arent to be ated, 1 ‘Thesbl ets of the at tal shuld Rave ben conidred before desing nd sting the ut ‘whee the silsare agit. the organ zation shld easier ting exter rexources (© Teststeps for thea are not ascitic daring the salt planning pecor a rtiing he et 18, The ime alloted fran aus determine during the planning proces Bas om the rest We sued a pinay bse on the requirement or canducting an appropiate ai A123 The MOST effective aa practice w detmine wheter the operational eectveess of coe s ropey apie o easton renin A. conte design tating Bsbetntne ting Capes frelon documentation 1. perf et on ik prevention, Bie the correct answer estan [A Test of contol design asescs whether he conto srt o met specific conta object. It doesnot help dteine whether the ceiol operating tne, Among other methods, uch as ©. Conta documents may ot ays deste the acta prose nan ascnde nnn, Tele sins relying on document review have ited aera th orl operating a neds 1. Pevforming es sk prevention i considered compliance tating This ype of testing wel 0 deerme whether polices ar here, {ISA Review Questns Anowers& Explanations Manel 2 Eden Seon ghee‘DOMAIN 1—INFORMATION SYSTEM AUOTTING PROCESS. Qa Aras ‘The extent to which data wl be cllece ding aS ut shoul be determined kasd on hs ‘AL Availity of etic nd equ itormatin. ‘8. Auditor’ anianty wi th cicumsances, C,_-Auet siityt d etorant evidence 1 Purpose tl scope of the aut Beng done, De the correct ans ustfeation pet exteat to wich dats wil be olletd daring an 1 aut shuld be bso on th sop, purpose dnd sequirement ofthe ait and net bs contained by the eae of obisning the information a by the 18 malitor fiir withthe area Being ait. Au ea est bjt nd hero ad not sunt to cut a thugh powoneived pected ess nse on faa with eae bing ane, C.-C all the ured evidence ina soyutl lement ofan 1S mit, andthe scope ofthe ait Should ot be ite by th audits bit t nd leva evidence. I evidence int readily aia, the ator must ssure tht therfore of ait are conser to ensure compliance i the ‘cata is suet toa 1D. ‘Theentent te mhich data wll be cllstd during an IS andl shoud he related directly tothe scope and perpie of the audit. Am IS audit with a narrow purpose and Seope, oF jst 2 bighe level review, will max ikelyrequle less data collection than an ait witha wider prpese ‘Whi planing a 1 uit, a assessment of sk should be made to provide: |A. reasonable sure that the tt wil over materi os 18 dint assurance that meal tems willbe covered during the aut work enon assrice that all Hen il covered by he ei fice’ surance tht ll mew be covered daring he ae work usetion A ISACA IS Ani and Assurance Guideline 2202 (Risk Assesment and Audit Ps thatthe applic rskapsemment appreack should help with the privitizai proces of the 1 audit and avurance work. The risk assesment [rocet of arent and items of aud interest andthe decision process to design and conduct, paricela 1 ait engagements 1a, Bette assure tha mater es wil be core ding the a work i an mpi propositon cc, Retbonaleesrace th ll tems wil covered daring he uit work not he cree ane, tecase pinay meal ems oud wo be overeat all tens 1b. Saleem asa tha all tre wile covered mot pia csr tt he ait wil ‘orl mater ems,@e=- = DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS A126 The MOST approprists ation foram IS air to the when shared wr acount ae doves wo A. inform the aut commits ofthe potential ese, 1B review au logs forth IDs ir question © document he finding and expin te rk of wing shared IDs teat hat the 1s be eed rm he tem (Cis tne career answer [Av Itissct propria for an 1S autor report Finn he ad commit ele condacting 8 mores review an pes the to management fora response 1B Review of alps would mot be sf Base share TDs donot provide fer inva sccoutbility An IB auditor's rte isto detec Sea report so explain ‘econmended beens does not allow for aecountabilyof transactions A {o management fo decide how to rexpend to the indings presente 1D. Wicvot the ole of an I art res the removal of TDs fo the sytem, |A1-27 An IS audiorcondcting a compliance texto determine wheter cones sapped management polices ‘a proces The test wil at he 1S itor to detsne [AL date contel is operating ees BB. ate contol is operating dese Cte itegity of data conta D. the eanablnce of fc eporting conto Bis the corect answer ‘Ais nortan that cones operate eile, tn this case the int it fo estat the ents supp manayement poles and procedures, Tarte. the portant se whether the ors ‘ne operating correct an hry meeting the centro bv. 2 ce tests can be used (os the existence and effectiveness of defined process. ‘Understanding the objective ofa compliance et mp ‘meet management expe CS tet not compliaace tty are masochated With dt nei. 1. _Deterining the ensonsbeness of ancl reporting cools avery aow answer in ha itis tinted to Finacial epring. mets the objective f determining whee the contels far resonable but doesnt ensue tht the conto s working cer ar heey suporing ‘management expections ar bates, ‘CISA Review Questions, Answers & Explanations Manual 12*Eaion SSS aeratewane y= oRMATION SYSTEM AUDITING PROCESS es re avay ‘The vie president of umanssoures has request an 1S ai inti puyrol overpayments or he previous Jar Which vould be the BEST au tecnioe to wen thisitaion? AL Gonerate sample ts dats 8 Gncraized ait sotvare Cnegrated wtf D, Embedded auitmodale ustieation [An Tet dt ets fr the existence of conta that might prevent overpayments, bu Bosna ee specific rvius miscalculation. 18, Generalized aut stare features include mathematica co atic amass, sequence checking, duplicate checking and re-omputate tong generale noe sttware ca ae appropiate eat vexotpate the pas “etermining wether there were overpayments and to whom they were mad (CA ftgrate te fity bps oie probe ast ears but docs no test ets for & revius perio. Anemia wt mode an emblethe I aio to vale a proces an ‘ot dose not dest eon or a revius peo. hers evidence, During = ccuity elit of TF proces an IS sor ind ht documented scurity procedures donot ‘exit The IS aio sul [AL Crcate the procalres document bas on the practices Dou am opinion ofthe cement sate an ed he ai Conte compiance testing on walle da Meni and evabate existing paces. isthe correct answer usc NS mins shoud not propre documentation because the process may at bo compliant with management ober and doings sould jeoparie their ndependence ‘a. Ending he oak and eeu opinion wl notre wenieaton of ott ik, The autor ‘Should evaluate practi n place. The rcommeritin may stil be the organization 0 {evelop writen radars, Terminating heat my prevent achieving one of he ase au ‘sjectnee lection of pte isk (© Hecate there ate no documented procedures, hee sno basis guint which o est compan. 1. One the mat objectives ofan aut so Henly potent rsk therefore, the mest practve fpproach sto dently and evaluate the esting security practices beng flloned by the rgsnizaton aud submit the Gnding and eisk to management, ith recommendations ‘document the curent controls or enforce the documented procedures. ‘ISA Review ovations, Anawars Explanations Manual 12 Etona ‘DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS AL-30, Daring arial an IS stor Hens tess and pte ipacts, Nex the IS oor souk ‘A, Ess the risk asesmet aligned fo management sk assesnent proces. 18. enti information nt andthe uneing ses {C._Discse the teas und impets to management DD. tdey and evaluate the exiting cones. Dis the conrect answer. Jostein: "Ac -Anaalt sk asset i condted for purposes tha are erent rm mataysment ik ascesen recess purposes, B. [isinpeasible wo determine mut witout stenting the ase eso terete, this us slay have been compte. (C.Uponcompletion of aisk assessment an Ssthtor shld describe and ici with managment the teat a polenta impacts on he wat an evercraons for ares he sk "see, this ction canol be doe ui the contol re et a the Helio of the threat caletated D. I isimportant foram 1S auditor to deni and evaluate the exsence and efectvenes of planned controls otha thera level cam be caeulted ar the potential heats fd pss impacts are Kenta ALL Which o te following woul! nomally be the MOST rll evidence fran IS ator? |A. confirmation leer recive fam thi party verifying an account balance 1 Assuance fam ine management tht an appiciion ishing designed Trends obtsined fom ftmet sures 1. Rat alysis developed bythe Sabor om report sup hy line management |AL Hvideic obtained frm independent thied partes i ln felabe than assurance provided by lea! management 1 Boca mangponea ot objet ard ay not understand the sk and conto ton, they ae only providing eden that he aplication working cotet at th conte tsi assure ino an accep level of rs for aut vance Data fom the Interacts wats tistwothy or ndgpendely valid 1. Ratio rays ca doy tends abd deviations Hom abasic bt sot cle eve. A132 When evatng the eolive eet of preventive dete an camestve contls within press, an IS ator shoud be aware of which the oowing? [AL The int at which contol are exercised as dt Now tough the system 1B Only preventive an detective sono ae tlt CCorreaive cones ae rand x compensating 1D. Classification allows an 1 eto to terse the como th te ising. Jstinea ‘A. An ISaudier should focus on when controls are exercised as dats Mew through a computer system. 1B. Concave conto my abe relevant case ey allow an cro problem toe conc ._Comecve eontos remote or eds the fe of error oc eulris an are no excel seguned 3 competing corte 1. Theexstence ond faction of contol ar nportan but not the csc, {ISA Revi QueatinsAnavers&Explanetions Mansel * Ellon 3DOMAIN 1~iNFORMATION SYSTEM AUDITING PROCESS ‘eto tae “Which aut echaigue provides the BEST even ofthe seregton of dae in an depart? |A. Discusion with management 1B. Review ofthe oganzation chart C.Obeeration anc imervicns 1D. Testing of wor cces nas (Chet correct ansver. ustiestion: Jo Nanogsment my othe aware ofthe dts functions of cach employee in the depart and ‘wher he comet are being fllowed. Three, discussion wih the management provides ony Tied information regarding segregation of dts. 18. An onnzatonchat does not prvi dss th aston of the employees o whether the ‘cons are woraing corel. 1p abservlng the IT staf performing tei aks, an 18 auditor can Kenly whether they are perferming any incompatible operations. By laterviwing the TT staf the wudtor can ge an bvervew af thetasks performed 1b, “Testing of ser ight pow infrmaton abou the righs uses have within she 1S systems bat oes ot rind complet nfonration at the fanetions hey perform. Otertaton «beter option Tecause user ign canbe changed Betwoen suk ‘Alter oviewing the dbase recovery plnning proces af an rgnization, an IS air rogue a mectng ‘ionization maragement to acts the dng, Which ofthe following BEST desis the main tol of thi necting” A. Obtain managanent approval ofthe corte ation ps Confirm facts accuracy of he Findings CAs manageront nthe implementtion of eorectve ations 1. Priontize theron of he ten Jusieatoe [Ar Management appa of th corrective action pans nt require Management ca let tnplemert ance orecive acon plan to ais he ‘8 The get of dhemcting it to confirm the actual acuracyof the audit ndings and present oppertualty for management te agree on or respond to recommendations for corrective acto, C.plemenation of corestve actions shouldbe done after th atl accuracy of ndings i ‘stubbed bute wor of mplomenting eceetve ation nt typically esigned the IS auton, ec thingie the autor independence, 1. Rating the uit findings provides guianes to management fr allocating resource othe high-nk iene it (ISA Review Quesina, Anowar & Explanations Manual 12 ionstem ‘OMAN 1—IMFORMATION SYSTEM AUDITING PROCESS ALAS An IS nia shwld ena dt review of eine cone i afr recon poces nl A. Vowcting BAntrizuons D. Tren. Dis the correct anewer Justia: [A Vouevng i usally performatdrng the fds rane, not during the recon efor BIneatine processing autorzatons are normally dove suematiayby the yer no rng the recorlliion, ©. Corton eniris sould be evened during 2 ecoeiaon; hose, tey ae normally done by a8 ind other tan the person ented do reconiitons and ent a prt acing 1D. Tracing iva transaction recncinton flor tha Involve fallonin te transaction from the ial source ts ial destination. In electronic funds traneer transac he dicen O8 leaching nay sar rom the customer printed copy ofthe receipt, proceed checking the system stra and loge ad end with checking the master ile reser for dail rensactens A136 An IS auier is carrying cut asst configuration vie. Which of the fllewing is in appt af the cue systm configuration settings? te BEST evidenee |A. _Sastan configuration vals hat ae ported oa spreadscet bythe pte adminis Star report with configuration values tht te eve fo the sytem bythe IS ator © Datecsereensbot a th syst coniguaten stings tae mae all bythe system, salmiisator 1. Anna review of pproved sytem cantiguation vals bythe business owner Bis the corestansmer, usta [A vidoe ht ino tom generted information canbe mle before tis presente tan IS ult Therefore may ot be as rll ar evident i obi bye Saad For ‘xamol, a system amine can change the segs ore the prapic image here {aking a srcenshot Evidence that i obtained direty from the source by a IS ator i more reliable than Inforation thats peavided by stem administrator ora busines owner, because itor doesnot have a vested Interest in the outconv ofthe ait (€.Therales may be modi bythe administra prio faking he serena; thtfre this i ot the bat evidence. Thos eiew povided by «busines onmer iy eft curse! infrmaton, {SA Review Qvestons Answers #Explactons Manual 12° Elion 7 Ian Mesto[DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS eo ‘The purpose ofa checksum ona mount ik nan estrone data interchange communication of asia AL lots BR Abthentcty Author D.Nomepudiaton ‘Aiste correct answer. Sstieaton: Jp checisum that calculated on am amount fd and included in the electronic data Interchange communication can be used wo identify waaethorized modiieatons. 18 Authenticity canot be etblihel bya checksum lone and als oer orl. Cnc canet be ctesed by chock lon and node other eon 1 Nonepaaton ant cro by using digital signotrs. Which ofthe folowing arms of evidence would a IS air consider the MOST reible? |A. Anal sate fom te alice BL ‘Thereult of oes that is perfrmed by an exer IS autor An ineraly gerrtl computer ccorting report 1. confirmation ber tat fected fom an ese source Bis the oorret answer asian serena statcmert fm te aus aut evidence Bul no 8 oiabe a he ess fa st hat forme yan external Sar shou aways be considered a more {roma third pay, because the eter 1 fn authoritative sud techniques. ftir as determined by rk. This provides «standard methodology and reenable asrerance inc contr and test rats ae acura ‘cA iacrnly peated computer scounting report ir ait evidence, buts nota ble the Ferleo tprtrmed by an extol IS aor 1b, _Anindcpendnt tes peferme! hy an 8 suitor shuld ays be considered 4 more reliable source of ‘Sidon than onto eer oma thd pry, because tr subject and ay ne ave eon generated ea part fan shone auto confor Yo tt ns, e ‘CISA Review Questions, Anower &Bxplanetons Moual 12> Etoniene DOMAIN 1~INFORMATION SYSTEM AUDITING PROCESS 1S Sen" SC Aue Ato An IS audio who hs discovered unauthorized tanations ding eiew of ssn dla interchange (ED) tranactions i ily to feommend inpeoving the A. EDD eading partner agrecments _Physeal controls for terminal. © _Autencaon echnigbs for seine and receiving messages. 1D. Progen cies conte! procedures. Cts me correct answer, [AD The dectoni data intercg trading arte sprecrens minimize exposure to legal issues but Jo rot ato the problem of unauthorized transactions 1, _Physeal ona simporant and may provide preteton Grom anastorzed people acesing the ©. Authentieaton etnies for sending and receiving message play hey rol in mining ‘exporure fo unauthorized transactions Change conte procedures do ot esoive the se of unaahorzed wantin, An 8 aii salidting contol that inves review fsytem-penerted exception apts: Wich ‘he fllowng the BEST evidence of te efetiveres ofthe contro? ‘A. Wabcthough wih the reionsr ofthe operation ofthe contol 1B. Sysemgcneratd exception reper for the review peta wit the reviewer sgt .A‘snple ystengneated exception report fr Te revi pid, with follow ction ems noted by the rvioner 1. Mangement conimstiog ofthe effstvenes of the contol for he review pid tate correct anener. ation ‘A wath highlights hw a contol edn to won, ba it el highligh the ‘lecivenes ofthe contol, o ekcepton a cestsns inthe proses 1. Reviater signoff door at demonstrate the eflsctivenss of he cnt ihe rover does atte Fale aston for he econ ete €Asanple oa system generated report with evidence that the reviewer followed up onthe ‘excetion represents the best posible evidence f the effective operation uf the cane, becnse ‘therets documented evidence that the reviewer reviewed the exeepion report and tok acon ‘ase an the exception report 1. Marmerents confirmation fefectivnes of he conto srs rm lack of indepeence— management night be Biased wad the eectivene ofthe cota put i place {ISA Review Gowson, nwers& Explains Monel 12 Elion fe @DOMAIN 1~INFORNATION SYSTEM AUDITING PROCESS (odd sess art ‘A sorpany bas eon upgrade is purchate stmt incxpoate etm daa interchange (EDI) Atanamrsins Which fe foloing controls shook be implement inthe EDI ntact eid fo ‘Scent dia mapping! AL Koy veiization 1h One fore cecking C,— Manualecteulatons D. Faction acknowleganens Dis the correct ansner ustieatlon: 1A Key weficationis we er encryption and protection of dts bat for dats mopping BB Onefacone checking validates hut transactions are acura nd complete bt does ot map di {C.__Mernulyesatclaon are wae owe ht te proening i eoret bat do nt a dee, 1D, etn a am ait tral fr eecronie data interchange taseatons, fortionl ‘cknowledgeeats are one of the main controls used in ats mapping. Which of he lowing sampling mstods would be the MOST efetve to deine wht perch ‘nde isued to vender ve btn suthoriza spor the authorization matrix? A. Marble sping BL Simified mean per unit C._Atiute sampling D.Uneaticd me perunt Cte covet: Jesteation: 1A Marble ampli isthe mood we for substantive tang, which vce esting ramscions for ‘untae aspects such as monetary Vales. 3, Statfied mea eri i ed in varabe sampling C._Attibvte ramping isthe method wed for complance testing In this scenara the operation of ‘contra ebb evaleated, and therfore, the alrbute of whether cach purchare oder wa Correcily authorized would be ase to determine compliance withthe contrl. 1, Untied mer peru is sod in arable suing ‘The BEST method of confirming the aocrcy ofa natn tx salctin iby |A.roviow ad ass ofthe source ce of the ealcaation program 1A. tacenting progr logic using genrazed ae software to calculate ment. (C._repurg simuled transactions fr pccessing sa comping the esl oper es 1, tomate Homeharng and alysis ofthe source coe ofthe calculation programs (Cate corret sven. esta IN review of sos code isnot an fective metho of easing hat the 18 Recreatig roam lege may lad wo ctr, and monthly ls ar ot ucuat ough fo ese ctl compuaions C._Preparng simulated traeactions for processing and comparing the ress to predetermined tests is fhe best method for confirming the scearacy of ta lela Flowcharting ant analysis of source coe are nee methods fo ars he acuracy of ind tn lvls. ean i bing computed ‘IGA Review Question, Answers &Explanlons Manel 12° Eon Seeee DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS [Av An IS aulior performing review aplication coniols woukl vale the: A. effcency ofthe appliction in mectng the business process. pa of any exposure dcprered CC. bates proceresrerv by the aplication DL. appletony opinion. Ble the correct answer. Justia [An The Satori evening the effectiveness ofthe conta othe satay othe nication a meetbasines eas. 18, Am application control review involves the eau sid a aves 0 (©The eer choices maybe objectives ofan application ait tare no at of am ait etic oa One ua tobe reve may be th ficiency and opinion of he apoio, but this no the ssa Sein evil in hs a, At45 —Conetivesetion has ben taken by an uit immsately a the elation ofa reprtable ing. The I alin shoe ‘A. incase he Fini the il report, eee the IS alors esponsibleFr en acura eon of Al findings 1B. otithide the Finding in he Final eport cause management esse the em (Cet ted the ning inthe Fil repo, bees cnretine ation canbe vee by the I aioe dur the ae. 1. inte th nding nthe coving msting for discussion purposes ony ‘Ata the correct ananer. Finding inthe nal report is a yeneraly accepted sud practice, fam ation is ker ater dhe au started and before tended, the aa report should ently the fading nd deseribe the corrective ation taken. An audit report should reflect the situation as slated atthe sat ofthe audit A corrective aston taken by the alee shed be reported ia etn. .Theaulitrepoet shold conan al eleva inings andthe rexpone from managsmcn ven i te ding as bee resolved. This woeld nee hat ebseguen suis my et er he continued resem of the cot (C._Thesaulit report shoul contin he ining so that documented and he removal ofthe ent squeal woul be mie, Theat rot should conan the finding and reseatin, a ths con be meson in he Fn meeting, The uit prt should tal eke Finding and he response om manogemeet {5A Review Ovens Anowers#Exlantions Monal 1 Elfin a ‘ken ese‘DOMAIN 1-INFORNATION SYSTEM AUDITING PROCESS. ats ala CEs “Te ral Sait tam ating contol over sls rts andi concen sb a Wich of he Thing sampling nabs will BEST assist the IS anions? AL Stopcrg0 Clas variable © Discovery 1 Probabilty-prpaniona-o size (Cisthe correct anne _Sestieaton: aoa amoling moth ps imi te sie of spl nd allows te testo Be Hon fui cast psile momen 1 Chica! tribe sampling soca with olla amounts ad asa sample base on ela mpl of he papal But ot ose on ud ‘DRSGNCy outing tc used when an IS avr Is ying to determine whether a type of event aoveugred. Therlore, issued to sss te rsh of fraud and to identify wheter a single fccarreacehastaken pce. 1 Pokabity popntiona size sapling is typically associated with laste sampling when thre are raat ample. The qucston dos wo indcate tha an 1S wart sercing for ates ‘tal When developing rik-used aut satya Sor soul cont isk assessment tense Hat [AL Contos ede to mitigate isk are in plas BB Vuleries sa eas are wef Cnt isk is onsidere. DA analss Sanproprin [Bis the correct ansver. station: aor emiandng whether appropiate cntols tha ae rue to mitigate isk at ia place i reat fff of an a 1h While developing risk-based aut strategy ts eft ha he risk and vloerabiites are Understood Fey determine the ates Tobe audited and the extent of eoverags cc. RATES tntnoren aspect of ating, dic rete wo Ue aut process and ot elevate ‘ak anys ofthe enviroment o be aie ‘Reararasisis normally don to coms te acta ste oan expt oe desl ae EHCP PEE eeHEE Ee = Eee HEE EGP eee EEE eee eee Peete ‘ISA Review unsins, Answers & planation Manual 12> Eton(orsd samen” DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS eS OE TNO PROS |At-#8 Daring a ex imervow in cases where doef dsaprecment epating the impeto finding an 1S suds A. Ask fi autitesto signa ease fom accepting al el esponsily. Elna he significance of the ining the nk of wt correcting it CReper the eagrecment othe alt comme for eaition Actes the utes poston becase they othe process omer Bi the correct answer Justis [An Mangement ialvays responsi and able for stk The rl ofthe 18 aio ist inn rmanaoment a the ndings snd snes rs cone nana 1 itthcauaieedagres wih th impact of ning ts pert! fran 1S adie to eaborate and darify the sk and exposures ects he ace may nt all appreciate heme of fnecapaare Te eal sul be tenes aie acer no ernaon Wk 1S auior may not have been avare. Amtig that appears threaten the suite lesen ctv cemnvaniations and 8 up sgreust because the adic express an alternate pin of em, Tent report enti the aig rom the Salta he response fam management isthe respensbity of managemeat to accept sk o itgate appropriately, The ole ofthe ui to Inform marajmert lel and throughly so thatthe best dso can be made The andor must prefs, compet and inkpendot They mat ej ect an expansion or argeat em mame tls the rene ogee the ining wae ave. A149 Toons hat lit resources diver the best vas ote organization, he FIRST step in a ait prot A. Soho heats and monitor the ime spent on each at. 8 Teainthe LS aut staff on curr ecology wed in he rgaizaton, C._Deseop the alt plan based om a dtd sk ssessnet, 1D. Moner progres adits an nate cost conte menses, ‘Moning teas andthe tine spt on salt iat este if te won ares ating ani is ‘not rpertan to deli bed aut pln ene ctve wo at aos 18. The autor may ve specials or he at tam may rely om ote experts com very spoiled aut Iie nt necesary fr cach IS nor ob tao am all en teshnslogy ©. Attivogh monitoring the tne snd at programs, and adegeate training improve the IS ait als productivity (elfiiney and performance), chstring thatthe resources and efforts bing ‘ediated to audit are focused om higher-risk areas delivers value t the organization, 1. Moniceng slits and nating cost onto dos ot nse te fete eof ul rman, ‘ISA Revi Questina Answers & Explanations Maal 12° Elden 2 ‘Seca At eteMAN 1-INFORMATION SYSTEM AUDITING PROCESS Gis} ea vse ats Which fhe following shouldbe the FIRST aston of an 1 auto ding w spre wih department anager ver aut dings? ‘AL Retest he cota to vada he Finding BB Engage that to validate the fading {C._Inlo he find the report wih the departmeat managers ommens, Reval he sappotiny evidence fr the Finding, Dis tne correct ase. station: peteting the cot normally cars ar the evidene has Been ead 1B algh hve cases wht ah party maybe needed 0 prt specialist proces, Sheage a tid pr C._Belos ting aigpeted fading or management response edhe aut eport the 1S aude should take cre to review the evidense hat ed nthe Finding ensure a acca ‘Conclusions drawn by an 18 auditor should be adequately ewpparted by evidence, and any ‘Somponsating controls or corzectins tha are pointed out By department mansger should he {ten inte cons eration, Therefore, he firs step is 0 revaidate the evidence forthe Nadas. Tieafter revaidating an stesting, there are unset clsagrecments those ses show be fncladed inthe reper. ‘An 8 aor sould tts smping, ad oe amen (nustatitia sampling, whee: |A, The probity ear sus be objctiney guid 1B. The auditor wuts to avoid sampling nk Generalized wut stares unable 1D. Thevolrable enc rate cannot be detenied ‘isthe correct ansver. aici Jn Given an expe ereor rate and confidence evel, static sampling fan objective method of ‘Stmping when sis an 1S auditor determine the sample size and quantify the probably af ror (condense cote) Sampling risk thera of spl not heing representative ofthe population. Jlemeot and sta mle. Satta sxmping ca ose overated amt soar, batt no regu, DD Thetoerable crerrat rust be pedtemine fr bah judgment nl ist smpting si ex for a ae ee a ia@== oo seomuer sonnei ALS2 What isthe BEST action fr en 8 air tote wen an cusourced mentoring proces or eae acess ‘sinadequte and miaggomont dagrace bens nrusion diction ss (1D3) tl Heal cnt e ingle? A. Revie the Finding in thea rport por manages feck, BL Revit he Finding case the IDS comol are place. (C.Retrt the Fnding becrue the reall ules are mentored 1D. Docent the nti rating nthe sl espe. Dic the correct anawer. usitcathns [Ro The B autor way cade the management respons in he report, but Wl oft he requirement to report the fining 3 The ining remains lid and the managment response is documented: howe te aut es Iolite anced to review the alt of the management response C. The finding remins valid and he managencnt espnaef cemented; however, the a ay indie «need orev the vail of the management respoee, 1D, autor independence dictate that the addon information provide by the nutes tae into ‘onsileration. Neral an 1 aor doe not automatically retract or revs the ing. Am orgniion moe = bank o proces its weekly parol Time shes and payroll adjusiment forms e+ erly atechanges and teins) ae comple and diver othe bank, which prepares the check ‘nner fr dso, To BEST ensiepyell data wecurey |A.-aytll reports should te compared ip orn Gres pol shuld erally. {© Cheat shoul be compared apt fos 1D. Check should be recone wih ope epors Austen: 1A The bert way confirm data accuracy, when ipa ‘utpa s gneratd bythe bank, over the _Recaubting poss pytll manually ool verifies whether th processing is cores mo he tn © Comparing checks to inp for it aot faible east chests contin the proceed inforation np fem contain the inp, 1D. Reeling checks with uate ony cnt ks sts ston ouput eps. is provided by the organization and Pt (pt Fors} Nth the rena Bee egy austen Asner & pans Mana > Eon oe as[DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS. om Aus Avss Which ofthe ftlowing represent the GREATEST poteotlisk in an econ at inercange [EDD environment A. Lack oftansston ahoriations B._ Lessor dpleaton of ED tansmisions C Transmission dey 1B Dalen or manfuation of aniston prio, afte, eatblishnor of uplicaton controls Afathe correct answer. Sustiiation ejects the fteractlon betncen partis is lectroni, ther isn inherent authentication fccurrng! therefore task o transaction autherztin is the greatest risk 1 Tinwar blest of stocrenc dats interchange rnssins ian example of ri but Bacau al tramaciors shold be lg th pact sot grea as ht of author kansactins c._Traonsanon dls ny terminate th proceso ok he re wl th imal ine or processing Is lao never, hor wl Beno fd, 1. Deleon or manpolaton of tansactons or 1, eat, esblishinent of application cols is an ‘Samp fish Logging detects ny aati othe dian he pact peat as tha of thouborizt asactons using the planning stage ofa IS al, the PRIMARY pul of a 1S autor st: AL Aides ait bjstes. BL Colla aici evidence © ‘Specify appoprte tt. DL Minimize au sources stations OMISACA IS Audi and Assurance Standards requre that an TS auditor plan the “nutes the ait ebjectves The ative deseribed eth other options ae al thre ait sectves and thus, ate scondary The I anor dies ot calles eidcnes inh planing suge of an ai Specifjing apeorate tots tthe primar glo uit planing Ectve we frit erources 4 goa at planning, not inning lit esoures Gikac aeasy se ‘DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS ALS6 When sefeting aut proces an I air shuld ase pofessionl algmer to esi tht Sule evidence wil be coleted Signcantdetcences wll be eto within resonable pri Alster weakness wl be wef ‘Al cots wl be ep at minut kvl Ate the correct anrver. estat [A Procedures are processes that an 1S alr may follow ina ait engagement, In determing the appropriateness of any specie procedure, am 18 andor should ws profesional ‘hats appropriate to the specie crcumutancee. Professional judgment voles a subjective tnd ten qualitative evaluation of condone sising during av audit. Judgment 1 ere area wiere binary (exo) decison are seeming me suticency of evtoence oe elected. ISAC A's delins pre arma ‘hw lo meet de standards when performing 1S aut mor. 1B. _Thewarestion of efcenees ithe respeniby of management and isnot apart ofthe aut roadie sleton procs C. Menttying mail weakness the esl of ppopriteconpetece experience an througnes inpluing ort executing te aul, an ot of pfs julgment Professonl jen st nary inp to tho Fincial pct ofthe sa. Amit rods aa se open alent ant eau that all ficecis weakness wl be iti ar erected D. Profesional jon entre that st rnoures and ents are wo wisely, bal thi ao the primary abjcive ofthe aor when sling at proces tant tst to very that ine bay intr reso re seu A. Deteminine whoo harce er at intl _Deteining whee he movement of tape steric © Copdicing physica count ofthe tage sentry 1D. Checking Wee eis and iss of ies ae accrstely cord tse co rect answer osticatin: ‘A Detemitng whet br cove ears ar installed is compliance txt B. _Detenining whether he movement of apes aor a compas test C_Asabstantive et inctaes gathering eodence to eval the ater Go sccutay and valli) of individal transactions, dat r othe aformat ‘hyskal count ofthe tape inventory isa substantive test 1. Cheting wheter recep and eos ftp te acutely rece is a comphance est the completeness, ‘Conducting 2 {BGA Revion Gossane Anawors& Explanations Macal 12° ilon Pee,DOMAIN INFORMATION SYSTEM AUDITING PROCESS (cis sence 58 An-apprpriat comtt fr ensuring the authenticity of onder esive in an lsoni data interchange syste application isto: Acknowledge cept of elestonic ones with confirmation msgs. Perform feascmblenes checks on guanties oder befor filing odes ely the ent of sends and determine if orden corespond to contact terms. Encrypt een nies pose te corset anser. Justitia a cknotodging te reset of hsm ors wih contin mess go practi bat wil fot aunts order. om cstomes by, Revomingneunmnnswe sherk punts also before pln ods iy canto for enor thocomeencnof the ganization srr, atthe aut oft east ond, ¢._‘Am electronic fata fnterchange system ls subject ot only tothe wual risk esposeres af ‘Stputert)stoms bu also those arising rom the potential ineTectveness of centrls onthe part the trading partner andthe thia-party service provider, making aethentieation of wers find menages 4 major Security concern _b.__ Frying cedive messages appropriate sep but does wo roe utenti of messages |AL-S9 An iS ue fads at the answers csv daring a intro with payroll do ot apt job ‘Svermion an docncnedprocolres, Unde hese curses, te 1 air shoud concadetat e cones ar inadequ ‘xpath ace to lade sabsunive ttn, hc preter ance om previo aus pen the elt fs the correct ans. station eens ley ov the inevsw with the puyol clerk; te 1 aio wll ao be able weal evence to-concde ote adequnc of existing cools ‘vied to a TS aiors quest firmed by documented procedures a Job deverpios, the 1S aud reseope o Lsting the controls find che dion subst c_anng gree reliance on revios uit isn rapprepite ation, beans it provides wo curtent Toad of he adequacy of te existing convo 18. Siapeding ie at tan appropri action, because it provides no current know of he Mogecy of te esting cont oa a EY RFcee DOMAIN 1~INFORMATION SYSTEM AUDITING PROCESS [A160 Am externa 1S nator sses an aut rpot pining out the ak of Frew protection ets athe erimetrtetwork gateway an recommending specific vor pret to aes this alert The TS aortas fed exec: A. Prfissona independ Organizational indepen, Tecnal compen, 1D. Profesona compctence [Av Whon an 8 autor recommends a specifi vendor, the audiors profession independence ‘s compromise. anexleret athe time of sceping the enapement (© Tetnica eampetenee no relevant the eens independence 1 Profesional competence ot eleant ote reeset imepernc. AL6L The PRIMARY reason an IS autor performs a urtional wa-hveneh ring the prelininay pss of nau asignment sw A. Unda the sins process 1B Conphy with aati standard, Cent contol weaves. DB. Deveop thei sensent ‘Aa the correct ananer r 1B ISACA IS Aut and Asura Sanne omnirige ayn tat roeteshrceses rie 0 sister in perfoming Sas ar efctiely Honeve, ani don sa an Sloe {o pater process val-though a the cemercemen fs aa ces (© Adottyng conte! weakness ent the primary reno the wal tugh al yicly ocr at siesta inthe at 1. Thenaia reason i to understand the basnes proces. Te isk assent developed afer the losin proces unesond ‘Ged Review Quentona Anorar & Explanations Maal Eilon aEDOMAIN 1-INFORNATION SYSTEM AUDITING ave. aves Ine proses felting progr hinge ono, 1S autor ws sores compari ofa A. Examine sou pga slangs witout neato or peru 1 Duwet ture pgm shunge made hevesn aqui copy of the aurea he arb un Conte hat thecontol coy the erent version the pedocton program. 1D. Ensure hat all anges made inthe cute sou copy artes Jestfeaton: sree ven an IS adr ass sure code comparison te ctandae source program changes wthowt ‘mormatan frm 1S pervnne th IS suitor bas an objective, independent and relatively comple “Touranceo program changes breae the sure code comparison ints the changes ty. ThUtaanges detec ty se sane st compron abate to vnsone ofthe settee This ocsnot tet danse mak sigs thoaeqson ah copy ofthe stars This isa fintionoHbary management, aot sourcecode comparison. An IS autor grins his ssrance separately 1b. Sours ede eryrison dts lf changes between an orginal an a changed progr; however, the hompaison wlll cars that the changes ave been agus ts “The PRIMARY purse fr meting with audits prior famallycesing 2 review i ‘AL Conti tht he uitors i ot ove any important ses. 1B. Gain agrocment nthe dings C.Reive febacc onthe ada o he uit procedures Tet the state f th inal presentation. stiestion: prefncelasing meting eves any mandingo or the uit but des wie any inact iaeroneookel inthe ait 1b, The primary perpost fr hecting wth udees rir o formally closing renew is tg ‘agreement om te findings and responses frm management. Cc. THes maing may cain comment from arapeiert on th condi of hea bat tnt Inset be aera svi of heady of be tt procedures 1b. Thostactre ofan suit report and the pression fllovs acct stands an practises The ‘loung mectingray india rosin the ato posoiaion Dus aot intend 1 et he ictare ‘ofthe pret. a a a— DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS |AV-64 Which of te folosng aut tchnigues BEST fps an 1S awit in detemining whoter thee have been saauathorin! program change sinc heist ahrzed program update? Cade review ‘Aste cou comparison Revi of code migration procedure Cite crrect newer. ustiiation: > Test na rns permit the autor wey the processing of preselected transactions but provide 0 vide about autora changes or anette porting. Code rovew ihe proces of reading propram source ce sting To dleroine whether the code fells coding tnd or contine penal eros fein statement A cn ee an Be seas a means of ede comparison but ts inion al wliy tte any npr a he ede esol i Tue peor. ‘sn automated co son the process of comparing two versons af he same program {o dctermine whether the to corzapond It yan fllent technique because His a automated precidure "The eview of code migration procedures does ot detest uoutorize program changes. ALES When pcpring an aut ep, the Saar should ena hit he sels are spared by 7 Statens fom 1S management Am oganizatonal conto seF-assesment Suffeen ae appraprate audi evdene a Stainens rm I munagemcut may be inch ip the at analysis bu these sant aloe are necensired + sfc ass or sing Fp, 1. _Workopes rom he audios ay be we estan aii a nding ut kd oe ed ith the alton eva he work paps a the aur whos rearing epor © Thevesults of conte selfasesent may ant the IS autor ndtermaig sk and comics tuto its i ot enough opr the suit ep. 1. ISACA'SIS Audit and Assurance Standard on reporting requires thatthe 1S maior has slicient and appropriate ait evidence w support the reported results, Statements fro ‘management preside » bats or obtaining concurrence “rpea evidence, The report shouldbe bas 1 calested daring the reve ‘venthough the IS anditor may have aces tothe werk papers of ether auditors The resus of Sh ongnizaona control selCateewment can spplement the ait nding, ‘ISA Review Questions Answers & Expansions Manca ™ Elion ‘San A men nrOMAN 1—iNFORMATION SYSTEM AUDITING PROCESS aes aver “ie esha sown development paces tn onaiatn, 0S an es hth ui smaate> Wao pons ye apemant The MOST pret ena ran arse AL Peters of te QA fasion se # shank eben OE Manage ae Berney he WA fineton cnet shina wt te pees impermation ere he project unger boa thet sg slit with te QA. Faton Src le paet manager Bens th OA Fancton ne communicate wit he pest implementation am, ‘Aine correst answer. asserance (QA) fanstion shold be independent of projert att inna, profet management may pt presure on te (2A TUNER. a¥prore tm inadequate produc Bates dhe 08 faction f notice by intersting with he poet inlemettion ae joc at cease «proc for plementation unlit mets QA requiemens c._Tathmect marge respons othe isms aie by the QA team. Ths does nota he Cctveness ofthe projet manage 1 AEOr Taso cecton wih he poet implementation am sould not npc th ene ofthe projet mast the fil decision told mater fnding in ans report shoal be made by te [AL an ori BL adiecs manager, CS audio: chief executive office. ithe correct ansver ustietion: usin ance should na impair he independence, pfesionai and best ofthe 1S noe by nencing wt siden he ai po 15, nets andors manager may commend Wt should or shoud not be nla nan Fin as manage soul ot nace the content the ep. c._ “Thc audios should ake the final dit about what to include or excide from the audit ci eo, amet execs officer must not prvi inluence ove he comet of a a report esau that ‘ald bea boa ofthe sndopendence ofthe aul ret. oo _________ TiSA Review Questions, Answers & Explanations Manual 12 EatonQa DOMAIN INFORMATION SYSTEM AUOTING PROCESS AL-GH While reviewing smite clcronic work papers, he IS sult nti th hey were no encrypled This could compromise te: ‘A. Autti of he vesioning ofthe work papers Appeal af dud phases (C.Aceese hts ote wrk poner 1D. Confcntiy of he work papers estat [AD Audits Jono by themselves, alet he cotientity, bat ae part of the reson far 'B. Audits aprovls do not, by thomscles, fet the cnfideniity ofthe work pers, but ave pat ‘ofthe res for ong encryption. (Cees othe work paper shoul be linia by nod o kro: honever, ack of encryption beaches the cctidontty ofthe work pars, nthe Seen ight the papas 1. Encription provides confidentiality forthe electronic work papers. A169 The MOST important son fran 1 aur t obtain licen and appropri al evince eo ‘A. Comply wih reultry requirement. 1B. Proviso denn easonabe consis. C. Ensue compte at cover Perfo thew according 6 Ue dein cop Bis the comect answer, tory equirmons ecu oan ait bu is ot the most import eas ‘why ir and eleant xadence reed, D ie defined by Ke abjectve, This involves denying control weaknesses televat to the scope ofthe aud. Obtaining efficient and appropriate evidence ast the ude in nt enly seating control weaknesses but abo documenting a validating them. (C._Ensanng coverage elvan to comduting an IS ait ul 0 hemos! morta sn hy sulficen and evant evidence ryured. The reo or obtaing eden fe sae that he ‘unt onlin are fatal and acc, ,Theescetion of an att met ts defined sepe i rlevan tn aut bathe reson hy suffice an! evant evidence quel. ‘ISA Review Questions Answers & Explanations Manal > Eaton Fe 2‘DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS. a aun A inal ive an 5 sai as eon to Boe at and my be resent The S aie sol ‘expund actvtis to determine whether an investigation it warante Report the mtr to the oui commits. Repot the posi of Sau to mangement ‘Cont with externa lal cincl to datermin the course of action to be taken nee Jostfcaton enta IS auditor's responsibilities for detecting fraud inlude evaluating frau indleators and ‘ctaing whether any sddonal action i necessary o whether an favesigaton should 18 The Samir stoald not the appropriate atts within he erganizaton ony it has eerie a fe intr of Tau ate salient econmend un even c. _Thel8 auto stald report the pesibiy of Fraud to op marageriet oly air ete is suTicient rier to launcan vestigation This ay be ace by whether management ay be evolved in the tau 1b, Norm the ISaudtr dose at have thority to ens with extemal ep counsel ‘An 1S autor nates Ut ile logi atep to 3 core Fancast are automatically logged era the {ose retained foe ear by the orgazation. This logging A. Aneffetvepowenive conta BA valid doesn oni Notun adegunts conta Di A ceetctve contol A Generation of activi log ota preventive cool hocause tans prevent inapropit acees 1B. Generation of anactviy lg is not Steve contol Became i es nh in Stesting fnappropeiatc aces we is rvionel by appepite erent (CGancraion ofan atvty log nat x control by sl Is the review of such x ag tl the atnty x comtrl (Le generation plus review equals contr. D. Generation af anti log rata crocs como bese doe ot corre the efecto Inapproeie ssn. ‘An onnization's Sanchar shoul pei the ‘A. plan for andl engagement. Rhein and cope of audit engsgonens (C.deted eaisg pln forthe Sat sa Di, foleof he I ab ction Dis the correct answer. station: Ae Moning the esponsibility of uit management 18. Theelyecves ad scope of ea IS audit shoul be yr on nan engagement ete The charter unl ape he bjeives and sope of he ait function Dut noo nv engagements. (Cian plant tas on head plan should be devclepe by ait management. 1. AniS aut charter extablshes the ral ofthe lformation systems audit function. The chart Shou describe the overall authority, scope and responses of the aut fonction. Ht should bbe approved by the highest level of management and, iFavaliabl, bythe aut committee. ‘ISA Review Questions, Anewers& Explanations Manal 12° Eon TEACA-Al gts Reed.@= aun soo DOMAIN 1INFORMATION SYSTEM AUDITING PROCESS Which ofthe allowing shoal an IS aur us o detest dplste invoice esos within an invoice master A. Ante simple 1B Computerasise audit echniqus © Campiancetesing ay ated est ality estates [An Ati smping sid in dein ecordsmecting specific contons but des not compare ope recat to another to identify dies. Te detetdupiete invice ecrd he I mio shld ‘hoc all tort meat the een at jut sample of he en B, Comyater-asisted ait techniques (CAAT) enable the 1S auditer to review the entire Invoice © Compliance etn determines weer contol rocedre ar ahr ta. Using CAAT the ber ‘option Bence it most ely more efficient to search Io des, 1a tegrated test fey allows the IS anltor to et raneactonstrovgh the prston ster bat lee st compar records ety dts, When deveoping rik management program, what she FIRST atv tbe perform? A. Thrstasensnent B Chistian of data D. Cita amas (Ce the correct anower. Justice [A Thesis acd tobe owed Fist sting of th tet th ane th ast ner step in Date lesicaton oyu fo defining acces contain eat analysis, tthe este elie dt) ned be enti ele dong clistion € Ienttieation ofthe assets ta be protected ic the fia step inthe development of ik 1D. Coty anal ier step the proces afer te ass hve en eid ‘GisA Review Quesions Answers & Eplnaions Manual 12 Eaton = ‘Site tmp,Donan 1-WFORMATION SYETEM ADIT PROCESS ___ = aut {he evaluating the cnls ofan lestronie data terchanze (EDD aplication an 1 wdtar should PRIMARILY be coord wih hk of scene vansetion trnaround ine 1B. Appliation nace flee CC. Imprope ranean authorization 1. Nonvalidated bth nals isthe correct ansver. estieation: sre oressvenrnaround ie isan inconeiene, but not serous Tk A ARIS tthe apticatin trices, Br na the ost sius sue. Usaly sch & ny and cay Find rte ish asecated with lecronie data interchange (EDI is mproper snnborteaion Becnse the interaction with the partis is electronic, there 90 Tnerent authentication Improper athe bythe tcty of EDI tunsacton sports, bt ol significant s the isk of annus Which of he ain would Be MOST uf fr an 8 suitor Fr aecesing an analyzing dia data 0 ‘Me rtevant ai evdence fom diverse software envionnents? [AL Siictur Que Language 1B Aplistion sonvare reports C.D antics els 1D. Computer ested outing etniques Dee corret ansver nseation ennrsruced Quay Language ovies options fr adios o quot spc bls oa dbase remit at bjetves However sil ar roid to query specie databases, ta user must abet undrstad he record treo access he dt 18. Reports Bom pleatio sofyare ay bs seal bat hey are no eas ene computer spain techniques CAAT) Cota analytes sole might be 3 aod ecrique ods for corrol esting, Bu they ae not as comprehensive CAATS. CCAATs are tne wae fo acesing data In estrone for frm verse software sand ev sit objectives and ean erate eicences for caieting this ‘Ghiroumonts rear forma ef CATs serve a seul fools for calls ‘uit evidene according vience(easy SSI DOMAIN 1~INFORMATION SYSTEM AUDITING PROCESS. ALT? Which of te folosing sampling mths isthe MOST appropiat otesing automated invoice utr ation conrls ensure hat exception ar ot ae er speiic ws? A. Verde sampling Bagong Seti nde sping Systematic nampling Justa: [AD Varsle snpling suse for sibanive testing to determine the monetary volumes impacto sfaracestics of population: This sat the met sopropit in these B. Injulgmertal sampling profesional pce aha on the sample (eal sapling units ove «citan altel fora speci ype of exception oral negative) sould be note tha ea) compl ot stay Bae to slosh ge enaped sn apuon Seat mpl i nlitly o be representative of th population (C._Strateatio ithe procer of diving po sebpopulations with iitar can belo to any one strate in each sabgroup have known nonmro chance of section. Ite the most appropriate inthis ave 1B. Syscmat sping inles seeing sampling urs uring Tl interval betwee ects wih ‘he est itera having a andes, Tis ot he ot peep a htc AL-78 An IS aie wo wes invlvedesiprne an eranizaion's uses oti plan (CP) has been signed aa he plan, The I auditors ‘A. delve the aspen inform management of th possible conic of inert afer competing the sat assignment (C.infor the BCP tom ofthe posite cent fires prio to gia te sslnmert 1D. conmunsate the posiiiy of eis of nore aul ane po Satin the sign iste correct anamer. stato: [Av Declining the asinmont could be acceptable nly fe bing management approval otis nyonritel disclosed managemert lt management and other skh Approval shoul be obtsined peor commencement and nat fie the completion of Ie asigenen (Cnforing the BCP ter ofthe posible onto intrest prior starting the asset I core answer heease the BCP team does ot hve the sth 1. X'pose conic of intrest kel oalet the IS ‘ISA Review Questions Anowers &Explanalone Nemal 1 Edon EerieDOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS. sco MARY purge of an IT foonsic nit ‘A. Topariciate in investigation ltd to corporat fa fe TyPsisepui llectin and nabs of evidence afer astm opulent fon the coestnes ofan organizations nancial atm. DD. Topeverve vance of criminal tv Bis the correct aner. estat Ferns ait ate ni rea cna clction and analy of evidence aftr aysten regularity best decry 4 ranstait tne evidence elles ean then be analyzed and wsed in judicial preceding. eae rcs fon ogists rani stereo he AY DOE OF Ost forensic aus Dera heimestation of evidence rae oxime or misbelavr, reserving evidence the Fone poses bt the primary Purse. itt ergo fa [A180 An taulior eviews on dey oops ora remately manag ser an fe ne case where ing ia a baka resorts canna be conimed, What should the 1 air do? 1A. tse an ait ig BL Ssok an eaplanuton fom 1S manage. Co Revo the eaicaionsof data held om the server Expand th spe of logs eviews ite corvectanver estiet ert the gets primis ase a au eg, Secking an elation fo mangement is Ne butt beter oat alii ender vale the serous of the ition 1h. Wane puncnng or afrmaton onthe nsdn a the Wequency of the nein, sie to chain a enngfl explanation fom management cc SAA? ue nhl has ot bxm etal a ti point, il be svous ft involves erie dhe te ans tote importance ofthe da om the serves, where a pablem as bee Sete bo ether systema contol fe ht mts ner rer xis, 1b. Ws ual aad Stsrance Stndard require that an 18 auditor gather suficen and npproprite hav evidence The 1S waitor has found x potential problem and now neds to determine asnes DOMAIN 1~INFORMATION SYSTEM AUOITING PROCESS. ava ne fection of lease manera aplation programme are performed by the same emp. Wi te BEST compensating econ thi sera? A. Hn addtional ato provide sepeption of dates | Previn he release manage rm making program modictions © Logaig of changes to development Iiteates 1. Verrng that en argroved rogram changes are inplemented [Nath opyatin of dice saa comping cotta pvt conto Ina sal ration, be ease ie ee =a which is why cempong cantly be nese, 18, Since the release manager x prtrming chal roles, revtig them fm making prog ‘modifications sn feasible and, sl omizationsereation of dates may not Be psibls, 1c Tein change tn seer! Ewe doe net det change rotons 1D, Compensating entrots are used to miligte Fisk wen proper cantrls are mt Fesble oF practea. ln 4 small organization st may ot be Feil to hire new staf, which why Compensating control may be necessary Verfing program changes has roughly the same elect inended by fal segregation of dates |ALA2 Which of te following is the FIRST sep in an IT risk assessment fra s-hasd at? |A. Hlntf all P sytems and controls that te relevant to alt jen. 5B _Listll ont rom the au progr o slat one thing ith a cbs, © Reviow the result of anal amet, 1. Understand the basins, ts optating mode nd key processes De the correct answer. estate ‘A Unestanding thesis evince fn this fallow by wast th FT eee Lisi controls and matching hen aa bjoctives tthe fs sep ik assessment. Tis ‘ep blows undestunding the business environment and the IT system €. Arist seltansessment is optional and apical or seme types aut engnsmens 1D. Riskbasd auating must be based oa the understanding othe Busines, operating mad! and ‘avironment. This isthe st tep in an TT sk assessment for a rikchated au ‘GEA Review Quetone Anwars& Explanaions Manual Eaion SS (Std At seer[DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS aus ‘An auditor discover tht devices consid the network are nine in a network agra hat Paes deve the scope ofthe nat The hit infrmaton acer explains tht the diagram is tig andar and avatng Sil approval. The I utr should FIRST expan the scop oft IS att inca the devices that af not on the network: diagram ‘tate the ines ofthe andoeamena devices on the a soe ote compa diieny Beane he network dpa as no een approve pi low-up aa of the undocumented devi. o> isthe correct answer iat Tris mportant that he 1 lio does wo immediately assume that everything onthe network ‘isn pins rman about the skates a etwark'ystem, Thee pres in place fordocomting apd updating the network agra 1h. Inariskcbased approach to an 1S wait, th sep determined bythe Impact tht the devices tril nave on he aud the wedocumented devices do nt impact the audit seope, thea they tay be ealudel from the current audit engagement The information provided ona netwerk “agra cu var} depending on ma slog Mstatedfor example, the network layer and ‘ros connections C._Inthis ease, thew is simply a mismatch in timing betwen the completion of the appreval process and date the aut began Ther so onl decency to be opera 1. Flaming for follow-up aut of he undocurante devices is comtngent on the rk th he {Unocumene vices have othe eli ofthe eit to atthe ai scope ‘An IS autor is tein mpl sesso Iago Finacial system, andthe 1 auditor selected a sample fom the eure’ empbyes Int provid bythe tite, Which of he lowing vince tthe MOST tebe to port hotest? A. Acpanitet provided by the syst aminisator BB tuman resourses acess document sane by camployes managers CAlistot scons wih access Teves genera by the syste 1 Obserationspaormed onsite inthe preseee of syste adnate susie iN rondshcet spi by the system adnniratr may not be compe er may be inecurate ‘Documentary tens shoul be alltel to apport he audiceb spreashcet, | 1b Thebuman escuces aces documents signed by matager are goal evince howve, hey are Bot | ts ebjetve fhe sysor-gnerated ccs nt, Because acess ay hv chang or the docunens | tray have Boe nsorect oon hey were signe onerted hy the ates the mest lable, because wax generate by the syste rather 1b. The nbnerators are pou evidence 9 anderstnd the teal conuolstuctre; howe, observations rcv fica for many wes, Observes ee mk object enous for substantive tts Tad necen vations beeen igedion tend lieDOMAIN 1-IMFORMATION SYSTEM AUOTING PROCESS. A185 During» complance aut ofa small Bank the IS air ates ht the IT ad accounting feetons se bog prone bythe se act ofthe financial yom Which he lowing eve hal ‘conducted bythe user's superior represent the BEST compensating ctl |A. Audi ais that show the dat and time of te tnsaton BB. Adify report wth th tl ranean dir runt ofeach ansction €.Useraccount adunisation DL Computer og isha show inva ansactons Dis the correct unser. usta ‘AD Amani til of nly he de nd ine of he Wanaction is ot sufi to compensate forthe rik ‘of mpl atti beng perfected bythe same inal 1, Reviow af he mammary financial reports doesnot cempenste for the sxprogation fds es inapreprate activites where a perso fils mull ees. 1. Compater loo ear the acti fii daring tei acest computer sytem data fle and record any abnormal ates, sch the modifeaton of deen of nana data. ALG A system cbveloper taster to he au department to serve aan FT ator When production systems {cto raiewel by thicmpoyt, wich ofthe flowing wil become the MOS significant concer? A. The vrk may be comm a sel ant Audi pints may largely shi tecnica! aspects. ©The amples may not hve slice conta scesment kil D._Thownplayce'sknowedge of busines risk ay be Tite. te the correct answer ‘excl the systems developed by ths employee to wold any conics af interest 1. Becite the mploee ea techn choo ts posse that th sat Findings tn to fee ‘trical mates. However this is pomallycoxtete nthe reves proses ele fcr in ection. (© Beats uiting ine oe fr his employe. hey may not Have aden onl assent skills Howser this canbe aes by en-he-jobtining and snot bea igo a concen s otra ce of eres ._Becase this employee was previously erplye i the onganizatonS IT deparent i possi ‘akan he empayescurent unending of the sos to aes any sap in knoe, ‘ISA Review Questions Answers & Explanations Manal 12° Elen a See Amie[DOMAIN 1~INFORMATION SYSTEM AUDITING PROCESS Qe ats ava Which oth following BEST describes the abjstve of an 1S stor discussing the aut ndings ‘withthe andi? ‘A. Cooaicte sus to the aus BB. Doveloptime ims forthe wplementation of sigested eeomumendtons. C.__Canfr the findings and propose a couse of eotetve action. DL Went componsting contol othe iced isk, ci dastietion: 7A Based on his dicusion, the 1 autor wl finaize te eeport and preset the roport to evant eves fof senio management afi the Findings are conte. Ths srustion sould, however, sso ales ‘imetable for temeiton of thes Fn. 18, Thrdbeuaive fine wanagimet ofthe fing fie midi nd sd on the suacions, Inanuzcren may age to Jeslp an plementation plan Tr the suggested Yeormetsations slong tit th tan is € _Defore communicating the rvsts of an audi te senior management, the I autor sould tivcas the findings withthe suite. The goal of this dseussen ito conirm the ceuracy of the findings and to propose or recommend a course of corrective ato 1. Atthe aft repr stage he IS autor may rcommend various controle to mitigate he tk, bu the rps of te msting 9 alate te ngs of he aut with mansgerent “Which ofthe following esponsibiiies would MOST Hikely compromise the independence of an S autor Sven reviewing the rk management proces? [AL sticiptng he design of the sk management amevork BB Adin on difkrent mplmeratn texhnguss 6. Faciating se awareness ring 1. evdrming ache digonce review of he sk management OCS Ae the corer estat a parepating in the design ofthe sk management framework volves desigeing contra, inhi compreniss the independence ofthe 1 autor to aud the isk management process 18, ising om diac inplomenation ehniqus door ot compromise te IS auditors independence ‘Resse te 18 anitor wil tbe volved the desison-making proces. (C.F anarenees nig dos not ape he IS aude indopeonce because the ander wil tut be olvedin th Joton-making poco 1. Due ilgence rvs area typeof ut generally eae to merger and acqustonsa DOMAIN 1~INFORMATION SYSTEM AUDITING PROCESS — ALA Which ofthe foloning woul be the GREATEST conse if suit bjetve ar nt eblished during the inital ps ofan aud rogan? A. Key keer re noretly eid Contra conte wil exceed pannel budget (C_mpertant busines sk my be vcd 1D. Preis audi areas nay to avery nel te the correct answer: eaten: In eeai cass itnay be mere dificult to dscans kings when incoret tkchole ate “ont fed har dclaying the communication of eit fing, However th as conecenng as ‘inpotant busines sk not Ding ncded in ult cops, 1 Many cers determine the cost of corr: Therefore itis iil state tht ony aut sbjetves €_Widhout an ual scope, the appropriate sk assessment has nt been performed td therefore, ‘he autor might wot audit those area highest ik for the organization. 1. Andhingprviouly ait areas not um efficent use of escurcs: weer hint a ig oF a emeen a key knot bens ee A190, An audior ams analyze aut wis neritic servers sever poe anomie seo system blur Which oh falling ithe MOST sue for performing tht sk? A. Comptersided oftware enginsing tools B.Ed data collection ols C.Trenvarince deci tole 1. Hurst scanning tls athe correct anener. Sustain 1X Computrside software engincering tol re od to ai in oar develop | Embed (anc) at colton roves, sch ssa ctrl aut ecw file yams it eviw Si, sd pide sanphing ult sic bat at coc an act ly. c ection tool lok for snamates in wer orsytem Behav, such a aves vole numbers, 1D. Heuekite setening tol ete ovr senning set indicate possible inst ri ‘ISA Revlon Questa Answers & Explanations Manal 12° Eden aDOMAIN 1-INFORIAATION SYSTEM AUDITING PROCESS. PEPE ere oo Aon “white pertain nit ofa conning spin’ intemal data neprity conto, an 1S witor Mien mor contol deficiency nthe change management software sopporing the accounting pplication. The MOST spprepriats ution fr the I arto thei 'A. Contin tthe weountingapplision sols nd ier he IT manager abot the col ‘Selicioncy ani commend possible soltions 1a, Camplte be ait and ot eer th contol diene ocase ts not par ofthe ai scope © Gontnce wet be acountingapciton contol and ince the defceny inthe Finley 1D. Comal gut asvily unl he contol deficiency esoNe bathe correct ustiiation dente I aio old ot asset te IT munaser wil allow thoweh op a veal motion 10 rao the change mangement conto defen a iis apopeatu Me eansing servis fm ss scot dine a ti 18 Alinough aot tec win th aut sop itis th esponsibility ofthe Sate report ‘ing scone ring an ant at can ream ipacl onthe effcvenes of como, ‘isthe responsbiiy ofthe IS auditor to report on nding that can have a material enpact on the effectivene: of controb-—nhether oro they ace within the cope af the aud. ,ttisnottie role th IS autor to dma tht TF work be empleo Blo peroeming ox completing aman ‘Which ofthe lowing will MOST succflly entity overapying key onl ia Bins application ystems? |A.Reviowing aye fictions hat ae atc complex basins processes 1B Suiting et rnsactions throu an nepate est fc {C.Reploing manu monitoring with a orate ting Slaton Testing const vai that hey are effesve Cte corect ane pee emera highly complex busines proces may have more key cnt than business aren With Ics compenitysboncver, ining, with certainty, recery controls in comple re i ot ys rosie, ia wl thought-out ey coal stucre wasexublished rm he Beginning, Finding any ‘vc in key eto wll no be posible 1 incerated fet fait nant xhniguof tes tho accuracy ofthe processes the appiation {Yat ema il oel Bsnthe aplication str, bt woul be ical Find the rp inbey ates CAs pat the tfort orelizecontinvows audit management thee are cates for introducing {2h tvlomated monitoring and suiting station. Al key contra need be clearly aligned for Systematic imp ementaton; has analyst con discover enncestary er overlapping key cntrle nexisting systems. By vesing emit vat whether thy are eet the IS aor can defy wher here reovelapping cons: weer, the proves of nplmeting automat aia slain would ‘er ntiyoelaning cones i(asd ea DOMAIN 1~INFORMATION SYSTEM AUDITING PROCESS A193 When pestrming skal de 1 aio should FIRST: ‘A. Review the da lsiiation prograns 1B. entity the orgeinaton’s information ssl Cent the intent rk a the ters, Performa cost bone nays far cool Bis the correct answer ostiiaton ‘A Alterthe busiess objectives andthe undling systems are enfe the pote! degre ofr ‘mantaement efor shoud be Foca tw hoe sets cetnmig dat considered os seine {o theorznization. The daa clasicaton program ait the IS ate entifyine these sels The estsep ofthe rk suesment proce tent theses and proces hat spp the busin obietines cane risk these processes Impacts the achieven of basins oak (¢.Ietet sks tieexpsure without easing the cts la anapemont fas aon o it lake The purpose of rik swcnsnen rt dy vulnerable tht mitigating coma can tecsbitod meer, one mat int unerstind th business and ts pt sts fo bat ‘enti systems rung te most rik acer ot D. Desig and inpnentiag centro to mitigate herent ink of ical systems can oly be evfomne afer te shove tps have Bon ihn AL9£ Aer identiying the fing, the IS ui shoul FIRST A. Gain ygrocment on the findings. {C._Infoe seioemanagsment oF the Findings. 1D. Olah remetiion deine to lone the findings, ‘tse core arene. ‘agreement f obtained with the aude, implles the findings wadersond and clear pla of cau be dternincd. 1. Altosgh the outitr my rocomnen mitigation measures the organization imately dss and inplenens the wuiipatonstalegier ae frtion of risk mage, (C._Belor senior management is informed i imperative thatthe atabtor informs he ws and gins ‘greenent on the aut Finding to corres onwmaiate the ik 1. Obtaining remediation dads cls he Findings snot the Fist pin comms the ai ndings “ISA Review Questions Anowers& aplonatlns Manan! Edion eeeDOMAIN INFORMATION SYSTEM AUDITING PROCESS e& oye Aas [A PRIMARY bevefitdesived Foran onanztion emposing cool sefanscssmenttecniges th it ‘A. Cam identify highsisk ores that might ned a die view fer {sins 15 waiters to deren ses ih CGunbe asa a oplacoment fr trata audits alls manogensat 0 regis esponsibility for cool, usta sJesticam acasesmnent (CSA) is preicaed on the review of high-k areas that either ned lmnmedlateatinton or may require a more thorough review ater 1a Cohyute the inelvement of IS wutor and Tine management. Te ters an ition shits coon coud monitoin respons tthe tional rs RCN Stomement or atonal aus CSA int ane fo place tins responses htt enhance hem CSA door mo llow managenet to elingish its exons for conta “Which ofthe following isthe FIRST stp permed eae creating rk ranking fo he ava interna 1S ait plan? ‘AL ritz the ied ik BB Define the au niverse Cet the eicl contol DL Determine teeing approach, tn correct ans. tiation semis te auniers is define the IS wor can pickize kasd on ts over impact ren opcrtonl ares ofthe organ covered wade the at vos, 1h. In uicbavt ait appresch the IS aaditor denies isk othe organization based onthe adare of te bine To plan an ston aut yee, the types of ak mast be ranked To rank Teeifpes ate the nator nut fis detine the suat universe by considering the TT strategle plan, organtonal structure sed authorization mati cc tStots at hep in misting ih isk rene are gory cites cons. and thelr ‘Mteanenen ndesasuance on mgstion fr However hs cannot be dae ules the 75 ffi ae arsed 1b Thevosing appresh is Based onthe rik aking HEEEEEEHEP Eee eee Se Eee Heeb eee eee eee ese ee oon “Grud ion Gesstionn, Answers & Bplonations Mam 12° Gln@x__ ari icon tins ALS7 Which of te folowing MOST Iioy be considered 2 coo neat Foran I air who ie reviewing eybersecanty implementation? |A.Delerng cybersecurity anareness ing BB Design the eybrsecanitycontels C._Advising om the esbosceariy famcvesk DL Conditing he valerbiiyasesament Bis the co-ect answer. estates Ae Dalerngcyhercerity aanenes raining is picaly an operational responsibil, but ts vo rear a strong we confit of ners! the autor designing conta ad then revising th 18, Tramatadtr designs the controls cont of interest aries nthe neutrality ofthe ater to sci defcleaces daring ars Tht Is volaton ofthe ISACA Code of Ethics, Fart therole ofan 1S autor an bet advise ona eybesecurityfamewerk. prove that och 1. Condatng + taleabiliy sent can be the espns of the Santora des nx preset ‘coi of iter. [ALS An IS aioe ented» business proses to be aad. The IS aor should NENT itt: A. Mostwahele formation et Sait resources to be deployed Andis penton oh interviewed Cont abjectines and acts eth correct answer stat: [AD llaets nee to be identi at jt information ast. To deternins the Ky information ass thea the 1S audio shoud fst determine which contel objectives an Key ental ates shoul be validated. Only information sss ta ae Felted the conse bjetives ad hy eta ‘tives are relent for scoping thea .Onlyafer determining which contol ap elated relevant information ast ae 10 be vlad ‘ne I autor decide ont bey 1S wa resources ih the elvan sil cd shoud be {eplged for the ui © Ona determining the hey contol actives o be valuatedcan the 8 autor iy the relevant roces personnel who shoud be itriewed 1. ‘ter te business proces is identifed the 1S autor shoud rst Wen the control objectives ‘nd stv associated wie the business process that should he validated in th “Ged Review Guentona Anower& Explanations Manoa 1° Fan See a ‘Sich A ia eeaL str oRMATION SYSTEM AUDITING PROCESS @s= ‘he efit of which fe flowing ould verity i pling he sap and oetves of an Swat? Apiable tana reauirements ‘Apical corporate andar ‘Arable iby goo pasties Ontanzainal oles and procedurcs ‘Ata correct answer. stati rane fect of applicable statutory requirements must be factored in while pl duaitthe tS cudior has oo options reparding statutory requirements beca Timitavon of spe estating to statutory requirements. 1. Sar rquizmons ays ke priority ver corporate sind, Fe ea rain: help pm an nhac pon aces ue no mantra ca Be {Svat om st onazatonebecies 1. Oneaizatioral plies and process porat, bu statu eure aay take pin. ‘Oanzational iis mas bei lige with staley eqaerens ‘An cxtra Sailor discovers ht systems inthe scope ofthe alt were implement by an escciae,te ‘cha ceunstane, 8 auit management shou [AL Remove the auditor a the engagment Conca the engszement CDyclose the suet the len, 1D. Take tps to rors te IS ator’ indpendence station sarin aint ncesry to withlaw the IS wor als there 8 attr imitation, which ex in 1 Camcing the engagement ror if property discos and accep. {C._Incireumntanses in which the 19 auaior's independence is impaired and the Continues obs maocated with the a the fas surrounding the issue of Independence should De selsed to the appropriate management and in the report, “Thieme asi soluion. The independence ofthe autor atmo be rested while continuing o.com be ui ‘ISA Review Qunaions, Answer & Explanations Manual 12> Eon a eeeAvior Atte ‘ISA Review Goestins, Answers & Explanations Manel 12> Eaton Satna DOMAIN 1~INFORMATION SYSTEM AUDITING PROCESS ‘An 1 altri planing to evaaate the contol design electives th slate a9 aoe ling ‘rocess Which af th allowing tbe MOST efectve apreah for the ator opt? Bo Inguey C_Ropeermance Do Waterongh De the cerrect sneer. ostinato: [An Anitersiw is mt as stony an evince an observation o¢walk-hrohs nation, pecs nil ad some bist inervews they know they ae bel iter eed fo an audi 15. Ingary canbe used to understand he coats pres nl ft ascomaned by veition oF evince Hower, interviewees mish e bas they kno they ar bei lid (C._Repetrance is sed ctlute he operating efletienss ofthe ceo ahr tan the deen oF thecal Do Wal ts zh involve m combination af ingary and ingpetion of evidence wth respect ines process controls. This the most elective bas for evaluation a he design ofthe Which fe ilwing isthe MAIN reason pf rk soso de planing pase of an IS ‘A. Toeasue management’ cancers ae aes To puna reamale assurance mteal tes wil be essed {Coase he audit eam wil perform aus within budget 1. Todo aut program and proces needs to perterm the sit usta [An Management concer hive ro bearing on he sk asses proces, anagem his once and ant the outer to focus oF certain arc, he ator shold ene aust tine is alos toadiren the concern B.A ridcassessment helps fous thea scope ofthe aut, The concept of rea ‘Arie aseren is performed to determine whee to place ine nd poser! resources, while bud constant ae lime one cues. 1D. Asc assessment ot wse nth dovelopenent of he adit program and procedues,Hoeve,the rk sessment i seo allocate rsores 1 tis, Froreyrtrhy-emry‘DOMAI 1-INFORMATION SYSTEM AUDITING PROCESS ser Which ofthe flowing is MOST importa o casa Before cxmmuniaing he wit ndings 1 op magement daring the closing meeting? |A. Risk statement into an explanation of busines pas. BR Fimings are cle tracked back wo vides, C_Recommendators kes oot causes of ings 1D. Remediation plas ae provide by responsible partis Bis the correct answer ustiicaton seein mportnt ihave a well liber risk tatomen; however might ot be relevant ndings teretore, this mast Be verified before (¢._Wrimportant sen the oot ass of Findings, and ity be noi in the ep Hamever, mht ot be relevant ings ate aca 1b. Insame case, ip-management ight expect tse mediation plans during debriefing oF the abn weve th accuracy of finns should be proved is. “The MAIN avantageof an IS ator dct extatng data or a pent eer spt |A. Reduction of nan resourcs needed 10 suport dh ait ‘RL Reduction mc tne to have acces wo the information C.Greaer Mei for the uit department 1. Greater asrane of ta validity sition ero hc Baden an urn resources to ut he ait may docras if he 1 audio dietly ‘tts the dts hse stot sigma the nes dats vali, 1b. Tobillnot noc ede he tine tose sess the aration becase tne will sed 1 te shoeld fr training aed yraning ccs Thea be note lexi forte Sali oat he dts ett to meet varous ait reerenie; weve, tht ol he mala advantage t,t IS auiter executes the data extraction, theres preater assurance th trea lat interfere wth the required ‘eased: Aikig I toextact the data may expoe the risk of fering ot exception ‘Aso he 1S wader ells the data all internal references ‘ISA Review Questions, Anawars 8 Explanations Hanval 12 Eton ‘aon sathshas Renalfay Se DOMAIN 1~INFORMATION SYSTEM AUDITING PROCESS AL-40S An 1 audior wants dtennine the numberof purchase ors that ae nt arora approved Which ‘ofthe following sarepling technics shoulda Sar us o make sucha cancion? A. Adribite BR Varuble C Stoper-20 D grent ustiestion: ‘A> Altrdate sampling ic se to test compliance of ranactons a comtole—in this instance, the cexstence of appropriate approval Var sampling is sed substantive testing stations an dete with popu characteris ‘hat wy. such as monetary values an weighs Cc. Stopors sampling fwd whe Ge pete vocurence aes extremely low, D. dalgnent sampling x not cow bere trees wa sujetive npronh of determining sample ice ‘unl clestion eter of cements ofthe sample, [A106 An audio wes computerised aul technics (CAAT) to let a analyze da Which of the Fallowing true of eidence is MOST fc by ting CARTS? A C.Relernce D.Adeitey Bis he corect answer [A Useftness of aut evidence pled by computerised at icebigues (CATS i determined ‘he aul objectives the woof CAATS des not hive eto an pact on wl ss reabiy 1 Becaste the data are directly collected by dhe 1S suitor, the at figs ca be reported terphasis on the relay of the records ha are rduced and maintained i he stem The rlabiit)of the source of information used provides reassurance onthe generated Rags. . _Releunce of audit evidence pill by CAATS fs determine by thet este othe we oF (CAAT docs have a dict fap inact on telovance a lai, D.__Adequiey fait evidence pula by CAATS is determined by the processor and perl who ster the data, and he ue CAAT dacs ot have any pac! on campers “Ti Review Qoations AnewersBEeplontions Menal 1 Ellon SS anaieeane[DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS. = e& somese= aver atv ‘Animal 1 at faeton is png a gneal Saudit Which te following atv takes ple ‘Ring the FIRST spo the planning pass? [AL Development of am adit rogram BL Detinathe auttscope C._Wenificaton okey vformaton owners DL Developmen of rskassesmen ithe correct ans. tiesto: denne results of de sk ascent are we foto input or heat program, The cau ofthe skasexement els define the sone C__ Arua tmnesnment ast be performed prior t idatfying ey information omer. Key information 1b, irik unsnment shouldbe performed determine ow internal audit resources should Be higeated to cnure that all material ems willbe addressed, “Which ofthe flowing isthe MOST import sil tat an iS autor should develap to understand the Constants conducting an aie? A. Managing sutstaff Allocating resomses Project managonont De Asenton to dei ‘Cte correct ansver Sasitcaion Je Ntamging tsa not the ony aspect of conduting ena ‘2 Dates resomces, such ws ine und personel oe needed fer orl project management sil. C._-Auais often hvolve resource management, dliverables, scheduling and desdins tha are Similar to project management good practices. 1, tctont dui nce but eet a constraint f conducting ss, ‘hatin the MAJOR benefit ofcondting scot easement ovr a traonl audit? ‘Ac detest isk sone. 1B thrploe the htm ait anton Cty the ait ork 1D Heese aul source requirement Jostein: seen Conta sefasessments (CSAs requir employees oases the contra statue of thelr own facto. CSAs hep to insvens the understanding of business isk and internal conta [ovntne they ave conducted more frequently than audits, CSAS help to eat rsk in a tmeber ts. Coane not replace the intr uit inion; a ait mast ile pf to nse Hat unto are poset (Cas may noteduce the su fictions workload an are nota major difrence betwen he ‘0 approach 1. CAN To ot set the nes or aut esourecs. tough te esas of he CSA may ere as @ {Chvence pin forthe a eons, they do moet he ep ode of aut wrk that nets beerfomed _ ‘ISA Review Quwatione,Anewars Eplanatons Marval 12 Eton@==—_ INFORNATION SYSTEM AUDITING PROCESS. [AL-A10 Ant autor ic evowing spojet sk aeesment and notices tht the overall residual risk vel is igh ‘et con dentaitymgeterments. Which the allowing types of sk normally igh due othe amber ‘ot amurized sorte projet may ae?” A. Coto rik B. Compliance isk © Inberen isk DL Resa rik Cis the ceveetamsver, estat: [An Contlris can be igh, bu it isnot da to ctrl content bing identifi eva oS and 9 det he number of wer orbs reese. Compliance risks the peeltyaplied to caren and firs carnngs for aonconrmance fo as a ‘epubtions ar may not be impactel by the nmr of area brine ae aft. G.__Inturent risk ie nrmally high dv tothe nomber of wars and busine areas tat may be lected. thereat rsh ithe risk Level or expocure witht considering the action hat Imamgerent ba taken or might nk, 1. esl rik is the remaining isk ter management ha impleent ik esponse and ie sot onthe aun ues ce hosines ree afte ALLL An IS aaltr discovers pote teri nding. The BEST couse of action is ‘A. reat the potential fading to uses management Biss the pote finding with the ut commis, Cire the ope of the alt, 1. perfrm aditienal sting Dia the correct answer estat [A The tm shoul be confirmed though aston sting bev prt to management FR The tam fenkbe confi uh adil ting blr ti decd wih the commit C._Adtional esting to conte the potential ining shell be win the seope of he engagement. Inorg the spe co eran ore nese suit escurces and could be sj tors cee, 1D, The1S auditor should perform additonal testing to encare that te ining. An ator ean ‘acl lose eed If Is ater dacovered he fading was wot justified wr accerate “GSA Review Questions, Answers & Explanations Manuel Elton SS Sic gebensounn -ORUNTONSYTENAIBTMSROCESS @== at Which ofthe followings inthe BES postion fo approve changss wo the uit char? AL Dosn of drectos BL Ait commie C.Eawcuive mangement DL Distr of mera ait ie the correct anser Jaatieation seep bord of directors doesnot nc to approve the charter tis best presenta tothe ait commuter For apron th. ‘The ma committe fa subgroup ofthe bard of dirctors. The suit department should report te the salt commits and thea te approved by the commit. Cc. Faewutve management it eid to apo he ait charter rd wl mothe the dependence {oanproe the carter The aut commits en the bt positon to approve the charter because is lt anlgpendent nd sive eau. 1b. While hc devtr of merlot ay dr the charter and make changes, the aut commitoe Should hive the nal oprea of the chars. ‘An 1S autor reviewing the process of log monitoring wants to evaluate the organizations mana review sear Which of thefellowing audit techniques woul the aor MOST Iicely employ a his ese! AL nspton 2 Inguey Citing D__Repetormance suscation: aainapeton is jut one component of walk shrug aly is des not supply enough information {optic hllundcstonting ofthe cra pros and det posal emo weaknesses ‘8 lnjy pendent genera infomation ete he ono sec I ds bt pecs ble th [Start dtm wht th soto perth an in-esh uneting fhe can (C_Wallehvough procedures wunly inside a combination of nur, observation, inspection iietovant decnmentaion snd reperformance of controls. A walkthrough ofthe manual, ‘stew proce follows the mane og review proces rom sar to fils gain» thorough linderstaningaf the overall proces nd Kent) potential contrat meaknesss. 1. Raperrmanee ofthe enol W cris ot by the 1 ao an doesnot provide asrance ofthe sompeteey of headsOa DOMAIN ‘INFORMATION SYSTEM AUDITING PROCESS. AL-IL4 An aur is comparing equipment ia prodction with inventory cords This ype oF testing it an ‘exp of A. mibtnive testing B compliance testing Calva esting Don testing the ait period 1. Compliance festing is evidence tering forthe purpse of esting an etre’ compan: with ‘ote procedures This diffe rmm substantive test i wich vance athe to eval the intopity of tdi! tansactons daa reheat C. _-Anlgialertingcmaluts the rltonhip of tu st of ds nd isos inconsisensis the dations, D. Cont eting ithe sae a compince etn Which of te following das lack of dente conto represent? A. Amina B.A vuherabitty ©. Anat bo Atheat Bis the corect answer. Austin: [A ptt isthe mena ofthe consequence (ncang Financia os, reputations damage, ls of stoner confidence) haa thea vet nay hve The bck of adequate controls presents a vulnera ata othe risk of malicious damage, attack oF ‘oan fos, legal penalties or ther loses. C._-Anatset is soneting of ier tangible or intangible value worth potting ncang pple ston, infastuctre ances and teputation, ._Athrat ea potent cate ofan envantd nde. os exponng soniive information and trie acces by hackers, emploce erro, sal a lor af eine ilormation, ‘ISA Review Questions Answers &Eaponatins Manel 1” Eaten See feo stagioneDOMAIN 1-INFORMATION SYSTEM AUDTTNG PROCESS e somo anne [An 1S aut notes diy sc onciton of visitor acces eat avery isa aligned with he Grasniation’s prcedies, Wheh of he following she auditor's BEST course of acon [AL Dono! repactite ack of econetiaon Reseed qui psa inverter cours (C. —Report the lack faa econ. 1 Recommend he pheentaton ofa more seu secs sem, (cee corectansver. Sasa JerRbscne of disrepancy in physical cust only cans absence of ny npact but cannot be a reason {fo oooh fails of perton ofthe conta: The ase shuld be pated bss tb enol was ho followed While the 1S auditor may in some cases eomend change in paced, the primary goal so Dhsrve and rejrt when he caren poco eit The auditor shold report the lac af ily reconiation as am exception, Because a pyle C1 pnt in ce and he practice i ot n compliance vith nanagements mandated set) 1b. Whitohe tS auitor may in some cae ecm a mone sete soto, the primary El 0 hrere an eye! when the caret proces deficient Daring an it te autor teste ppliion developer also porns qi absence ting 08 folie applicaen. Which ofthe allowing the MOST lnporunt couse of atin for he aio” Recommend cpensating coats Revi the cage crete By he dvelopes ‘aly the ality assurance dasoas Reporte Mere condition. Dis the cacreet unser. st et aah compensating cots ny be go ithe primary sgn in ths ae shoal oper thecongio, beans the rk acne wit saul be ep to the wes fhe aa pat luting thecode crete by the aplication developer imo the appropiate sponse in i se. The IS air may eva astm of changes o determine whet he devope eto hier ‘oun code, bi he primary respose soul eto rept he conto, c._‘nlyzng the qo assrance dashboards can el evaluate de acta imate ak of ‘Sarepton of tists Jos no aes the undying risk. The primary response sul bs to ‘port the eomton, 1b, ‘The software teat asurance soe sho(crsh sic [DOMAIN 1-INFORMATION SYSTEM AUOITING PROCESS Acne ‘An maori reviewing risk nd controls fa bans wis transfer syste. To cs ha the bak’ Financial ik ic property ares, he 1 ator wl at ky review whith the Fllowing? A Priviged acco to the wie ranaer sytem B_Wiretrancerproceduree Frat monitoring cons 1 Emmlyee hacker checks usc [Av Privioge accens, suchas administrator ccs, necessary to manage wer acount rvs and shoal ot be grated o end wes The wie tater prover abt contol 0 review ru tha thre srs of deo the ened wrt el prevent aul. Wire rater procedure inctade segregation of dutes control This hp prevent aie shoud review the procedures a hey rat othe wi te. ‘i CC. Frau monitoring ia detective contol and dos ot prevent Francia los Segregation of i reve cortl which yr of he wie rnsfer proces, 1. Atcugh contats rested to ackground chsks ae tnportant the coals lad operation of hairs Torin th ite ane procedures are moe cies AIS autor is deteoining the area sample size fr testing the existence of progam change wos. revious ais id nt date any exception, and management hus cond thal ‘excepto hive or report Fr the review pio. this conten, he IS ator cm apt A. met conidenecoeTicen resting iv nll samp sz. 1B. highe confidence cetficieet,elig in smaller spl is higher confidence coon, tsuki ina lg saps 1. lower confidence coco resting in a lrger sample is, ‘isthe correct anawer control are strong abl the use af B.Abiher confidence coast wil etl nthe use of larger sample sz, © -Ahiner confidence coon need nt beat in this staon Dots ral conl te tong. 1D. Atower confidence cofiient wl resin he wo smaller spe sie ‘ise Revi Goesions Anewers& Explanations Manual 12" Elen 7 etaDOMAIN {INFORMATION SYSTEM AUDITING PROCESS, soem ‘ny does an audit mnage review the staf ait paper, ven when the 1S auton ave many years of expen? [AL Internal ua equireents BL Tho wut guideines Che walt methodology DL Profesional tna isthe correct ansver Justia eater guahiy requirement may exist bt ae soprsede bythe euiement of upevisin 0 py ih pafsionl sapdarls 1a ‘Audl pide ext provide guiance on how wo achieve empiance with poesia andar Jatexample ey may roves te ype of supervision aang of how vcs des re 1obeyerformel to achive compliance with profession snd. cA methalogy isa well-onfiguel poesspacedue to achieve uit objectives, White Beak mohodutoy is meaning ol, saperisn is generally den by compliance with Profesional sandals 1b, Professional sna fom ISACA, The astitue of ateraal Auditors and he Interaatonal Federation of tccountatseguire supervision of aud staf to accomplish aud objectives and ‘ny nth competence, profesional proficiency and dacumentation requirements and more. Which techno wil BEST et Fr he exence of ha cont hon aig the wie ane tes ofa bak? AA, Analysis oftasaction lags BL Reperormance .Otperaton Interviewing pesomel ‘Cite correct asner, annnaalsis of tansacton lags woud sip show that da onl sin place bat does not recess ‘ramos tha hin proces being followed consi. Therefore, observation ithe bei 1. _Alhoughrepcfomance could provide race that dal contol was in ft, reperfamning wie Gf at. taak would ot Be a pion fran IS autor C._Dunlcontel vues that tv people cerry out an operation. The observation technique helps feascertan ner wo inaidaals do get involved in execution ofthe operation ad a ‘lemeat of oversight ext His obvious ane lala s masquerading and ling in the oe sf the Second person. 1b. Imerecning sonnel is usflo determi the eel of awareness and undertuning ofthe ‘oval ering ut the apeations: However, it dos provide diet even oafrming he sens of a contol becuse the tfrmalion provided may nt acral elt the process eng peters rm Tis Review Gosslna Answers & Explanations Maral 12° Elion eee.C= ft i DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS. |A¥122. na sschaod 1S at, where bth nhorent and cont rik ave hee assed a igh an 1 ular ‘would MST Healy compensate forthe seem by peeerming aden: A Stopee go sampling Sonne texting, © Compliance testing 1. _Disenerysarping Bt the correct amsver statin ‘AL Stopoe-go sampling used when a 18 aio elev fe eros wil be found nthe population, ar, the bes typeof esting 0 prfor in his ease. 18. Because both the inherent and contol risk ae high his case, additonal tenting required Subvantive tetingabtann audit evidence on the completene accuracy or existence of Athi or transactons during the avd period. c.Commliance etng i evidone uthering fer he purone of ting am enterprise compliance wit contol procedures Although performing compliance feng is import, performing aden tabsttve texting i more pyres in ti ae, 1D. Discoery sampling a fer of arb sampling tat is sed to determine a speified potty ‘offing tent oe example of an occurrence ata) population tpl a fo et for Trae or cher regulars n this case, una substan testing the Bete gto, A123. The PRIMARY obicctve ofthe at nation meting wit an IS au cio i AA. Disease scope of the uit BB leentfyrescarce requirement the ui Seat the metinolgy ofthe ani D. Cols ait evidence A tethe crret aniwer. Justia ‘AL The primary objective ofthe fiaton mestng with an au int eo help dein the scope of the mai 1B Datemining the resource reuiemnent ofthe 1S sii pcally done by 1S alt manage ring the cary planning phase ofthe projet rahe than at he inate esting. ¢,_Selating he mctdoloy ofthe aud et normally an objet of he nisin sting, 1. Formas ass, collecting aut evideece performed dai he courte of the engage and sno orally ole ring the tition mostng ‘Isa Review Questions, Answers & Explanations Manual 12° Eaton # Senate neearnt vans DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS The PRIMARY pape ofthe 1S unit hate is [AL Establish the onnizatona struct ofthe aut department. B._seas the reporting responses ofthe eat fnstion C_Datutthe resource eurerent node forthe ali function. 1. Outline the espensity and auton of the i uit ition isthe correct answer, ustiieaton: Parga chater doesnot st fh the organizational ruta ofthe 1S st parent. The ‘rer serves ava dete to erate th 1S ant fate. 1b ThetS vk chator oes not ditt the oping eeaitemcns of he 1S anit department. The aaa cht ie purpose eponsniy authority and acount of th information systems ‘nt anton Cc. Revouros ae termined by the at and not tbe eat Ene Teetary perpone of he IS at charters to et forth the perpose, responsibilty, authority we eeeeuntabity of the 1S audit enctio, The charter docement grants authority to the audit flactow on bhai the board af dirctors aud organization stakeholders. Which of he flowing is MOST imperint or an 18 autor to undsstand when auliting an ceommarce |A. Thotochoolgy eect ofthe ecommerce cvionme ‘3 Theis, qrcedues and pacts forming the cool esitonment Tre hetre a reality of the business processes sopprte by he aplication 1 Contunus motoring of cortrl meas fr system svat and rely ste Pee sadng th echoology atcitectre of he eemmereenvronment is mrt however its aa nee and cial ofthe baines proces supported bythe eect pion are ll weston ‘i. ittough te pebsis, proce a practices that fom the infernal ceo vironment need 0 Peet hccommerce envi this xt he mest important lement tht he 1S elie neds t understand CT eLnere application enables the execution of busines transactions. Therefor, it is scene to enderstamd the nature and creat ef the busines proses sported bythe ‘romimerce appa to Menify spel controls to review. 1 Trdumiupia tie ceamamete emionment important, bat this ony ope of he aspects 0 He seen nik rapt to beanes prose hit se spore bythe esommerce appetion "Gani nicans@unedioen Smmened Rigieslieseae [M1126 During an 8 suit, which she BEST meio for an 1S sad crate ths memento of sepregto: of tes within an ET depart Discs wih th angers, Review the job desertion, Resouch past IT a report, vant he organi seactre pnee stint [AL Distssing the implementation of segregation of dues withthe FT managers is the best way to Aetermine how respoibiitesareasined within te Jepartiment. 18. _Jebccsctions may nt be the Best cure of information because they can be outed or Wht is Scant nth jo dessins may be diferent om what tually pefomet C_ Pan Sait report are ot the best cues inkrmaton because ty tay at cea esrb how T reponse re pnd 1 Evaating the oznizatioal sibctare may gine ited view on he allocation of I responses. ‘The wipes ub may have change evr tine AL-I27 A francislinsttuin wth multiple bach fc ha an automate contra shat ies the bane manages tospprove tansactins mors than» certain amon, Whip of ae cota thie? AL Detetve 1B Prenaive Comte D._Dieive esti ‘A Deteive contol dati events afer they hve happened this case the aston of te Branch ‘manager would prevent an vet fm exerting Having a manager approve transactions more than a certain amount i omer c._Neowectve contol serves wo remedy problems discover by deste cons I this an, the scion of tho branch anager x= preventive cont D__Adirtive conta is «manta contl tat ipl corsets of plisyor proce thet species iat aetions are To be peeormed nti ae tere sa on conta prevents event from securing. “GSA Review Questions Answers & iplnaions Manual 12° Faon retave auns can ronan so ATID OSES @== During an application ovate reviow, an 1S itor inte mir weakness ina relevant abuse {tom tha sou of cope fr the aut. The BEST option 1: Ince review f the datbase coma inthe see Bocamont for hers review ‘ork with datas adiistatrs to correct the se. Report the weskieses 25 observed D isthe correct answer. ustieaton: sretaocutng ais ond eviews uli the scope snot vl Tn this ease, the weaknos ientiiod {Pome to ca minor and is sfc wo Fepor te sue ar ares ita ar ne ths cae the neonessHentio x cosine to be amine ssc. The IS aural formally ‘port te weabmsos ats obsrston rar an ocumenang ew hes ig nae it Teen appopeae o the I art work wih database aminsatr correc the su. [say weakest raced shoul be reported, even if autside the Scope of the current ‘iit Weakness ientied during an management A certain anv system deters whether cach persons computer hs the ates signa les und ‘tlle thc intent signe les beer allowing + PC wo comic! othe network, This san example of A. droctine contol 1 covratne cont cementing col. DL dative con. (Bis te correct snow. enc J MDective cons, sich a 1 pics ad procedures, dom apy inthis case because his at tensed cote 18. Concave com ae are designed to correct errr, onislons and unauthorized uses Inurosions, when they are detected. This provides a mechanism (0 detect whet mi have happened snd corset the situation, _Aconpmasig orl wel we th onl ot isto ett te yaa. cas he ‘erotne cn nla wl xiv yot he ym fom acces aan wtb device 1. Data corres tan pet when os, ois ad wate ws ensSeo DOMAIN 1—INFORMATION SYSTEM AUDITING PROCESS. AV-130, Duct wnapected resource costa of the IS audit the at plan, as rigily aprons cant ‘complet, Assuming the uation x communicated inthe aur, ih couse of cin MOST accptble? A. Test tho aquacy ofthe cone design, Tet i operational efectivnes of eonials C.Focat on niin high-k are 1D. Relyon management esi of con (Che tne correct answer Jestiieation: [AD Tsing the adequcy of contol design is mo he best cause of action because this does ot este at ontlsopoateetfestvely ax deed 1, Tesing contol operating effectiveness does notes hatte aa pl is otse on areas of satst isk (G_Redtcing the cope und focasng om auditing high-risk area is the best coarse fast D.Themiance om management fsing of cots dae st prvi am bjstine vein of te ei environment. ALIBI Which ofthe fllowing REST sos the effstveness of contol elated oir saleuation for an accouningsystem? A. Repeformance Proce waletrough © Obsevaton D.Doctmetion review Ae the correct unser Justia: [An To enue the effectiveness of the sme rel s btained fer the perfor Heungst assurance rover wal trough my lp the autor und the contas bier; howe, it muy nat be as sl as conducting eprformance fora sample of tonsa, ©. Obsevation sa valid ait metho wo verify that operators rein he system appropriately homes coding eperformancef Ber metho 1. cimetation een tay be of sme vale for uneatanding th contol environment hoeve, onda rpetormance eter math ‘ISA Review Questions Answers & Explanations Manel 12" Eden e —‘pomasn 1-INFORMATION SYSTEM AUDITING PROCESS, es) ee [Which fhe flowing choices woul be the BEST source of infomation when developing a rish-bsed audit plan? ‘A. Process owners Hoty hey conto BB. System castodis Men suleeraits {C.__Peet autor derstand previous aut ets DL Senior manager oni hoy business proces. atc correct answer. estieation: emt nough proces owners shoul be consi ta identify key contol, seer management saber ‘arc to ety bsnes roceses, which are moe importa. 1b, System castdins ir gool sure to Bete andes the risk and controls 8 they apy w specie ~opicniones henson soso management te see ney sins acess. Which are ‘more importa Cc. ‘Thereview of previous ait ets one ip into he set pemning process; however, if vious tilts focused on inte ora rested scope o ithe Key buses processes have chang andor Tw tases processes ave fateh he his dacs cont othe development a sk thd wit plan 1. Developing» rk-basec aut plan must tart wit the Kentficaton of key business processes, ‘which dstermire and iden the risk that neds to be ares {White ating hind ary TT service provider. an Santor discovered that ces reviews were mot ‘eng poformed as rave by te contract. The 1S autor soak A. Report the fev IP management 1B Dieus the kau withthe service provide. Cerf ark serene. 1 erfrm a acces review ian audi there ars material eses tht at f concer, they need t Be reported to ranagement tthe adit report 1a The Sandor nay duc th se wth the service prove; however he appropriate response > rept the sae TT manapoment because they ae lina espns (¢._This se can sve a am spat fr ature sk assessment, bt de sue of tencemplince shuld be reported to manigernt reps of whether he IS aur tives tha isco sk 1p. ThetS auditor perfor an acces rviw as part he aut oder I thee ar stor, ul rot on Behl othe shina party I service roid Is oe nptat io report thease thea por fo manne ‘ISA Review Quwations,Anewar Eplnaons Manual 72 Eton eee,@== nana enema enemas avn Which of following is the PRIMARY requemen for rertng IS tress? The teport A. repuredsecodiag wa yodeined and sada elt 1B Backed by saicien and appropri at evideoe ©. Comehensven cove Of eneypise processes Reviewed ane spproned yan management. estat [Ar Prpuriin of th 18 aut reer according to a refined apd standard tpt may be ws in tsting ha al Key epets are provide nur strstr, bt this doe at demons at i findings ae based on evidence tat canbe proven, feed. B_ISACA TS aut standards require that reports shoud be backed by suTiint and appropriate ud evidence so thatthe demansrate the appestion ofthe minimum tantara ot &_Theteope and coverage of audit is define by arik assessment proces, which may aot lays ovale compcensve coverage of proce f te eaters 1b. While im an operat stadpint an ouit eport shoul be reviewed and approve by uit managment, the more crea consideration shat all concison are Dacked by suicetend rpepit ait cide [An IS aude psrorming an au of he isk acs prose should FIRST confi ht |A. Resmabl thes he information ase ae efi 1 Tecuial nd organicatonal valerie ve hoo analyzed Css ive been Metfed an ranks 1D. Theslfcts of pote scunty breaches ave Bee etal (Ce correct answer asian [Ar The rats facing each ofthe organisation ass should be analyzed acconding fo thi vale othe crzization Ths oes afer Wetying nd aking sss. 18 Anzing how these weaknesses, nth abnence of ining corros,wil impact the ngaiaion’ nfonaton ests coc ar the sats and weaknesses have bee Hi Cen iiaton and ranking of information assets (data etal, sesitvity, locations of set) il et the tone o cope af how te assess rik in elation tothe organizational vale of te msct. 1. Theslfex of secuity braces dependent on the vale of the assed the tress vulcrabilites nd fcctvenes of mating contol The imgct of an atach agaist a weakness shoul be “oni ao that etl ean be vane determin they oct mitigate the waht “GEA Review Question, Answers & Eplnains Manan 7 Fallon ‘SechabaOMAN 1-INFORMATION SYSTEM AUDITNGPROCESS =o anise at 37 Which ofthe ftlowing rpesonsan example of preventive contol with spect IF personne? ‘A sccvity eur toned the server oom door ‘An irasion etton sytem, Implamenttion a badge ety syste fo th I ay (Afr portion system the Server 00m (Ci the correct ans. Jestieaton: pr A ssuty guar ita deterrent conto 1B. “Anson deveton sytem is elesive contol C._Preventve conto are used 10 reduce the pr vente noautorlaed entry tote ally 1b. fc suppress syle 2 covtetve con ty of am adverse event. A badge entry stem ‘Which ofthe followings an abt ofthe contol seFasesiment approach? AA. Broad tachold involvement 1h Autor a the primary ented anal C.Limitod employee parcipation DL Policy devon Ae the corveetanser sti seth conse se-assensment (CSA) approach emphasizes management of and acountability {er developing nd monitoring the contrals ofan organization's busines proceses. The ttibutes of SA include empowered employees, continuous improvement, extensive employee faricipation an trating all of which are representations of road stakeholder levaleruent. 18. TS ree pemry coms salt a utonal audit ppreach. CSA involves many fooler, at a. (©. Lame empiayepatcpaton ian auibut of wana! aut approach, 1 Poleyven am atribte oa traionl asi appaach “CaRA Review Gunedona, Anewors & Explonations Manual 12° Biltonstam DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS |AV-I38 An IS aulior conducting x review of disaster recovery plang (DRE) a fsncal processing ‘npaicatcndacoered the following, the exiting DRP was comple wo yer cater by systems aa in he oan’ IF paint ing traanetion Mow projection from the operations Sart The DRD was presenta tthe depay hist ence officer (CED) for approval and fora su, but it inet ating stein. The DRP as never oor opt teste octet to key mangement and staf, although interviews show tha each would kn what action oak fore are acarvin! ose “The IS autos report shold recommen ha A. The deraty chief execute oicer (CEO) cena fo fet approve the pln. Atul of se managers is se upto review the exis pln G_ The exiting plant approved and Grete al key maragement and sa 1. Armnagercoites the cron ofa new ove plan within a defined te ln Dee correct aren. [A Cenring the depaty CEO wil nt improve the caren station ans gral at within the scope of 8 ator recommend 1B. Exablishing Bort revi th dtr recovery pln (DRP), which eo years tof es, ay schism pated DRP bt ot ikly be» sendy operation ing he exiting DRP wad be Impeadnt hoot first nearing tat workable (© Theearen BRP ay be mactetable eines and recommending the apeosal of the DRP ny be wi, The Best wy to evelop 2 DRP na shor ins eo make an eperenet manager expose for coordinating the Kacnledge father mangers ino a single oral document within a {str inet b. ‘concer sexta i reectseartent processing volumes to |AL-I39 An aioe Gs tha dsster covery pan (DRE For rica business factions docs no cover all stems: Which of the ellowing isthe MOST appropri course of ction or the 19 sun? |A. Ntrtnanagement and eae th impact of et overing lyse Canc! tad . _Commlee heat ofthe ystems cover bythe existing DRE 1 Posiane the suit ut te systems are ade the DRR ostitentine [AC Aa auditor should uae management aware that some systems are omited fom the disaster ccovery plan (DIP). Am IS auditor should es Impacto not including al systems i the DP 18 Cate the ait an inapyepeinte action, Canon the Fic tha ome sss arent covered woud vit uit tana shat eure repo al serial ins ar am napponnte action, 1. Posfoning the audit isa napropate actin. The tt should be complet acceding the ini scape with inition Yo management ofthe rik of systens ot being covered ‘ISA Reviow Govan, Anewers & Explanations Maal 7 Elon aONAN I-INFORMATION SYSTEM AUDITING PROCESS soo Atta ania {hich ofthe towing is MOST effctive fo monitoring asctonsexceding predetermine theshols? [AL Gencraied at sofware BL An imegrated tt failty Regen ets 1D, Tramactio syshots As the correct answer Sustiaton: seen Cemeraid aut software (GAS) a dats analytic too hat ca be used to er large amounts fda. 1 ntagrt et ilies et the proven ofthe data and canot be set monitor ems (c._Reprasin testsare wel o est new versions of ofan to ensure tht previous changes and Functionality arta inadereiy over odie by the new hangs. 1D. Gather ination tho supe lone sot saiclor. GAS wil st wi an ana of the dat ‘Which ofthe following MOST important ocnsirs hat fective pplication conto ae mio? ‘A. Exception poring BL Mansgor oor Conta eeassesment D. Recreviews| fs the correc answer. Ansicati erettzcentonreporing only loks at errs problems bul wil ot ease cools are sill working 1B Manager oneraight porta! hu yn be a cesistent or well-efned proces compared to nto ser asain C_GSAtwthe reve of busines objectives Callaoratve proces. ticles testing the dese of 1b. Perec let dret involvement of audit pois and management The sucess of contol sel ansosment peed highly on: [AL Line manages assuming poton ofthe esponsibility fr cota mentoring 15 Assigning sta anager, the rxponsiiiy for bung contol (©The mplementtin of wringer onl picy sr rule driven cals 1D. The implementtion of supervision and mandonng of cntos a assigned tes Ate corect aver. ostifcation: aie primary onesie ofa control seasessment (CSA) program i to leverage the lateral tual function by shiing some othe control monring Fesponsbiitis to the functional area Tine manager. The suces of CSA program depends onthe degre to which ine managers sume responsi fr control. Ths cables ne managers detect and respond to contol ors prompt. (CSA routes anager participa in the monitoring of eons The inlemetatin faring contre wil ot nse corel are working certs ‘eer pervs is. sorpenting and dtoctv cont and ay astm enaring contol stones tt would work oat when wed ina ral procs suchas CSA “CaaA Review Gunedons, Anewars & Explanations Maman! 12 Bienieee DOMAIN 1-INFORMATION SYSTEM AUDITING PROCESS AL-IGS Which of he folowing i crated «preventive cont by an 1S aor perforng an aut? A. Tramaetion loge Before and afer image reporting © Table tckaps D.Tracngand apsing (Ce tnecerrect aver estan ‘AL Traartion logs area detective contol and prove nut is 1B Before ad fer nape reporting mike it posse t ce th inet ha transaction hve omuter revo. This rade cont. G_Tablookups are preventive controls input date ae checked agian predefined tables, which Dprevon any undefined data to be entered 10, Trac and tagging wel ot pico systems and contol bt sot a preventive eatin ial AL-tad Which of ne flowing sa PRIMARY obctive of emboking a at mada wile developing elie avliatonsyteme? A. Tocallectevidetoe while transaction are processed 1B. To alice raqurements for erode nena ui (CTo ey and vpot fel! ansctions Toners efficiency ofthe at faction pplication processing «large water evidence during processing andthe primary fo monitor system eabiity 18 Aneniee aut mals eaves the effesivenss of nal suit by ensuring ney aalbility of required ewence.Itmay not edace te equerents fr poi ital aus, butt wil ‘nero thet fficeney Also, the question prune othe development proces fe new aptiation systems, and nt stbsequnt intel ut © Anant made coe da on ramon hat may lp sen lent actions, but it cs ot ent alent tramatons nen Atha increased eicincy may hoan sled heeft fan embed ait role, isnt the inary obccine {ISA Review Qvesilns Anowers& Explanations Monul 1 Ellon[OMAN 1—INFORMATION SYSTIM AUOITING PROCESS. e setae avias 70 An IS ut putin considers implementing coins ag igus fra mbit al enrse fh apis nghavalot of Ky ses, A PRIMARY beef f conn ating ie [AL Effie prevenivecontos are enero. 8 Syrtem inept is nsred (Cres canbe corected in atinelyfshion, D._ Fraud am be deveted more quickly. station: J Coninsus moritoring is dive i at an stele, dove at necessarily ass he I adior Sn menitonng fr preventive control Th approach wil det and monitor for ros that have lccaly outed. In aton, continous monitoring wil Bnet the tral aut fusction Minti ewe taming recurs ond i the nelyrpoting of eros or ncnsnenicn 1, Syncmigey is pill ssoctatod with preventing cont such pt contas ae ality Suarsce reviews Tous conta do ot psy beet stra sting function implementing ‘ontnoows montoring Contstous mtr benet isthe internal abt fneion Because aces the ane of nditg resources C.Contimaots ad wil detect xo but not corres them, Comecting ens the rn of te Sania’ management snd nok the eral audit facto, Caminueus auting berets the Imraan ction Boas it redses the use aang resources to crete a mone el aulting Fonction 1. Continous auting techniques assis the auditing function in redaing the we f auditing ‘euourcestrexgh continues collection of evidence. This appeeachssiss the I audios in Udentityng tau n#tney fashion aad alls the auditors fous on relevant da A 18a wan to determine de effestivesa of managing wer soos lo a server am. Which f the Following the DEST evidence of efetiveness? (Observation of aged event Review ofthe procedure marcel Incrview with ranagement Ineeview with county potsonta Adee correct amawer estat A Oervaton ofthe process to rest am employe’ security access fo he server room and the ‘sequent loging of (hs event provide the best evidence o the adequacy ofthe physical secerty contra. 18 Ahough evieving the proce mana can be oof in ging am vcrall undestnding of 2 proves iis no evidence ofthe effective of te cxcation of contol .c_Altwugh intricwing mangement in hsp in guining an vel understanding proces it ‘Stns evkence othe elfctvenss of th exciton of con 1b. Altos inricing scanty poroanel ean be pl in ging an veal understanding of roves tino evince of i effectiveness ofthe oxeeton oF cen {HBA evew Qumsns, Answers & planaions Manu 12 onene DOMAIN 1~INFORATION SYSTEM AUDITING PROCESS ‘As parof wit punning, an 1S ators designing various dt aidaton tet t fetively detect ‘ranspoiin ar wrserton ero: Which ef the following will BEST hep in detest these eros? AL Range check Bh Vasty check C_Dupleae check DC digi estan [An Range check en only ee tat taf within a predermined range but ann test Vat checks ae generally rogram checking of ta say in accontince with protermined eters _Daphet cock aasisis wed tt dfn ole primary kas fr dp ent key vhs. 1. A chuck digit ira meri value that has heen calculated mathematically td ade to data ‘to eonare that original data have net been altered or that an incorrect, et vali atch hes ‘ceurred. The check digit canta eetive in detecting transposon and transcription errors. ALG The MAIN purpose ofthe samt 1S adit plan A. Allocate esoures frauds, 1B Rede he se of sit rik (C._Develp a waning plan for audios. Minimize the ani cous, ustincatin s resources, 18 Aadivsk ie inheren tal sit and the shales to Bestng ete poe oi isk © Deveeping ning pln for autor i eprint, but notte rain purpoe of an 1 na pla, 'D._Mininting tho audit ese coald be on ofthe bois of annul IS aul plan Homer hi wou bea eral f ening sult resources ae uted elect ‘Which of he flowing would be expect ove the ache A. Chit nani officer C—Aucitstaring commie D.Auitcommtee Dis the o-ect answer. usta: [A Thedbiet Financial fier (CFO) des not pyrove the aut charter at may be responsible for allosting finds in sport ofthe uit chr The CFO nay alo be a pat ofthe audit corte ‘ut nsrng commit but wouldnt apprns te char on hee own B. _Thedhiet cxcetve olfier (CEO) doe ro approve the aut charter The CEO may be ifr bat they ie indepen of the ait commits (C.__Thescrrgconmite woul mo ily be eompred of ores meters for manage hoe spo isto woo nde the Fenowok fh ai charter and ald nt spree ci isl 1D. Oncef the primary function ofthe aut commie is fo create and approve the adit charter ‘ISA Revie Questions Answers & Explanations Manel 12° Eien a 7 Sc ate eetDOMAIN +~iMFORMATION SYSTEM AUDFTING PROCESS 0 Avast Which ofthe followin she PRIMARY purpose of rik-basl uit? High-impact aos are aes i ‘Ault sources ae alcatel cen, Matra arise ares fst “Managtent concer ae priontiz nthe corect ansner. useatio: sanelghnpact does nt necessarily dite high ik. Rsk ko aks st consioraton probability. 18 “Atfough ribbed ut approach does ass locaton of cures, that wa th primary fnctonof asi bnad ait apres CC. Matera isk esudited according the rik rk Concentrate ox high 1. Mangoront concerns ms) at be align with habs eas An auisediaagrocs vit sn a finding. Which ofthe following fhe BEST corse of aton forthe IT stort tke? A. Diss he Finding wih the aude manager. Rete th ental to confirm he ining (CHlevaethoisk soto with the eo 1D. Discs he Findag wih the aude manage se corect ans ‘Ar Discussing the dsugrcement with the auditor's manager i the het course faction becase ‘ther stings cam weaken relationships with the suite and auditor. 18, This ouy mnocesunly expend hams and ine reouoes. The sult manager shoul stern if ontols nod tobe retested (C._Elvting the ig will not sken the spree 1. tesaly esto cons he aut manages prior to escaaing the suc thease’ manag. This ‘ould prove to bean aver action. “CISA Review Questions, Answers & Explanations Manual 1 EatonDOMAIN 2~GOVERKANCE AND MANAGEMENT OF TF DOMAIN 2-GOVERNANCE AND MANAGEMENT OF IT (17) A21—_Orpinizions raring employees o take a mundo vacation each year PRIMARILY want fo ese [AL ade rosrinng exists between Functions am efetive tema contol environment sn pace hy increasing orale © —peailieegulries in processing ar Meni bya terporary replacement DL thersk of possi rors iret tee correct ansver. estietins ‘Ar Covering isa good practic ta fallow ba am be achieved without the euiemen for mandatory vacation 1. Goolemplayse marae and high lees of employs stisfcton ae wert bjstves, bu they ‘howl nt be consdredn meno achieves iste ital contol stem C.__Eimpeyees who perform ciel sed saute fonctions within an ergania ere to ae same tne of t help enn that regulars ad fr 1. _Altwogh rotating employees could contebue to ewer pacesting ero, hi apa vate to sojne x matory vacation policy A242 An IS aultorisveriving IT pois and fs tat some ofthe pois fave nat een approved by ‘management (as requ by pois), bute empeyees strty follow the police. Whit should he IS Sor do FIRST? ‘A. Ignore the absence of managernet appro Because cmplayes fallow the pls. B._Revammend immediate mangement approval ofthe pli, C.__Empnase the importance of approval to manage Report the absense of document approval. De the correct anewer Josten : ‘AL Risa of mangement ppv ic an inportant (nar finding though mo curemy an sue wit elton wo compliance becats the erplyes sr flleing the policy witha appeona, ita bea robert ler imc and soul be esl 1 _Atthongh he I aor wos ikl recomend tthe pois shoul be approved as son posse an may ako rind managerent ofthe ciel ate of this the step repor {his fue tothe eleva takebokes (C.The fis slp eto report the Finding and provide resomnendtions le 1D. The lS audor mus port the finding. Unapproved polices may present x potential ik tothe ization, even if they are beng flowed, Deeause is tecicaty may prevent manageme {om enforcing the pices in some cases and may present legal issue. For example, an ‘mpbyee nas terminated a8 3 resul of vilaing a orzaniaton policy, and Ie was dscovered {SA Review Questions, Answers &Exlaetons Mancal 1 Elon 7 (Sack tpn dere.a _@== ma ana What i the PRIMARY conser for an IS sutor reviewing the prioritization and cornation of I projects and program management? |A. Projets re align withthe rpnizaton’ state. Toni roa towed and migated C._Conttots elated o projet planing and budaeting sr appropri: DL project metic are reported scares ‘Aine correct anew. estieaton: seein prary gal of IF project to ad valu othe busines so they mus e afigned wth the pendes traey tv achieve the intended ess Therefore, the IS auditor shoul ist focus on 1h, Rnadeqate pecs for moitering and mitigating dod poet isk impor ‘Grate alignment help te sacsng ened rk in busines terms ‘c Caaatesoner pujeas within prodein time and bags important however: the cs of sjimunugenat shuld be on aching the deed ostcome othe poject, which is align WA the sins sae. bo leq repre ng of pojet tis ie inptnt Bu ay or may ot lp in proving he stata petpative of post delivers. Ina review of he uma recurs policies and procedures within a cranizin, an 5 aut is MOST ctsened ithe bsenes oF A sermon forpsoli jb oatins Bonen for fri ext irviews (Cerin checklist 1D. rajrment fe new employes to sig a nodislnureaeremen Cis the correct ansver Sasa saree noni vlsbl cont nse coniity of peaions but not the mos serous aman resources oli tk. 1 Holling wen invew i dcsinble when posible to gun feahack bu i ot cris C._Nerminaton sheet ig eral to sovure the logical aud phil security of an enterprise. to Naito te provenig the lose of enterprise property that was issued to the employee, there elit ot enaathortzed access nlctal property thet and even sabotage Dy a dgrunted 1b. Siping rondecosue agement (NDA) is resommenda human esoutess practic, but alck of Sn NDA ite most eis isk sted. CISA Review Questions, Answers & Explanstions Manel 12° Edition(ead Se” DOMAIN 2-GOVERNANCE AND MANAGEMENT OF Ir A2S Which ote fllowing fcers is MOST cia whom etateatng the efetvenss ofan IT governance [AL Ease that asinine obotves ar defn 1 Detomine sasha egrets and invelvement C._Adntty elvan risk and lated oppor 1, Detmninecelevnt enable end thr apes. isthe correct anever ustiiations [A Stakcholdrs noe an thei nvlvement fr the basis or scoping the IT givers inplmentation, Ths willbe sed to dein assurance objectives, 1, The mont eritial actor te considered in auting wn IT governance implementation isto determine stakeholder requirements and invlvement. This dives the suees ofthe project, Basel wn hi he svurance scope an bjeives ae determine. The wlevant sk and ested oppor teenie and driven by the asturanceobstive. __Thetelevant cme and thei pplinbiity forthe IT governs implementation ae considered trees on memset cjotvan AG Which of he fllosing the BEST raion to inplnen poi tht paces condtons on secondary cmployment for employee? A. Toyrevenl the mine of corp sures Tepe confit of interest © To prevent employee performance see D_Tepeent the of ase che corect answer stations [An Thesnsuse of corporat esoures isan sue da est be addres Bt is ot neces ed secondary employment The beat season te implement and enforce a policy grversing secondary emplayment ito prevent confi of interest. Polis shoud e in place to control I employees seeking cor dary employment from releasing seastive lformaton or working for 4 competing ‘lgairation: Cont of ntret can rel in seria isk such a frat theft of ttle propsrty or other imprepsite. 6. _Emplyeeporoemancs can ceranly be an ese an employe ic overworked or ha inisin Sine bu that shoul be Jat with a management Faction and nt the primary reson Wo ave telly on secondary empioynent, 1b. Thetorasets ca prblem but ot neces slated to seondary employment, ‘184 Revi Questions, Avzwars 8 Explanations Manual 12° Fon 7% ‘Senate bceDOMAIN 2-GOVERNANCE AND MANAGEMENT OF Tr sasacree Aus [An 1S autor hasbeen assigned wo eview a organization's information scury poe. Which ofthe fulowing nse spesents he MIGHEST peel vik? ‘The poley has nt been update in more han ane ya “The policy inlues no revision itr. The policy sarod by the scent administrate. “The company toes not ve a nfrmution ser pic erm. ppRe (Cte correct answer. Justia JA Although the nfrmaton security pliy shoul be upd on a regular basis the spi time ‘etiod may vary sus onthe orgniztion,Altbough renewing pies anual vs god practise, The poy may be upted oe equ and sil be relevant an effective. Aw olde policy sl nfs whceae apoleywitau proper approval inal enforceable 18 The lock of rvsion story with respect othe IS policy document ian is bt ota significant ts not having i anproved by managment A new pai, Tor example, may not hae Boe subject ty visions yet C._Thelnformation security pally should have an owner wh has management responsibility for the deveapmneny, review, approval and evabaton ofthe security pole. The pasion of security instratoristypially a stafeleve poston (aot maragemeat and therefore doesn the authority approve the policy In addition, an individual n'a mare independent postion ‘should alse review the policy. Without proper management xppraval, enforcing the be prablemati leading to compliance or security sues 1. Although policy commie dava fom ass th omg go practice and ay hep waite pes polices ou policy an be mon bya single person, andthe ack fw comme in publem by lt ‘When performing a review of business ress enginerng (BPR) eon, which ofthe Following i of PRIMARY conccra? |A. Contos are lirinate 2 pro he stealing BPR ele 1 Resouces are ut dst to apport the BPR procsse CC. The ait department Jos not hive coring role inthe BPR effort. 1. The BPR ofl aelador employees wih limited Enoulege ofthe proces ar, ‘Ante correct answer [ADA primary esk of business process renginering (BPR) Is that controls ae nlnated a part, tthe reengineering effort. This the peiary eaneer The BPR proces can be a resoure-inensive iiatve; however, the moe important ise whether talento re linn waren of the BPR eto Alfough BPR cTors een iotve many dire basins finctions, it isnot sigan concern i ‘itis ot ive and, in ost ease, ie appropriate fr aut wo be nave in acho. 1D. A meommended god practice for BPR it inelode nv rm all prs of the ent, eve ‘hose wi mie Knowle ofthe proces aren. Thorefors this isnot cancerex reer ‘A293 Whenandfing the IT govemance framework and IT risk management ucticsexiing within an orgaivaticn, the 1S alte deli sume wrod responabisrgaring IT mages [Eovemanoe roles. Which ofthe felling reemmentions the MOST appropiate? |A. Revi the stra slignment of withthe besiess . _rplement accountabty ruls within the rgniation. (© mnre that akpendent I ai are conducted perc. 1D. Cree chit noice role nthe onanism estate: ‘Ar Whe the state ligment of FT wih the business impet it s not ety eae vo the gap ‘ented nth cena. BIT bis managed by embedding accountablty Ino the enterprise esponsibilie are ‘etned within the organization, Note that this question asks forthe bet recommendation ne bout the finding Heel. 6 Perfrming more eqn Saat not spl fhe acount es are mat ky fined anemone 1. _Recmmeni theccaon ofa ne sole chi rk ice) sot help the accountability raletare not cle dle sl plemented ALI0 An tSandioe is performing a eview of the software uty management recess inn onbaniation. The FIRST sey shel De A. Verify how de onzanization complies the stands lent and cpt the exiting conta Review the mers fo quai evluaton 1. Regact al standards apt by the organization Sania: [Av Theaultr neds to ow wit stands he organ has dod an ten mess emia wih shoes Detenne how the egal the sand esr to kg wht stn ae The ter tas solve how well str are lowed enti let seca evwng the qty tna rowdy th iit of snd. 8 The ist stp isto ko the stants sel wht pies and procedures ae mandated forthe “orgartaation tho a document the cools and esr compan. (© Themetriycamot he rvewed wt the autor hs copy ofthe sands that esrb o eure themetnes, 1D. Becanse an audit measures compliance withthe standards ofthe organization, the Het step af Ie view ofthe sttmare quay management process should eto determine the evaluation “rteta nthe form of standards adoped by the organzatin. The evaluation of how well the organization follows ther own standard cana be performed antl the 1S auditor has ‘determined what standards exist ‘ISA Review Questions, Anewers & xplnsians Mansel 7 Eaton 7 zene[DOMAIN 2-GOVERNANCE AND MANAGEMENT OF TT ed se ‘A211 An IS aioe found th he eteprie architecture (EA) cently aoe by am organization as a an ‘alums eurettte presentation. Howove, tb organization has art separate pret 10 Jvetop furestte representation The 1 air should Recommend this seatpost bo complet as soon ws posible Report this ise aa nding the aut ep. Resonmendthasoplion othe Zachana ramowork. Resepe te aul tone the sept post ak prof he current ai. Bathe coreet answer ustiiation seni IS air des not only provide input onthe ini of projets, but rhe provides an sensor af the curt enitnmt, The ot tia Bs in his sestaroistha he energie frchtctre (FAs undergoing can so the I ait shold be ost once with reporting this se rtical forthe EA to clade the fare sate because the gap betwen the current tte fan he fature tate will determine IT strategic and tactical plans Ifthe EA dots nt inode a avrestate representation, isnot comple, and this nue shoud be reported aya nding. (¢.Theorganttor let chose any EA rsrowork, abd the 1S auditor shoul not recommend specific Hamowork 1. Changing the spe an ai inch th secondary projets ot eguired although fallow anima be dese. ‘nS wai is evalatng managements rik aston of infomation systems. The IS ar should FIRST review A. Contin place. DL Efecto ofthe ental (Co Mociuntm fr onion he isk D._Thesulvubertites fecting the sss the contol acileant ui the 1S autor knows th ats nik tht he cones ae intend wales, 18. Theefletnone ofthe contol nut he measure in lation tthe isk (bused on assets treats and ‘ulcraiies) at th contos rented aes © Theis stop mat be to detent isk hat sing managed Belors reviewing the mechani of rmonizring rk. 1. Oncef the hey stor 40 e considered while ning the information sem i i the ao the ‘ystems (the ave an he threats and olurabs affecting the asst. The Fk elated the se (nformatn ee sald he evaluated a aati rm the sted control se aeEnEEEnASnEENEL REEae somes DOMAIN 2-COVERNANCE AND MANAGEMENT OF Fr ‘The PRIMARY benefit of an enepriseashitstreintiv is: A. Enable the organization to invest in the most aproptetechocoey Ena scour controle re hnpemented on etic platforms C._Allow development east be more reponse uses rere, . Provide businese units with preser utonomy to sets that tir noe Ae the correct answer. AD The primary fous ofthe enterprise architecture (A) 1 ensure that techno investments are ‘unsheat withthe platform, data and development standards ofthe organist; therefore, the {ol ofthe EA fo bly the orgniaton plement the enol that ost eee Evening at scent eawol re inplemete on epost, ba i ire he ines ‘ofthe FA. The EA nay be err ih he dein arty cnt wee te EA te tomar dt thy sere plemented The primary oe fe EA oc ht tol esses ‘crite wth the pao, dats an econ sandr of th FT xpi. ¢.Wisite EA process may erable developmen east be mor ficient, Bec hey ae esting solutons ballon sna platforms wing sandr programming lngages nd t,he mre ‘ite benefit of te EA Het roe guunce for I ented of al yes, which encompass trct more than soffwce developmen D._Aprimary focus of the EA isto eine anda plete, databases and interfaces Busines wits ‘hat ivest in vechnolgy would nod t select IF solu tht mathe sis nets ae ‘ianallie with MEA of te enterprise There ay be insnces when proposed slam works Teste fora tsiness itu oa al onssent withthe EA ofthe enter, othe would leu aed to compromise to ensue that the apieatn can be sipped by TT, Overall. the EA ‘woul restric the aby of business is in term of the ponent FT yates hat ey ay wish Jnplamc The supe reacts woul not be affected nis cise Which of te following stains sales bys poftware crow agreement? A. Thesystom administrator regis aces 1 softwar to ever om distr B.A werroque a hav software eoade ono replacment had die C.The sender of ustom writen softnare goo ot of busines D._ ATS auditor requires acces software coe writen bythe rpanization. athe corrctanewer Justia [A Aco tsoftware should he manage by an interally managed software Wy, Escrow refers othe Storage of software with thi pty not he inter beanies Proving the wer witha huckup copy of sftware tno escrow. Euro regis hat copy Be Kap with rst che party G.__Asonware escrow sa legal agreement between a sottware vendor snl customer to guarantee acento source code. The apple to the contrac. This agreement is necessary in the even of buns, cere is» contractual dispute wih the castomer or the satware Vendor al to ain an update of te oftware as promised inthe software Heese agreement. 1 Setvare csr set rotet he inlet property of war developed by one oranization and od 0 another panition This usd fe solar being reviewed bya itr of he ‘eznzation that te he sofia {GSA Review Ovens Arewors&Explontions Manual 1 Elon 7 Si epeeDoWAIN 2-COVERNANCE AND MANAGEMENT OF |A2AS An aur sevcws sn organization chit PRIMARILY for ‘Undestanding of the complexity ofthe onpatzatonl strstr. Toventgatng arn cormmuicstion els ‘Understanding th esponsibiies al authority finials Investigating the network cored aileca employes. (Cine correct answer. estifeaton: sare adentandng te complexity of he organizational struct i ot the primary ean to evew a8 anata hart beeuse the hat will ot necessary depict the comple. i ‘Theontztiont char isa bey tol fo an autor wo understand le and esponsbiis and ‘epoving ie at snot wd er exatiing communications chal c_AnUzuhsannst chart provides information about he esposiits and authority of india inv anlar This helps an IS air fo naw if there prope segregation of fentions. Renee gran wil protde informatie sboat he wage of various communication channels nd siinfcat the nection of wer othe neo. A216 Shoriag isk is. ky tri whic ofthe following methods of managing sk? A. Transfering isk Bolen sk Terminating rk DL Treating sk ‘Ate corect answer ustifiaion [AL Transferrng sk (by taking an insurance policy sa way to share ike 1B Tleuting isk many hat tek accept, bt nt shred CC Tenminating sk woul ot wove sharing th isk Boat the organization has chee totems the proces atocated With te Fisk 1. Thorcaresorrf ways of tating or contlling he is, wich may inl edacng oe sharing he ‘ih bt th a as rece an answer as ranting thei, ‘Ateam conducting rk aay chasing iit projecting the ean loos hat could reel Frm ok To evant the peti npc, the tun soul A. Compute he amortization ofthe rte ase, 1B Calenttes ret on investment. C._Apply qualitative approach 1. Spe he ime sede to define the ss amount exsly ‘© ete corset anne destino: 1h Amertizaion stdin 2 pot aed os statment, ot ia comping ott ase. 1B) Ror on iret (RO!) computed who hoe praditaNe savings orev tha can be Compared othe mvesontnedod to alc th evens ‘C. The common practic when iti dificult ealnlate the financial ose iso take 2 quaitaive spproaeh awe the managorafeted bythe risk dines the impact in terms of 2 welghted factor (ogi ons aery low impact othe busines and fe i ery high ep 1. Spemirg thc tence o define exact he ttl mut is erally wrong areas. it hs ban ‘dict csr pote (oss drive fe erosion ope age dso a Bae tc), hsm tly change an he ek wl bea nt elspa easton, ‘CISA Revlew Questions, Anewere & Explanations Manca! 12° Edine — DOMAIN 2-GOVERNANCE AND MANAGEMENT OF Ir ALI Whit revising squlity management stn, th 18 autor sald PRIMARILY focus on collecting vince show ta |AL Quay managernent systems camply with good patos. Continuous espovement gts re ing mentored Stan operating prosedres far uptl nely 1D. Key aerfermnce fenton are define isthe correct answer. ‘AL Genel wood practies are aoe scoring to busines requirements. Therefor, conforming rd practies may or may not bea equ ofthe basins, 18, Comtneous and measurable improvement of quality ts the pslmary requirement to achieve the Dasaess objective for the qual (OMS). CU peeing pret ran the QM, weve, et be ‘mangement and ota annua civ. 1D. Key serfrance inlcalos my be defi in & QMS, bat hey are of lite ve if hy are at Bing montored A219 An IS auditor discovers several based projects wero implemented an not approved bythe ting ‘sommes, What the GREATEST concer for he IS sult? [AL The IT depres projet will tbe aequatly ine. |B Ipc are not lleting the pte development fe eye pcos 1D. The IT degarenen muy net be warking over 2 commos gel Dethe correct mer. Insite: Av ana for the projets maybe adeno trough various bags an my ot esting samrtie approval The primary coneem would he ensure tha the project making toward ‘moet the gods of the company 18 Altwughreguiting ering commie approval may be part of the psa delat ie ye proces the preter concem would be whether te projet are working var he corporat oss ‘Wid sering commatos approval, wal he dca to dtemine whathr these jets re falloving the diction ofthe corporat als (© Altnip eving fom approval proces is important he retest cancer would Be ir the stern commit to roid corpat ction forthe projec 1D, Thestering commits provider direction and contol aver projets [srmiking appropriate vestments Wihoat approval, the projet may or may foward the company's goals ‘Giga Review Ovation, Answers & planation Manual 7° aon 7 w ‘Sten ate tne‘DOMAIN 2-GOVERNANCE AND MANAGEMENT OF TF Qn ana0 ana Value delivery fl I oe busines is MOST eactivlyashived by Aligning the FT stacey with he etre step nbeaing scum nthe cetorpse roading pose return on inestment Exablsng an erprisewide sk managment proces pose Ate corret ans, Sustcation ett value delvry to the business driven by aligning IT withthe enterprise's strategy- BBL Eneingaccuntabity in he elerprise promotes risk management (another elemento rps igmermncs) {Sie etm on enon cpt fe he only estsion by which he ae oF sass 1D. Frrpienide sk management cial IT governance: however, by isl wil ot pastes that delves lew the buses: unless the TT sate is lgned wih te ene state. During easily sty regnningousoureing IT procsing the eevanee forthe IS aor f reviewing the vendors busines cotnity plan |A. Evalue the adequacy of th sevice lvls ht the vende can provide in contingency 15. Evahate the ficial say ofthe service Buea ad is abit ail the contact. Review the epaence of he vendors sta Teste sins casinity plan Ale te correct answer ustiicaions in ky actor ina succesfal outsourcing environment ithe capability of the vendor fo Face 2 ‘ontngency ant contine 1 support the rganiration’ proces requirements. 18, Funct sb snot rate tothe vendors snes continu plan (BCP). (C_Enpuricnce of enor sa ot elt othe vendors BCP 1D. Therevow of te vendors BCP during a esibiliy sty i nota way to tet he vend BCE An 1 aio is vahuating newly develope IF pliy for an organization. Which fhe flowing firs dos the IS aul conser MOST mptant ofa compliance wilh th pole wpa is ‘mplemention? |A. Exiting mshi ean compliance 1B Alignment of te polie tothe Busnes stegy CGusteotand Rete tecnoogy iniatves 1. Repulaory complianos objetves defined ia the pli Afr the coeract answer Jy with policy when its implemented The most Jmportantconaeraion when evaluating the new policy shoud be the exsting mechanisms in place tha nate the orginration nd Hs employees to comply with dhe pole. 18 Paces shoul elena with th ser at bo this des maf an onnization ability ‘comply mth he policy upon plementation, (Caveat and tre ecole natives shuld be ven byt eds the busines and woul fect an gain bys orp with be pi 1 Regulatory compliance objectives may be defined in the IT ply, bat hat would not faite fomplnce wih he policy. Defining objectives would only Fest in he organization knowing the ‘ie tte al would not ai in achieving comple SS SSsoe DOMAIN 2~GOVERNANCE AND MANAGEMENT OF fF [A223 The MOST likely efecto the ck of senior management commie to sag planing A. Lackofimestment in echology Lasko methndcogy for systems develope C.Tectnlogy nt aligning with organization objectives Di Abence of contol we ocaclgy contacts Cie the errect answer. estate: [AD Lackaf management commitment wl sot certsny ast investiture wl be the ck of alignment of tategy withthe sate of the basins. 1 _ Systems development methoolgy ia proceed artim and nota ey concer of mangement fea The almenc of an information tech Senier managers san indication of lack of top-level management commitment, This coniion Increment isk hat IT aligned with rgantraton strate. 1. Apporal for contacts sa business process and would be cnt rough Fnac process enka This snot apical re A224 Which oft ftloning in faction of an IT serng commits? A. Manoring vendorcenlled change conta an teting 1 Enaring a seperation of dts within th information’ procsting environ C_Appoing and monitoring the tras of plas st tages 1D. htacn he deparimon an nd ere Cee correct answer estan: ‘AL Verb hanes conti! isa suring ise and shuld te moriterd y IT management BL _nrng separation of dies within te informations prcesing come T minagemeatesponcbi, C._The string commitiee typically serves asa general review board for major IT project and shoud net became involved in rouine operations; therefore, on ois funclns Ito sppnove ‘nd monitor major projets, uch sth status of I plans aad budgets 1D. Laisa Betucen the I dpariment and ond srs sa fntion oh nid patis and wk a emits responsibly ‘35d Revow Guetony, Answers & Explanations Macal 7 Elon e aaa‘DOMAIN 2-GOVERNANCE AND MANAGEMENT OF IT @3saz=" 238 An I aio is penforning a review of an onganzation’s goverance made. Which ofthe allowing houkt Gof MOST concern the sur? |A. The information scary obey is ot priodically eviews ty senior mage RL Arpliy emuring ystems ae paced ely manner dos ot exist, (C_Theanat comme hd tele the eganizaons ison sateen. 1. Aneeganizatonl policy rll nfrmaton ase prteton docs ot exist ‘sete correct ams. Jestiicaton esata security peices shouldbe relewediefrshed once every year a rullect changes ln the erganizaor's environment. Pais are fundamental to the argazation’s governance Struct, amd herfore, thi sth greatest concern. 1B. While se concern that here ino plicyrelted to ysom patching, to greater conse i that he information sey policy i not reviewed parila byseioe management (C. _ Minion statements tend tb longa besa hey eat mature and ae otblished by Theta of distor and management The nt tho 1S autor gestest concer because poner fzmernance overt coud ao meting he egectve ofthe erations sion saeme. 1p, Whit iis. concer that hee ino psiy elated to he pectin of infomation ase, the greater ‘concer is that he seca policy Mt reviened penal by Senior management bec 1p Icvl suport: arena to nformtion seo eerance Involvement of senior maragercat is MOST important in the development of A. Stage plus Ar polces. Ar procadies Standards and guidelines. Ao Seat pl ing that the enterprise mets is pols and objectives. Tnvolvement ofseniormanagereat cial te ensuring thatthe plan adequately addresses the cctebinhed gods and objectives, 1k. Tr polices areata snl eforad by IT management and information secs They aestactred to support the overall sat plan (¢,_Trprovstes ve deveope to support I plc, Seno managemet not ivelved in the lopment prcelures 1 Stindrds and piotines are develope to suppet TT polices, Senior management snot involved in the dovelopnen of tas, taselins and gues,(ad DOMAIN 2~GOVERNANCE AND MANAGEMENT OF FT A227 Efetive 1” governanee ensures hat te FT plas consistent wth the nganzaton’s A. Basie pla, B. Aad pon. © Secuty pln DL veament plan Ae the correct answer estes ‘Av Tower IF efcctvely, 1 and business should be moving inthe same drecton, equi the I pans ae algned with an organization’ bine plans, 8, Thespian fmt prt ofthe tpn Thesecunty plans nora espnsiliy of ara dns aot net he onsstnt withthe LF phn 1D. The vest an ot ato the an. (A228 Establishing he level of acepablerik the responsibilty of ‘A. Qualty assurance management BL Sen businces mangement. The duet infornatin ffir D. The diet eccrty offer. Bi the corest answer Justia [A Qual assurance (QA) is concerned wth eit an conse of pracees The QA team is ots fr determining an acceptable nk eel 1 Senlor management should estsbsh the acceptable rs level because they have the timate ‘rial responsibility forthe effective and ellient operation ofthe arganirtion a a sear ge ofthe busines proces. The person cam be the QA. ee infrmaten officer (C10), oF the eer security ofcer (C80), bat the responsibilty ress with the business manage. C.Theetbliinent of acetal rk lees sa en basins anugsnent esl The C10 isthe mos er ficial f the epi who isascumable oT ara; lng TT an ses st tna pam. sourcing and managing the ner oT serves rai a he element cf ‘soci human scr The C1 hth Fos da steiner ees es this eu a confit fers ules th CIO i hemor bins rcs oe. 1D. The establishment of acceptable rik eee a soto sins management responsibil The 50 responsible forenforeina the dessin th senior managment team less the CIO she anise proces manager ‘isa Revlon Guests Anewers&Expaations Manal 1 Bally oo‘DOMAIN 2~GOVERNANCE AND NANAGEMENT OFT (easy cet | ane ana 1 governance is PRIMARILY the esponsibility of te: A, hie exceuive oes | Boa of ares. C._TPscering comet. De lit commits Iie te correct amen | AT hit excuive ier is instrumental in implementing IT govermane cong tothe dictions ofthe boar of crestor. responsibilty of the executives and shareold (as represented The sexing smmitce movitors and fcates deployment of TF recurs Frspecife post “in support of besness plans The scoring erie ufc governance om bal ts Board 1. Theat comnitee reps tothe hoa of tetoes a exces oversnce te abl The nit commie shoul mentor the plementation fsa recommendations. From contol prspestve, the hey element in job deers is at he |A. Provide instructions on ow od the jo addin authori. BL Arceuren, doaunentd and readily wall othe empl. Communicate anayemen's specie job performance expectations DL Eatablish respornilty and scountabliy forthe epee ations, Dis the corret answer estan: ae Pvsing intrusions on How odo the jb and String autor address the managerial sn rocodurl agp of he ob an ea management respon. tb dsritns, which ae arn ‘voces (HRs foncuon af pei ws wo establish ob equvemens ad account 1 [eisportint at ob dweripions are arent documenta and ray sele the employe, bat this, nl othe ey leet ofthe job description, Jb dexerptions, whch ae an HR-reltt Fancion, re priatly eso to estas ob requements and accourtaii (6. Conmuniatonof managemen’s spe oxpcttons for jb performance woud nat neexsaiy be ‘nce i job descritins 1b, From s controlperspective, ajo deseripon should establish responsibilty and accountabit, “This asf ensuring hat wsers are ven sytem access in accordance with thee defaed job ilies and sre accountable fr hw they ave that acces. “Seamsgaliinas Wciaas suaisaback MaGRaaaaeines Dalen,(rsd ce ‘DOMAIN 2—COVERNANCE AND MANAGEMENT OFT A231 Which of te following BEST provides asarance ofthe inept of ew sa?! A. Background stening Bh Releences ©. Boncng Qual feats te on a ese A ete correct answer. ostiiation:| ‘AP Abackground screening isthe primary method for asurig the ttegrity af «prospective tat vers Heense abstract, nancial its chest, verification of eda References oe imporaht a would ecto be veri bat they ar ol reliable as backgroud ¢, Bonding i ireced at de gence complane aldo ot ensure itr 1. Qualfeations lec a sunt way be wae to deena proficiency ba il nt nds he inet ofthe cana employes A232 When an employee i torminate from serie, the MOST int action 1A. hanover ofthe empleo files to another designated mpiove. BB. _camjlte a backup ofthe employes nk Cot ker employers of the terination 1. iste the employee loi! ese [AT Alle wor of he terminated employes sed toe Band or to designate employes; have, ‘his isnot rial a removing ermine employe soso B, _Allde work ofthe terminated ployee raed tobe Backed up, bt he snot as cries removing terminated employe aces €. Theumployect nel to Bento the ferminaion, but hs cnt asc as removing terminated empl acces 1b. Thereis «probability that » terminated employee may misuse aecee rights; therefore dabling ‘he terminated employee logical aces i the most important and immediate atin fo tke. “GgA Review Questions Answers & Explnatons Manual 12° Eaon SS bg rly e‘DOMAIN 2~GOVERNANCE AND MANAGEMENT OFF ans ao ‘Absinth sete now setting application and di ot const with FT cal inthe selection process Te PRIMARY risk is that ‘A. ‘The secur coos ofthe aplication may’ not mest euler. 1A. The application may not meat The iene othe sins ser C__Theappeaton chology may beinconssent with be cern viet 1. The application may cate uranic super ses fort beth correct ans. station: pre ough security onto sould be a regrement fo any application the primary foes of he ‘Sferpaac accrue (A iso cma that ne appistons ae comin with eserpie standard ‘Sito cur fund caper chang ty bo mor ncn hie bencficofthe Ea When selecting en aplication, the business equmens and he suiblty of he application fr the Tremvironmert mest be considered If th since mit sleted tht aplcaton without IF Ttvacment thy are mors lily Yo chose olan tha Fis ther uses proces the Bost with Teas euphass o how compute and wpertabethesluon willbe ia the eerie and hiss mo technology investments ae consistent with the platform, dts and development standards ofthe IT organetion, The PA defines bath it coreat and fire sate areas sch as the ws f standard platforms, databases or programming huge. Ifa basics wi selected an aplication using dtabase oF ope Fate that it part othe BA forthe busines, ths increases he cast an complet ofthe {olution sl wiately delivers les vale tothe business. 1 Alhough ny new aoftvare implementation may ereate suppor sss, the primary benefit of the A is erring fate IT sation diver ae the abies. Deceased supprt css may fea benef of te FA, bt the ck of ivavemen i his ease would not faethe suppet rerents Many oremiatons cage an employe lo takes manatry vacation (ody) ofa werk oF more to Fens that the employs maintain «good ity of lif, which wil ado grater producsiviy, Redes tb oper for ar employee econ an improper rg act roi prope ou unig for another erplays. lire te ptt drugtion cased when tm employe kes yes oe ya time Bis the correct answer Sustain: ee Nintaning a 04 gusty fie is important, Bethe primary reason ox 8 mana vacations 6 fate aud or eros 18. Required vacalonshaiday of week oF more induration in which someone other than the ‘elar employee perform the jb function of the employee on vacation ir ofen mandatory for sense pesitons bess this eden the oppertaniy to commit improper oF Hlgal ae Daring ths ne of may be povslbletodacover any fraudulent activity that was taking place. (C._Providing eos aining isan portant management fancion, bt he primary ean for manors ‘eatin fo cet rad ctoes 1. Enforcing daa acaons mathe ken wedk ata time is a mmagment dein bt not Flue to. mardaory vacation poly The pray reason fo mandatory vacations to date radA236 {SA Review Ovetions Anewers & Explanations Mawel 12 Elon teak enpae meres sone DOMAIN 2~GOVERNANCE AND MANAGEMENT OF A cal ara network (LAN) administrator normaly reste fom A. avin ender esponsities 1B reporting to the en ser manager borg progam espns. D. being responsible ee LAN recaity adnan, A” Altwgh not ia, foal are network (LAN) administer may have nde esponiies, 15 The “AN dminsator may report the decor theft processing fact Pa, ecetalized operation othe on-se manager, GALAN administrator should not have programming esponsibliesDeeaese that could regrams without peeper separation of dates, but the LAN .__Insnaleranizations, the LAN admins may lo be responsible for ecu aminsrain ner STAN, A Sessonsappoet eye ewe to help igh evel marge AL Sole highly stctred problems Comin hese of devon mode with predetermined xt CMake deisons ase en dts saa terete mods 1D. Soprot only srt dcisen-msking aks Cte carrot anne asian ‘AL don support syst (DSS) is simed at solving ese structured problems. BL ADS combines the we of mod and analyte cehngues with rdtona di css and eval atc bu st ite by preteen, CASS emphases flexibility inthe decison making approach of ma o rari and the we of iteractive made not xed rts. [NDE rapport sense descr tskDOMAIN 2-GOVERNANCE AND MANAGEMENT OF waar au ‘ering an audi, the Iai discovers thatthe aman sours (HR) deparment wes loubased Girton to manage amployee ends. The HR dearenent engaged ia uconrat ous of the norma {rior rnanagement process and manages th ppt on is ow, Which ofthe following i of [GREATEST concer [AL Maximum sccepabledawtime mass hake not en define in he contact 1B Theil depart doesnt manage the relationship wih the cloul vendor. C._The helpdesk al enters owen county, with ferent evacy requiremens, 1D. Onanizationdeied secu plc tent applied ote coud pation 1 ete correct answer. Sustiiaton {lay however man rosures (HR) sppcaos ar usally ot mission crcl ad “hrfoe: main tevsptbl aie i ot the mot gnu concen i thi cera 1, The veponstiiy for managing the rlatonshp witha hed pasty sald be sig oa designated invidual or serice magenta however, te wt esentutl or tea els toh TP depart C.Anorgaicatondeinsd ssuity ply crs tht helpdesk personnel donot have acest foncrnel data ind hs is covered war the suit ply. The more rales tha the plication compli withthe secty pic. . Cloud applicathns should adhere tothe organtzaton-dfined security polices to ensue that ‘the dat nthe lou are protected in 8 manner consistent with internal app Include, but ar ot ied to, the password py, ser aecess management poley and data ‘lasaeation ply efore implementing sn FT balanced scoreat a ogaizaton mus [A Delver fective an icin services. 5. Define key prfemance index C._Proie busines value tT pres D. Contol IT expenses. Sstieation: eA balancel scorscand (BSC) i meta of speciVng and measuring he atainment of stategic Feels wll ease te diver of elstine a lien series, bat organization may nt Fave those in lice porto sing a BSC 1B, Mecaime s BSC is aay to measure performance, # deflation of key performance indeators esque efor inplementng an IT BSC. 'ATBSC will mes the value of Tt busines, nor he the way around DA BSE will mesure te performance of, bu th enol over TF expses nota Ley rogurenent ‘or implementing BSCGs sez" DOMAIN 2~COVERNANCE AND MANAGEMENT OF A239 Tosepprtanoepaizaton’s gous an dare shuld hae A lov-cat philosophy Teng: and shores pans. Lead mpeg tcncony, D. Plans to aire new hardware and sft Justina: [Xv Aow-costpiloophy is onc abjoctv, but mor important is the cost-benefit a the elton of 1 inverment costo busine sty © Lent ge tecnalogy ran objective, ut plans woud be nese onset tose plans ce ligne with organizational gels. 1D Plnstn aegire ew Rae and sftare coud expat ft overall plan bt wud erg only hana or oftware nadod tv ache the ogancatonl gol |A2-40—_inreviowin the she range et) plan an IS ator shoul determine whether, A. Ther ian integration of Fan busines personne within projets BL There fea cleardsfintion ofthe FT msson an isin, CA statgi efomutontclogy planning cocci pce 1D. Theslancerlates bina abjesties oI gol and objectives, [Av The mtegration of and business personnel in projets it an operational sue and shoud be oidered while reviewing the short-range plan rae plan provides 4 framework for the Mrstortrange pl 1B. A clea definition a the FT mission and vision wel be ove by aati plan CA etgie information ecology planing scorecard would he cone by a stati plan 1. Buss abjecties coving to goals sl jcives would He covered hy a siti pl A241 Which ofthe following des a depart uot const the MOST relevant wo shorerm pling or an A. Allocating resources B. _Adaping Fe changing ecologies Conlin contd selPansesmens 1. _Esahatngherdvare needs Als the corest answer. estan: A Thell dep ly consider the manner In which resources are allocated in the sources are being managed 1 Invenmenis IF noe ob algned with op management Hatgis rhs han be leant o shor term slaming an foci o technology fir tehnalogy' sake. © Condating entra lf assesment ot erie allocating sors daring shor erm flaring forthe I dearer 1 Esaluating hantare nocd aa rial along tors ring shots planing Fer the HW gewrment ‘GEA Review Questions Anower & Eiplraons Manual 2° Edilon psig poate caerans ‘DOMAIN 2~GOVERNANCE AND MANAGEMENT OFT _ (ess Which ofthe ftlowing goals do you expect ind in an organizations sae pa? AL Rents of new afar testing 1B. -Anovlaaton information ebnolegy neds (C_Shorticrm projet plan for anew’ planning system 1D. Approved supplies for products offered by the company D isthe correct answer. pratt ofa newaceouningpskags ia tactical or shorter goal and would tb nud in strap plan 1H Ancralunton ofiafcmation echnolgy neds isu way 10 mens performance, bat not x gal be (c_Shurcin jee plans post rtd and ina method ofmplemcting a goal ba nat be goa in st The gal moll behave Sete ret magnet the mw yt show facie ht pa 1b. Approved spp of choice forthe produc irae bnins bjetve tat intended to focus {he ovcal dress of the basins and hi part o he organizations strate plan Wich ofthe folowing dos a IS ate consiar to he MOST important when eating an nanan’ TT stg? Thai |A. Was approved by ine manag. Bows nt sary fn the deren pecimiary Bade C.__Conpie ith procurement proaies 1. Sanpors he basras objcthes of he pnt, estiteaton: JN attic plan 3soe management responsibility aed would esveepat fom Fine managers but won ot Be approved by them. ‘The baget shuld nt vry from the pi {C.__Procuement pecs ate gaia controls, bit nots part of ati planing 1D. Strategic planing st corporat o department objectives nto mation, Both long term term srgie plans should be consent withthe organization's breadr plans and Insnssobjectnes for atasing these geal eeeexter DOMAIN 2~GOVERNANCE AND MANAGEMENT OF Tr = 12-44 Anorgnaton a oat wh vend or tnkey lian ri hon el etn ‘poe (1), The vendre epecarysyeaon efter wp of eto The ln sl eq i A Atanup sre ial tran ETCS operon wih pede dt 1 Atmupsorver ised will eon stare laa © Theo salt te opt ee eal yee Staten oft ETCS scan ele esate: vn nha eve with coo sirloin aby of teen cole tines ole C._Fintg wt ng ciel uot as tc a esr wait of ese code D, Whearer prop appctensatrre is prcasel. the conan vl rove or lead veo apenmen Threat eset oerony tome slates ‘248 When eviving th sty, an San can EST ase whether te tatey spec he Cries pects by demi wheter A. tse pesoerel nd apna iss BS penerecaies vneepeerrosy ©. Ussiscqipmen an psa! enya eine DMs re soety end gig eins Dis the covet steer. Aesienten: sen pmoral nd appt iu inert ment nh gy a wit tru tte Toney Spor bu secs 1h Thevaly way know if Ttesoy il wet bestest tects io determin th pl ie wth manage stay an that tla plage bs pos © thm epmen at pet ein metic ian eee neal desing theppermnegenet hin ut oso ns tt he rg ied ah bem ene 1 Tove often ecco sponds sanging dct is impor how fit inet nina Ganges nt cla way cane tal aed th nm a {Sa Rev Ovens Aawars 8 ills Waal Ein 3DOMAIN 2—GOVERNANCE AND MANAGENENT OF IF os ane ae ‘An Sauitr of larg: organization x evewing the roles and resprsiities ofthe function an finds ‘eens srsng maple rolex Which one of the lowing combinations of rks shal be of ‘GREATEST concer forthe 18 auto? Neomork mints are sponsible Fr quality assurance Syaom admnisatre are appiaton programmes. Fd aor re eer admins fret pains. Syston anaatsare database adminis pare estneaton: realy network amines shouldnt be responsible for quality aserance beau hey col pprove teow work Hoey nn sp stow a the emotion of rate adit tnd apration rogram which woul allow near united buss of rive. 18, Whe tndiiduas serve lip roles, this represents a separaton-f-dties problem with {oviatedvsk Sytem administrator should not be application programmer dust the ‘Trovit rights ofboth functions A person with both system an programming rights can ost anything en 2 tem cling reating 4 back dor. The ether combinations of roles, fre valid fom separatdon of dues perspective. c. _Tnsome dbl emronment epi wth rl stig eves, so may aso manog> se DL While datas edminutatr a ery privileged postion i would nat et oa wth th ole of systems aay ‘Which of the flowing i the GREY anf aytems? risk ofan inadequate poiy dfn for ownership of data [AL User manag condiation doc ot exist. ‘BL Specific user acomtaly canna be esis, {Contra ws may have acu od da Audit esommerdaons may nt be implemsred estieation: rete retest rishi rom unauthorized wr Being ble to mos dat, User management important bt the greats ik 1. User accounabiy i rportan ut ol as ret a ick athe actions of unsuberized ser ‘Without «poy defining who has the responsibility for granting acco to specifi rytems, ‘here van increased risk that individuals can gain (e len) stem access when they shold ave authoricaton. Tho ability of unsuthorie users o modi) data yeeter than the sk tt authored wer acounts nat beng controled properly. ‘Theta to implement suit esmmnendstons management problem but not eis a the bly of arautorized ass making micatnsoad seem ‘DOMAIN 2-GOVERNANCE AND MANAGEMENT OF IF 2-48 An IS audi department i planing o minimize the i of thom employes. Active contig to ths cjecigae documented procedures, Knowledge sharing, rosin ne A. Stcrsion planning BL Stato evaluation © Responses atin 1D. Empbyecavand pregrans Ate the correct answer planning cares tat internal pertoncl with dhe pote fil ey potions in he are Mentiied and developed. 1B, boaluaton th proce: f determining te wort of one job in elation t that ofthe eter jobs in ©, Selfresponsibities definitions provid for well-defined oles std responsibilities; howeve, they do not inimize dependensy on key invite 1. Empl award pograns provide motaton: hve, they do nat mininze dependency on 2-49 There of change in cenoloy increases the importance of ‘A. Outourcing the I fein. 1. _mplerenting nd enfin sound process, Hig quad personel Di Mester egret isthe correct answer estan [An Ontoarsing the IT fanstion is absines deison ant dst elated othe ate often thangs, nor doc the ae of change increase the portance of euseurcing 1B. Change contra reires tht goed change management presenter be mplraeted and enferced. (© ersomel na typeI department on olen be tine ne ecologies to ect oartonal request 1 Altagh msting eer roqirement portant tot dcty relied 4 the ae of techno shane mth IT stsioamet “ISA Review Question, Answers & xplonetions Manca EMen A Ren GatoDOMAIN 2-GOVERNANCE AND MANAGEMENT OF Ir oer a0 ars ‘An aor Finds th ot al rpyers ae aa ofthe eee invasion security pole. The 1S ‘utr shold covet that |A. This tack of novledge ny lal Wo anton dss of sain infomaen, 1B fnformation seit nx crea wal factions, Csautit should poride security taining othe employees 1D. ‘The ait Finding wil cause nanagomentoprvide coninuus taining ts Aste correct answer Iustifiation: ‘Ar Ail employees sould be aware ofthe enterprise's lnformation security policy to prevent tninteetona dielosure of sense Information Trainig ia preventive control Security 1 _Infemation acre i everybody's uss andl staf shoud etn in how ohana infomation corey. (C.Provding cco amare tsining nota wt Fntion 1D Manageront may apres too jt aut ining. The IS aur camo beau hat Framapeen wl act pon an abt finding ule ty ar aware Hs pac eres the uor trust fort the ak sociated with kof scanty aware “Which ofthe flowing is espomsible forthe approval fan infrmaton secu poi? AL ET department 1 Security commitee CSseuityadminstar D. Bow of directo usta see depaimert is eipnsite ore eccton fhe py, tng no aor in aig the pis. Th. Thesceunty coms alba Fncons within the road secur poy fame by he sed of irstrs ‘c.Thesecritysinitator esponabl or implementing, monitoring a enering he scurty ules that manog>ment i established and authori 1b. Normally, the appeeval of an infermation systems security polcy is the responsibility a op management or the boaed of dretars. Fa SR TTsmear ‘DOMAIN 2-COVERNANCE AND MANAGEMENT OF = |AZS2 While reviqing the IF govemanee processes of an ornization an 1S sor discover the fr hs recently plemented a IT tlancd scorecard (BSC). The plementation x complet, however te 1S itor notes that performance indicators ae na objectively measuabe: What fhe PRIMARY rsh reseed y isin? A Key performance indicator are nt rept to management and management enna termine the sffeeence ofthe HSC 18TH pret cull ster om con overrun (C.Miskating indicates of TF perfermumce my be preset to management DV sevice level greoments may mt be accurate, esti ‘setation of misleading peformanee reals to mangement This oul etalk of ‘svrince and arora IT renoures may be misalloestod cr Htc dion ray he bse on incor information, Whether or othe performance distor re corre define. he ress. ‘woul be reported managoment 18 _Ahcagh projet management ses coud arise fom porforance indicators tat wee not comely ‘etn the pesention of miseang performance o management samc mare significant sk © The Thatancesseorceard i designed to mettre IT performance. Te meavure performance, 4 sunt number of performance drivers (hey performance indeators [KPls)) mst be defined ‘nd measured over de. Fllue to have objective KPIs may real in arbitrary, subjective measures that ay be miskading and ead to unvoend decane. Aha peformance management sis ltd to servic eve garcmens could arise fom terfeenace indices that wee ao coral define the prenetaton of mised perro ‘management ia muck mee sigutcat rk A2S3 Which ote ellowing shuld he include in an oranization’s norman scuity oie? A. Ais of ey EP resources to be secre Thesis for ace cont authorization Cente of eermatve cut ace D. _Relowantsofvore security etre Josticatin: [A Alito ey I sources be ecu mote dsl han a which sh ein in pig 1K Thevecurty policy provides the bread framework af security ae aid dawn and sppreved by senior management I ieluds a defen of thoteaethrired o grant access andthe has or raning the access. C.Theienty of ensine curity sets sme dei ha that which shouldbe nnd in poi. 1D. Alistthe eleva sotwae secu fetes mor aed than that which should he ld in pot,DOMAIN 2~COVERNANCE AND MANAGEMENT OF Ir nose ans ‘Which fhe following is the ini sap rating rowal piy? [A Acost benefit rays of methods for secrng the aplications 1 cetifieation of network: applica ob exteraly acess C._ienficaton of valores aseciatod with otek appiatons toe extemaly acess Drei af an aplication tac matrix showang roteton mths Bis the correct answer. este a sldenntying metas 9 protest enn eed vues a tee comparative cost-benefit alysis the dr sep. [R.Idetiication af the applications requlred across the network shouldbe the lial step. After ‘denticatin, d:pending on the physieal atom of these applications nthe network and methods of, cn roling seco to thexe applications. CC. Having idetiied the extraly accel appications he scond sep soe vuleabiles {wcaknesses) atl th the etm appt. 1, The ur step ito aly the aplication tic and ecatea mai showing hw'each ype of tri wil be pct ‘Which ofthe following san implementation rk within the poco of decision sappot yam? 1A. Management corto Semistructured dimensions (Coby to spoil purpoe and usage patore D Changesin deco processes Cis the corset anne. estcaton A Marmgement corto snot type of sk, bu characters fa deision suport stem (DSS), 1 Semsintred dimensions i ot type of isk, bat a acteristic oa DSS, {C._The inability specify perpose and usage ptleras ia risk thal developers need t anticipate nile plemeatng x DSS. 1b, Changs decion processes ae nt a type of sk, but chanetrstic ofa DSS. ‘ISA Review Questions, Answers & Explanations Manual 7 Ealoneisk semi ‘DOMAIN 2-GOVERNANCE AND MANAGEMENT OF Ir A286 Which ie fllosing i MOST crits fr te ssc implementation nd maintenance of» scuiy policy? A. _Assiiton ofthe anew and itt oF arate sect poly by al appro prties Mangement suport and appro for te implement and maintenance ofa security poy © Enfinement of security rls by proving pnive ation for any vilton of ect aes 1D. Stingem implementation, menting ar enforcing oF rules bythe security fcr thr sess cent oftwore| Ata the correct answer Juste [Av Aviation ofthe framework and intent of writen security ply by all level of ‘management and were ofthe ester I ert othe scene ieipementtion and ceive. | Manipemon support and commiament i, no dob, porta but for sues smplementtion ad smainenunce ofa security poly edcating the wes on he importance of security Is paraeu © Pantve actions ute needed enfrce the policy bu ae net the hey to succes plementation 1D. Thestrigent implementation moniring an enforcing of rls by the secuty office ough acest atl soar, and provision fr pune actors for vokon of security us import, tis ‘kependet om th support and edation of unepenem anders he importa of sci. A287 Acomprchonsve ani efectv cil plicy shuld ales th sus of email strc, policy tincemer, monitoring an A. soe. Cohuiding B feme Ris the correct answer AN ma policy shoul adress he basins sl eg exrements of email een. Adin he reunion sue inthe email poley woul faite eevery 8 Besices Being god practice is and regulations may requir an orpanization to keep as am impact on the nancial statements The prevalence of lawsuls I whieh ual communication Is hel ln the same rear asthe ofl frm of ate paper makes ‘All email generated on an organization's 1am email policy should ares the retention both hoon and enfresen Iitgaton The poly shoul also address {he destruction of emails after specified ne to protect the nature snd onfientality of the sessges themacve, C_Ehai policy sould ables the busivess al ep requirement of email tenon, Aaessing the rotenone in thee poi woul faite rebuiing 1. Ema poly shoul aes the business and egal requirements of email enon, Reuse ofc i ot apalicy ter ‘Ged Review Gosatins, Anewers& Explanations Manel 7 Elon =oases a9 J OVERNANCE AND WANAGEMENT OFT fm ‘An organization is omsidring making a major investment to upgrade ecology. Which ofthe lowing ‘hiss the MOST span 0 conier? A cot analysis “The seunly ofthe caret techalogy Conair existing systems risk analysis D the correct answer ustiieation ‘An "The nformationsystem solution shouldbe cost-effective, bu this snot the most important aspst 1B, The curity rk the current technology soe ofthe components ofthe sk analysis, and ane is ot the mt imgetio Gke Cc. Comptay wth existing tems is oe consideration; howe, the new system maybe a major ‘pera tht compte wit xshRg stems, so his isms most important consideration, 1, Prior to implementing new technolo, am organization should perform a rik assessment, which ten presenta business walt management or review and aecepanee Which ofthe followin: cies the PRIMARY bench of equi Hering commie to oversee investment To cont eit stay to demersal 1 a “Toemare tht ventas ae made asonding busines ried “Tocuut tht proper security contol ar enforead “Toren tht sotndard development methodology x implomentod Bis the correct answer osteo: Sn sesing connie ay ws fei stay ins eviews weve, a spon or ‘estorngconcacing he sty 18 stering comtec consis of representatives fom the business and IV and ensues that IT “nvestment i bused on business objectives rater than on FT prerts, ¢Thestering commits saat responsible or enforcing secutiy contol 1. Thestering cormitee saat rexponubl or iplementng development methodologies. 1S cont bjstives ae weil oS ators Bocuse hey provide he bass fr understanding the: |A, Dest sult or purpons ef inplamentng specie coat procedures 53 Bes scanty onl prastios eerant to» spoufic en © Tecnigus for esuing aermaton D.Seeuy policy ‘A tathe coreet answer usticatin: Nall contro jective Is defined asthe tema ofthe desire esl or purpose oe {chieved by implementing entrol procedure ins particular 18 act. 8 Cont objees provide the acta objectives for mpementing contol and may or may no ‘ns on goed practices "ecniues are he means of chewing an oboe, baits more important to know the reason and ttjetve for th cool thant nertand the tchniquo tl. 1b. security ploy mandate the we of I cont, bt to cont are not wt to understand pols. 0 err “Cals envio; Gunstions, Answers & Eptnadion Aieuedl 2” itionmee DOMAIN 2-GOVERNANCE ANO MANAGEMENT OFF |AZ61 The nia xe in establishing an infomation scary program she: |A. Devecpent and implementation of an infomation scr standards mana Perfomance ofa comprehensive security conta review by the Saudi Adoption of corporate information scanty pbicy steer 1. Parla of secu cess contol aware eats The cet posta eden by plicy an the standard ate driven bythe program The nial stop {sto ne ply and ener thatthe program Bae onthe poly |, Ai ara monierng feat elated the peogram can oy come afer the eran i twp. C. _Aposey statement retets the iatent and support provided by executive management oF ‘prop security and establishes a starting pein for developing the security program vu. Ress conor sare an inert secur cone bt cay ae te pole and opm eatin. [A262 Which afc ftlowing is the MOST important Finctono be performed by IT mangement when seve tas been otaureod? A. Esing that ioies ae pt he poder arguing in systems dig with the provide ©. Renezoating the provider fs D Montering te touring provi peremance sti [A Payment of inoies 2 Finance fnction, which woul! be complete per contac rues. 1B Panipat in systems din ia by-yout of monitoring he outsourcing ps perme (CRevevaiaing ees is sally a onesie acti and is ta para as mentoring He sede perce D. nar outsourcing enirom provider. Therslor, i eral a ‘sue that ervccs are delivered te the enterprise a required. “CISA Review Questions Answers & Explanations Manual 12°Edon—SSSSSSSS*C« {eacn Atmos[DOMAIN 2-GOVERNANCE AND MANAGEMENT OF TT ae anet [An exganization purchase thingy appistion ad de sigaicantmdfeations. While uitng the ‘Mraltant proces fortis eral, custmerfcing aplication, the Saat noted tha the vendor his Ce eTpuumets tr orly ome year, Whi ofthe flow lps o mitigate the isk eating fo continued sprlicaion spot” [AL A ishly sy on he vendor Bole escrow greene C.Phnncial evaluation ofthe vendor DL consactal gyemont for tur enhancements isthe correct anew Justifeaion the manor secs to he cui thie the nace coe | Camsiering that the vendor hasbeen i he busines fo ‘nancial stbily or ably of de vendor and the isk ofthe ven host way that tis risk cam be addressed sw havea softnare escrow agrees {Code ofthe appeation, mhich provides the enity access othe youree cade the vendor goes ‘on of busines. ‘caning thatthe verb his sn in sins for only oe en, nancial ealaton of the vendor ‘onl ot be of onc ylue and canot prove ssurance onthe long-term ity of the ender Service oe ety this cas ire portant tha the company has ight the source ode vb. Aronfacaal agement, while bining sot efrccsble cay bas Inte val in he event of backup, wasn the Log ar aly of mor pra ht the span asthe ih ‘An 18 aula evewirg am xtsourcing conc of itis expos it to define the A. Harder confgation Bi Astemecontol ware .Ounentypof ellcan ropery 1D. Appicition dvdopment methodology fete correct answer useation: ‘An Thetbardvar configuration is generally inclevan as longs the fantonaly, ability and cunt cun be fete which re pli ere ligation 1. Theases canto vofiare x general leant a longa he ncn, rail and acty fan be affected which ar spoiic controta oblptos © 1, Thedevelopmet methodology shold be afm el concer i an cusourcing cnt RT@= nearer [A265 While conducting an ait of service provider, an IS auitor abst the servic roid hs ‘outsourced pat othe werkt anoter provi, Bese th werk involves contol informatio, he IS no's PRIMARY concen sho eta the |A. Requirement for securely poteting of nkematon can be empresa FB. Contact may be terminated Bouse prior permission rm he ououecer wa noone, CC. sevice provider to whom work his Besos sn sje! i 1. Outourer will agreuch the thr service poder diel for farther werk ostiteain: NM other countries. When service provider ‘utsurees part fis serves another service peaver thee fe potentials that the Confidential ofthe tnfermaton wl be compromised 18. Ternaing the contrac fra voli of tetra de contact coal be a concen bat is wt related to ensuing the seca fifi. CThewatscarer nt Being subject oan ai coud concen but sot late o ensuing the catty of information 1b. Thete ho feaen yan 1S adie should be concerns withthe osourcer approaching the other service provider rely fo father wor A266 Abenefit fae sem architect is tha it A. Foeatsiazropraity within dierent systems Foes the imegraton of popicary components _Willsea basis fr volume chennt rom equine! vendor, '.__Allovs forthe achievement of more ccmomi a se or equipment Ate the correct answer Justia: |A Oper systems are tone for which suppliers provide components whose interfaces are defined by publ standards thus feat nteraperabityhetweemsptens mae by diferent vendors. 1B. Cosa system components are bul to propicry sands ota he spl ysens camo. oF elo serfae with exising syle C.Thosblit to obtain volume discounts achieved thug the ue of bulk purchasing ora pimary sendr nt teoagh poner ret 1D. Opensytens may be leas expensive than propritry sts depending onthe uli, bat the pimay beet of open system architect ts inropralty tween vendre ‘Ged Review Quetons Answers & aplaratios Manual 1 Elion oe 18 Seer[DOMAIN 2~GOVERNANCE AND MANAGEMENT OFT e& sons aur A268 ae “The ish assed wits lecteonc evidence gthring is MOST ily reduced by an ema A, Destruction pole BL Sccunty pli Chive policy DA patcy. iste correct ams Juste usta etnton policy woud ince the detain or deletion of emails, This must be sempliant svth egal guest ein emai, REE ole ito high eve and woul not kos he isk ofinadequte reteaton af emails of ‘Aeubigz te pevidencwee 1 emails en reuie cc. With patcy of well-arehived email record, acess oF retrieval ef pee emal records 10 comply with eal requirements possible yeah iy nou notables the gal recent io provide emul a letonic evidence “The cpt ofthe eiskmanagerent peoces isan inpt fr making A. Busines ans, And eturcs Sec policy Ison 1 Soltvar desn dcisens asic sane tiny «bss plane the imate gal of he isk managment process DB) ak management an hp vst the au pln, bat no the it chart D Tee na sesnagment process about making spell, security-related deistns, uch as the leva of seep rik. 1 Teak management wl dive We design of scat conto in svar ut inflsncing secur obey ‘An 8 ator was ie to review e-bay. The IS autos is! sk aso examine cach ‘Rian sien aplication loking for vlarabics, What woud be the nex tank? |A. nme teat he Hsk tthe hi iefomation oie an che exces fice 1h Examine te cbwinss aplication i development Ce teats ond the HLtho0d of eccurenee. 1. Check the tgt available fo rik management Cathe coreetamsner, estat: seeped can oly be determin ar he tras, tino an vulrbiliies are ll documented Fy TRS frestpa to acm the ik evel oxising applications and thn to apply those {rplssane development Rbk can ony be ewe afer he het and HelBood hav ‘on deri |dtenmin the rik assoclated wth business am 1S auditor must ident the assets, lok for ‘ranerabiti, and te iemiy the threat and the likelihood of vecerrenee. by Thebutgu sae for fsk management nt relat a his pont bea he isk has ot yt een dein Oe ___________ ai ‘Menu 12 Eaton® it A270, An auditor reviewing the IT ongnization x MOST concerted ithe IF serng commits A. responsible fr project appeal an piezo eres fr developing the lngserm plan (Repent the sa of TT presto the an fds. 1D sesposiie for dtenning basics goals, Asta [AL The IT atsrng commits response for projec preva and prioritization BL The Tsering commie esponste for evtiah of the developmen ofthe loner Tp C_The tering eonmitesalvincs the Boat of decors onthe satu of developmen IT, 1D. Determining the Busines goal the rexponsbiity af senlor management and not ofthe FT be driven by the Business—not the ther way aro ARTI AnIS uae was aka o review comme fra venting consider pov dt cer seve. Which fsthe MEST way to drm wtih eso theca ae af he cot signet? A. Regt the verde to prove monty aes pois [8 Hiveresodic metings wih te cient IT manager © Concet peso ait eviews ofthe vende 1. Rogue that performance parameters be sted within he coma (Cathe erret answer. Sestinentin: [Av Altnagh providing monly tats reports may show thatthe vere is mosting cont ems, ‘nitheu independent veri thee data may nt be eibl Having ere meetings wih the int TT manager wil asst with nosing the cient ‘olatncip with he vendor, Bat meetings ny netic ender aud eps, lis eps and ihe sformation tas peas ut ei Nou take int conseston. Serve evel apreements and the ellen’ requireme 2 Tc fer the vendor, and the esl may sip. Per ‘loo at the vendor's 1 ensure thatthe Yendor ane with which they ano Conte to work 1. Request peormanes paramere sated within he contacts mpotint,ba only if poke reviews are performed to determine ta peormance parameters eecmc yum ypnoncomer @s= aun aun “Which ft fllowing puts athe MOST valet the sag I inane decisionmaking proses? [AL The matey of be project management process BL The replay envtonment Pasta indigs The I rect polio ani ‘iste correct ans. Jostieation: aarti ofthe projet manera proces is ors portant wih ect managing the iy toaly operates of Vetus performing stegic planing. 1. Regutoryregurements may drive ivestment cea techcopis al inkiives; Hower ving hee acholery requests oot peal the main new f the IT and asin tay Fret adit igs may ive vest mcr techies und nes However, vin 10 Foley ait Findings notte min focus oF he ard uss strategy. 1b, Purl analy provides ths het iapat into the deisoa-mahing proces eating planning Strnepie IT inatves Am analysis of the IT pertolo pr a Dlovned inate projets and ongoing IT services, which allows the IT strategy tobe ‘nth the basins strate Which ofthe flowing does tack of ene Security cons reese A. Theat Bo Ase Cpact De Valeriy 1 inthe correc ansver. estat: een tes nyfing echt, suet, hata that is eapuble of cing pss an asset ‘panna tat cares hrm. Athen xe repro coals oF lack of cont, 1, un nsotingo ier tn ort vale tht i war pectin en peo, ‘Mami infrarenal epution. The et albeit bya ack of ona c._ Imuetgremts he etcome or alta threat explting a vrai. lack contols would [ead eva bighe impacts tthe lack of cori is define a vulerbly, oanpt bb. Theluck of acyuate security controls represents 2 valurability,expoing sensitiv information ind dat othe nk of maliious damage, aac or unauthorized acces By hackers. Ths ea ‘uti lo of sensitive tformation snd lead othe les of geod fer the organization Teint desutin of risks provided by the Guldelines forthe Management of TT Seerity fubtsnea by ne International Organization for Standardization (ISO), which defines rik a potential hae plat the vulnerability of an asst or group of ase fa {or damage thease The various elements ofthe definition are vulnerability, threat, raven nprce Lack of adequate sccerity funciona inthis context i vulnerability a ereeaiione i ‘mt DOMAIN 2~GOVERNANCE AND MANAGEMENT OF IF A274 Which of he fllowig isthe PRIMARY objetive oan IT performance measurement proces? ‘A. Mintnize eons Gather performance da Establish performance Bassines DL Opsinizeporormance Juste [An Minnie cor an pes of perfrmance the ima itv of eran mene [Gating performance data necessary o mess IT prema sn the objective of the pes ©The werformance measurement proses compares ata prfomance with basslines but snot the objetivo the proces 'AWI performance measurement process canbe wed lo optimize perermanes, mensure and ‘manage produclaserviceabture aceuntaiy ned make budge decions. ALIS Asan outcome ofinfomation crt govemance statape alent pois: |A. Sosy requirements drion by erie eins, 1B Basdine security folloving good practio. CC teathainaliae and craze ston, D._Anandertanding of risk exposure Aue crrect answer stations . ‘A. Information security governance, when property implemented, should provide four base butesmes strategie alignment valve delivery, risk management nd performance teas artnet Strwegi alignment provides input for vecurty requirements driven by enterprise requirement 1B. Sate alignment eres that sear lens wi business gol, Proving stand of seunity practices (re, bsclse scanty flowing god practices intone and Earnie vlan) in pat of val delivery. (© Value delivery addresses th etstvenss and eiciency of alations bat sot a esut of stot alignment 1. Riskinaazeret ia primary gol oF TP governance, ha sratap lignin is ot oes ndextanding rik expan {A Review Question, Anewers & Explanations Manual 12° Eton 7ant IN 2-GOVERNANCE AND MANAGEMENT OFT — Which ofthe feliowing should be of GREATEST concern oa 1S auditor when reviewing norton Seeanty pie? The pig [AL schivenby an I department objectives. BL Tsp but users ae ot eed ed the policy C._Dowtnotimclue information scanty peels Has nt boon updated in over year a tne correct answer Sostieation: srt punines objectives drive the fnfrmation security poley andthe formation security polly lives th selection of I departnentcbjectves.A policy driven by IT objective iat rik of fot aig ligne with usness goals. tu, Totes thule writen so that wes can understand cach ole, and employes shoud be abl PRS) aoc fhe otc. The fact tat wes have not read he py ha the retest concer tcamse they ail may be compliant wth the poly. Tosos seni contan racers, rocodre a exalted toast wih poiey Fmplemenation nd emptance 1b. Poy should te viens analy bt hey might ot necessary be upd anneal less hee {oe senfcan changes the envionment such as new vs ls regains, ‘Which a he flowin TT govemance good pts improves tage aligment? ‘A. Stir nd pater isk is managed BA kbonledg bee o customers produ, markt and processes in ple. CAsuumars pred that faites the ceation and shang of busines information 1. Topmanagemert motes Fstwen he paves of hasnes and ecnlons. Din the carret answer. estan partite purer rk being manage ia esk management god patie but mt ste fs, B.A outed bse on customer, produ, mats and process xing in place san FT vale ‘elery gol patce but oes not easre state aga ‘anintpsroctas bing pone wo foie the ection ond staring of busines infrmaton i net tau dlery an ik managenent good practice but is ots flv a op management ltwolvemen in sine ae techno} ligne 1b. Top management mediating betnce the imperatives of busines and technology i a FT Strategic allgament good practice. ESTEE EH eee eect ece tee eee eee Eee “Gala Row Gueetionn, Annwars & Eigloestons Maneal 12° Odin‘DOMAIN 2-COVERNANCE AND MANAGEMENT OF 7 AZ-TR—_EMeetive IT govemance requires rganiationlsisctresand processes to ensure tha: A. Rink maintained at evel scope fr FT manag. The business statgy is rived frm an IT state. CIM gweerance is spurt and distinc fom te overall goverancs 1D. The Tsaeuy exten the organizations ios and ejectnes D ithe crrect answer. [AL Riskaceepance everest by seni management, not y IT manage, The hsiness satay dives the seep, nt the ote ay aroun (CP pwerance nt an led scp must become neal pat ofthe ve eerie governance >. executive management etend governance rctues and processes tha ensure thatthe sustains and etenis the organization’ strategies a ebjectives an that the rag ie aligned with bosness strates, A279 Assessing I isk i BEST achive by |A. _Evahating teats nd vulnerabilities arciatd with exiting IT asst an IT projets |B Using the oepanization past acti los experince to determine caren expose C.__Reviwing published le statis ro comparble organizations 1D._Reviving I coat! weakness ened mat ropite. Ate the correct answer ny threats and vlerabltes need to be evaluated sing quate oF ‘quatative risk sscament approaches, 1s an semen on pt ees wll aduntly rele ne dea o nite changes tho rn T assets, jet, corte and ep ennronment Thee els kyo be problems ‘vith he scope and quali of the los dita aval to be assed. 6. Conyrcle rznctons il veins inte ast cro eva al apc ‘icin. Tettr, hln exprcns cnet be we ody as cpa . Contol weakness idotifed during audi willbe relevant in asessng treat exponen father analyse raed oases treat probably, Depending on te see of teal cana, ‘spilt not aloft erieal I set and yojes wil have rcetly been aie, sl here ay ar hea slice! seamen! of sag IT Fak {ISA Revi Questons Answers & Explanations Manel 12> Eien 7‘DOMAIN 2~GOVERNANCE AND WANAGEMENT OFT Orcs [A240 When segregation of aes concoms exis between I suppor staf nd er ses, what woul bea suitable nat aun compensating coo [A Restricting pyscalsccoss to computing einen BL Reviewing trantion and apicain logs C.__Boforming background cocks pir to hiring IT sal DL Locking wer sstene aera specified prio of inactivity Bathe correct anew. TT support tl aly esi physical acess o computing ups Function I wold ot Be Yavonabl to ake his oa 18, Reviewing tramacton and application logs dzety addresses the threat posed by poor se form thio (¢.Pevforming Background chock swf etl to ensue TF staff are story and compton but ‘oer ne ety res the lack ofan optimal serogtion of dates Locking uc coon fier specifi prod of nativity ato prevent urate wie from ipming system seen, bute ns of lack of epreption of dates more the mas (llberatly ‘rinmivern of acces preps that have ofcaly hace granted ‘Atop-down approach othe devclopment of operations polis eps to ensue: [AL That hey ate consient aero the eranization, 1B That hey ate plemented as pat of rik assessment ©. Compliance wit al policies 1 Ththey are revewed periodically ustication eeperiving lonertevel plies from corporat police (a top-down approach aide Consistency sere the organization and conasency with ether polite, Policies should te nfluenced by isk assessment bu th primary eason Tora tp-Jowm approach is 0 ‘oe the the fists ae content cr hs oration cMiop-down apyretch, of te docs not ene compliance De Atap-lown apresch ef el doos nt csure ht plies are evcwe An audi reviwng an onganization ht uses cos-nning practics sould asso he rik of A. dependency on singe person FR inndogate sacession planing Cgnearson knowing al puts a a sytem, 1 aisrpton of pens usin: ‘An Crossining ei dceease ponder on a single person 18 Grooming sts in stccaron planning C._Crestrainingis a process of training more than on individual to perform a specific ob or procedure However before sing this proach, Ils prudent fo aes the Fisk of any person {nowing all pate of ystons andthe related polenta exposures related to aban of priloge. 1. Cromtaiing provides forthe backup of persanel a the evet of an absence aa heh, pros forthe comin of operations “GHEA Revlon Questions, Aneware & Enplanatlons Moneal 12° EitionCs} se DOMAIN 2~GOVERNANCE AND MANAGEMENT OF ALS2 Which of he fallosng shuld be of PRIMARY concent a Sain revi the management of cextsal I sevice provides ‘A. Miniizing cos fr the serves roids TB Probing the provider ean subcontracting services C._Evalating the oes for nsferring Knowle tothe IF depart 1D Dotemining ifthe services were pore as conrated Dine correct anever. estat: ‘Av Minimizing costs if applicable ad ahicable (pening the cst ei aio nota of an TS aut’ jb- This would neal be done by tine management anton ha the department, Furthtmes, ring an su iio ate o minimize the sss for ening rovikr avangamens 18, Sakcontactingproders could hes concen but woul nat Be the primary concer, Ths shud be sss in the contact (© Traoring knee tothe intra department night he desirable une cert circumstances but stoeld mot be the primary concer of an TS autor when aun IT service rovidrs a he mangement teat Fram an 8 sudlors perspective, the primary ebjctive of audting the management o service prenders should be te determine fhe services that were requested mere provided in wa that Iracreptale seamles and inline with conractialaecment A244 Which oft Following MOST ike indicts th a cistone dt wach shoul emai ioe rather thane outsourced oan ofionecpraon! |A. Timezone difrooss cn impede commutation: batwsen TF teams, | Teleeomanicatins cnt ot he uch ihr nthe fre yor C._Privcy ln can prevent cross-onrTowofsflratin Sattar devclpeent may equ more dt spoistons, Cee earrctamawer sient ‘A Time zane ifferences are wally manageable ses or outsourcing stn. High tlecommumicatens cost area pat ofthe cox hei aad no ustlly «eas to esa dats house, C._Prvacy las peeing te cross-border Now of personaly Weatiabe mpesibe vo Toate x data warehouse outing customer formation in another count 1 Slvare devant pial requires more dead speiiatione when dealing wah ashore ‘pean, but hat no ac that sould rohit the outsourcing ston, “GA Reon Quatons Anewers & Explanations Mawal 1° Ellon oe‘DOMAIN 2-GOVERNANCE AND MANAGEMENT OFT Ge" snas {When reviewing a organization's apeove softuate product st, which ofthe following the MOST impor ing to vey? A. Thor ascitel withthe me of he prac pesodealy assessed The last version of sofvre fisted for each rot, Doe te fiensing tis, the ist des not emai open sours softrare, D.Altersours support oT Aste correct answe. usta permease the busines conditions surrounding vendors may change, Is important fr an rsaniaton to zenuct pind sk anssments of the vendor software Us. This may be best Incorporated to the Fisk management proces. {Te otanieatimnny at bo ig the a version oF prod, The bc may contin open ous wae daendingon he buns aint al assocae ok ‘Senor may be roid internal o exenall sath spor should be araned pong nie etait of the soll poe “When reviewing he deyslopmentoinfrmaton scanty pace, the PRIMARY fous ofan Saito Should be on anring hat hese polices B © D realigned with lbaly seep instr poe pecties tre anyeovel by he ford af diets and esr management ‘Grit balance betweon since nd cen ogee, wove diet for mpemening secunty recedes. sien: aaainka ognizatonis at requir 0 base itsTF poison idasty good pacts Pics mst be fhoed on the care and busines ryuieen’ ofthe ergaizaton. ‘biscuit pois be apposed Ronevie, tht snot he primary focus ring th development afte polices Cecautenforation security poles mut be aligned with am organization’ business Scarty objects thi the primary focus ofthe IS autor when reviewing the develapment Fintormaton eur pol Pulses canner prow Urecton thy re tage wih anes requremens. 9e a DOMAIN 2-GOVERNANCE AND MANAGEMENT OF AZT On which she Following fates soul an IS aadtor PRIMARILY focus when determining the appropriate lovel of rotation for a nfermation act? A. Rods of risk asossmsnt elaine vale othe bunt C.Realte of wunerbity assessment DL Costorsecuriysoarals ‘Atsthecrrect answer Sustteaton ‘he set. The results othe risk asiessment ae, therfore, the primy iaformation thatthe tudior should review. The eave val ofan att othe busines ome cement consider inthe sk nsssen his tone doc ot determine te leva of protein oie (C.Thevosule ofa vuleeaiiy assessment would be urefal we creating the rk suse howcver thes would not be the prima focus 1. Thevost of eccmiy contol snot primary Astor to conser Beate the experts o these ‘contol ar determined bythe value othe information ats bing protected AZaK From an IT governance perspective, wtf the PRIMARY responsibilty of he bot of dts? To sie thatthe IT sate A. Wwetefective, Bs ine thinking and innovative C._Iealined withthe business rats 1. Has fe appropiate print level signed Chath correct nner. iat The stata shoul be ost et bt it mist align wth he sins ayy forse sae) to beeen, 1 The Mf state shouldbe Forward thinking an inmost, bat tus align wth he business atey tobecffcive (©The soar a lector i espomsibefr ensaring thatthe IT strategy is aligned with the bose strategy 12. The sete shuld be appropriately ponies however, st gn with the sine strategy Sint a he wil be orn. ‘ISA Revie Questions, Answers & Explanations Manvel T™ Eaton oe‘DOMAIN 2—COVERNANCE AND MANAGEMENT OFT Which ofthe followings the MOST important clement for the sucess plementation of FT severance? plerenting an scores Beng rgsizatioslstatsies C_Peforming a riskassesirent 1. Creating forma security policy asian: dears tccard sa exellent oof implement «program bse on good pversance, bit the most Inport factor-a mplementing governance x algnent with rpnizaiond sages 1B. The key objective of an IT governunce program iste support the business; therefore the aie enunteaticnlsraeyes io nescary to enare agement beeween TT a0 ce Without dentifenion of rganiatana states, the remaining ‘Shetees_even if implosented—would be inte (c.Rindttacssmest is npertat to ens ht the sci program is bse on aes highest ik, ‘utr sete! mute sed on onanizatonl Sracees. 1b. pli iva ley pare of seen rogram impleraentation, But evn the poley mst be Bae on rpunzatonal ep To aid mangement inachieving IT and busines ligament, a Saute shoul ecommend the we of A. conta sePassesments Business gc analysis C._anTF blancel ered 1. Disinss process reegincring. osteo sere Cont self asssments ae ws ogre monitoring of sect consol bul fe not used to TT with oraniaional objectives. 1A business imp analysts wot calculate tempat onthe busines in the event fan indent ‘hatatcets bestess operations but fe ao used o align LT with oaniational objectives. An IT balaneed sarecard provides the Ddge between IT objectives and basness objectives by supplemearing he tradtoal fnancal valeation with measures o evaluate customer infection, itrual process and the bility te innovate. 1. thins proces resepinesring sa exellent tol a evew an improve busines prceses bai ot focus on aligning T ith eganzationl objets.e rea DOMAIN 2-COVERNANCE AND MANAGEMENT OF Tr A291 Which ofthe flowing it the BEST reference foram 1S aor fo determina vendor's bility to mest servos lve arecun reenter a crcl IT sec vis? A. Compliance ih th master coneet B_Agrend-on key performance miators C. Rene of busin continu teste 1 Resuts af indepeent aot ports tc the correct answer Jusieatins [Ro The master comactypcally etude ers, coins and cots but dos ot yal nce serve levee 18. Key performance Torx means to mesure performance, Service levelagreements (SLAs) are statements relate fo expected Serve levels. For exanole Tntemet service presidr (SP) nay guarante that thei service wil be available 98.99 percent tthe dine. C.Wappicabl to he src, resus f basins comity tests are spall inched as prt ofthe de Align review 1. Inefendent aus report othe Facil condion ofan organization othe cmt enviroment Resting adsl repot typically part of he igen review Even tae mt be perermed gut sto standards or metrics ovale conince ‘A292 Toate the risk of epratons a's ale wo perfor the dl backup, mangement ries tha he yates administrator sgn of onthe ily backup his expe sk A. dvoian, Ro Tame © Mitiption isthe correct answer esteem [An Rik avoidance sa srategy tht provides for ot implementing cei cvs or process that woul new rk Rick ter the estoy tht ids fr shrink with tes oprchasng nance erage Cis miigation the strateyy that peeves for the denon and implementation of contr addr the risk described. By requiring the system's adinistatr sig of on the completion {rte backups, thie am adnitrative contra that an be vabiate for compliance Rsk seceplance is statgy that ponder oral ackncaledgment ofthe existnce oa ik bat ot king amy acon ede heise andthe monn of ha ik ‘ISA Revi Gosslons Answers & Explanations Maal 1 Felon ee 1SMAN 2~GOVERNANCE AND MANAGEMENT OF 7 ee AISA poor ce of password nd nent data ansmissons ove unproteed communications Lines ae ano ‘xampls of AL wuleenbilities teat probabilities Bmp [Aise corect ase. station se Vatncrabiites epresent weaknesses of information resources that may be exalted by a threat ‘Bacon these ae weaknestes tha ean he addresed by the Security specialist, they are examples st valnera 1b, Tiyete are cctmstaceso eva the ote to cause frm to tormaton resources threats re bly ete the coma ofthe scanty specalist. C._Proatlitis rarest the likelinod o the oecartene ofa teat tracts represet the outcome or est ofa tet exploiting vulnerability, ‘An JS aloes assigro to evew IT scares and actives een ouourced varius provider. ‘Which of he foowing should he 1 audit deermine FIRST? ‘An aut clase 9 presen in al conta The service levtagrement of exh crac uti by specie Ly prance indicts, The contecival warrants ofthe providers sport the busines ned ofthe organization ‘Aconirac rmination, supp! guaranteed by each aourer fr new olsun Cte corre usin parva hr choice ar important, bt he fit tp it eae tha the conic suppor the sino rly thn un anti proces be alable 1, Ailtric lnslagrsmonsshoeld be menarable an rinforced thragh key performance into but he fist step toes tht the SLAs ar aliged with osincts equa C._Theprimary rapiement forthe services presided bythe eusouree super ta meet the iodo the bes Having sppeopateconols in lace for contact termination are porta, bat fist the 1S autor ss be foc the equictnent of the supplies to meet busines nea “CISA Reviow Questions, Answers & Explanations Manual 12° Edkion296 (easy eae” DOMAIN 2~GOVERNANCE AND MANAGEMENT OF 1 ‘To gain arumderatanding ofthe effetivenes of an organization's planing al management of estes iv osc 1 nue boul review the: A. enters data adel BT blood scorecard C.FPornizatinal stucture israel ttre estan: [AD Ameer te model acumen efning the dita src of an organization and how deta inept ssi but does nt provide formation on aves in IT asset. 1B. The 'T balanced scorecard is a tool that provides the ridge between IT objectives and business objetives by supplementing the tadional fancil evaluation with measures to evaluate tonal ractre provider in Overview of the fanetonal and rpeting relationships in in TT emit bet dor not ensreefetveness of T invest 1B. Mistral Financial sutments donot eovide infrvationsboa planning ad ack wisn tai tocemble one o fly andersand management sctiisrpuding assets Past costs Jo nt ccs eet vale, and ass sch sta are a epesenta othe Boks of acute Aegaring he ousoure ope tan aude TT Series, which ofthe ellowing conditions should be of GEA ‘A. Coreacivtes tht provide diferente advantage to the ogaizaton have Ben outsourced. erste renepiation snot specified in the outsourcing coma CThewasnrcing contact als cover every action require by the Busines 1. Simi activites are otiourced to moe than one ene Ada the correct answer nsineatin: AO An organiatin’s ngeiztion dace bet an IS itor observing that 18, ‘AnfS aad should mot bo concerto abou periodic enepttion in eteureing const wane tht depndent ow the er ofthe contract, COntaring contacts camot be expected to cove every action and detail expcted ofthe partis imei bt shold cover busines ramen. 1. Mulsurins ta acceptable way to elace iskascit with ingle pon of fle ‘ISA Review Question, Anowers&Explenatons Mana! 12° Eon SoDown 2-covERWANeE ANOMMMAGEMENTOFE _ aun oe Fora healthcare orgtization, wish one athe flowing eons MOST likly ines that he patent conchae mewn should remain ifowse ther han be outsource oan ohare operation? [AL ‘There are regulators regarding dats privacy ‘BL Member sevice resentative ining cot wil be mich highs. Cis harder manor remote datbass Time sve ifrsnces cou inpade customer service. Aft corret answer. esticaton: J Rezaatons prchbiin the eos-borde lw of persona itimpossbi tofocee a daa warehouse containing eustomer/member Information in Tranny cost is sommon abd munagable egal af whith data warchowse resides Cent diate monitoring sansa reparis of where he dt warchouse resides fhe swe diferonce sues ae manageblc ough contact provisions ras of whee the dt warehouse esis, “The PRIMARY contol purpose of rire vcains a ob ons is A. allow crose-ainas fo development 1 eppresve expleyee marae {C,_dete improper or ilegal employe acs 1. provide compeitve employe beet. tthe correct answer, usin: athough crossing poo practice For business contin, it isnot chive through ‘manday vcatns 1 thse goo pacice to msintin god employe morale, bt hiss nota pimary rato to havea ie control wid te detect posse ere heaton tne is compete beset, but thats a coma ‘When ovswing the 1 strategie pling proces, an IS aor should ese that he pla [AL incorporates sat ofthe at enol Ballons he ected operations ends Cetin the isin ad ison, D. _spesiesprojeetmanagement practices. ‘Ch the correct ans Jnsteton the pan des net el to aes stats ofthe art echnolgy; he decision to implement new {ceosony i deerdant om the pproch 0 sk and muagerent sats 1. Then die nado ses penal ol brs hoe reo ri for ep planing, (C_ ‘The strategic plan must include a cour articulation ofthe IT mission and vison 1. Theplanshoukbe imlamested with roper projet managemint, ba the pla Jes na ec to shins pet management practices, “CISA Review Questions, Answers & Explanations Manual 12° dition|A2-100 Asia manization la aly one database administrator (DBA) apd one system adminis. The DBA fest acess to he UNIX tevr, which ste the database aplication How should sepreption of dates [enforce inthis Scone? AA. Hee second DBA an split the duties twee he to ivi FR Renme the DBA rot aces cn all UNIX sre (Ce thar lf actions ofthe DBA are logget an tha al logs ar backed pt ape 1. ere that database eps ate fora toa UNIX server whete te DBA does at have rot sess D te crret suse. sestietb: {Ar Hig ional staff isa coy way to csr sepropation of dati. 18. ‘The eth sinister (DBA) co rst css tthe datas servers intl ples patches. C.Thendminstater an moi o erase ops pcr to he tape bac event 1D. Bycrvating logs tht the DBA cannterare or modify. egrepeion of dis enforced A201 Which of he following wr profiles shoul be of MOST concern tan IS ace when perfining an nit of a leone funds aster sen? ‘A. ‘Thy ses with he ability cape and verify ther ow messages Th Fnetsere with he ability to caplare an send ter own messes (C, _Fiuser wih te abit ov ether ust and to send he oan messes The unc witht abilty ape ad ei the mesa of ther were en om MESS As the correct ater. ostifeate 1A. Thesbiity of one nai mm eosragescepesen on inadequate ‘egogation Becnnse merages canbe ton ar correct anda i the had already heen veried ‘Theverifention af messages should not be allowed by the person who sent the mesrge, 1, _Ussermay have the bity to send mesange ut should nthe ale o verify hr wn message, {C._Thisisam example af separation of dates. A person can sel heir vn message but ey ver the meses of eter use 1, Thesisy to caper an very te mesg of test oly se he own msapes i scope AZM Which ofthe following des I anor FIRST reference when priming an 1S ad AA. Implemented proces Approved polices © tonal sar BL Docimented ratios Bis the corect answer estat [Ar Procure are implement in accotance with policy 1B. Pes ae high-level document that represent the corporate pilosphy of a organization nena standard procedures and practices are subordinate to policy. © Sta ae nbd to poly races ore subordinate to policy. ‘ISA Revi Guests, Arowers&Exleations Mona! 12° Eden 9 Picettnheary[DOMAIN 2-GOVERNANCE AND MANAGEMENTOFIT seme An cmterrise sled vende to develop and implementa new software system, To ese tal he ‘Resp’ evestment instars prtted, Which the following secu cases is MOST importa Ao inclade in the master services apeeten? A. Limitation fbi Service level riements Sofware escrow 1D. Version contol (Che the correct answer. Sustiieaton: Fearon of Tibi clause pots the Finacial exposure ofthe ogaization bu tis software Shue level regiments speci Finacial pnsis frat meting senda, bu tse oat tress auc of vendor insolvency. C.__Softwavecaeror causes in sontract ensue that he software source code wil stil be avalable tu thc organization in the event of vendor hsue suchas insolvency and copyright sues, Merman conta elated fo the sofware development hcyele ad nt the software mvesnet \When pleating aT governance ewok nan orginzaton the MOST impenan bie [A.W alignment wit the business BL Accountability C.Valu liar with 1D. Enuncing th mon eestments estitication arte pols of T governance are to improve IT performance, deliver optimum snes value ind ensure rezalatory compliance The hey practi invupport ofthese gals the strategic lgamen of Tithe busines Te achieve ligament a other chtces ned tebe te Business practice and strates, 1a, ecuonbity important tthe mot important objzctve of I goverane iso ensure hat FT ‘rcament and ewer is aligned nits bans equa Cc. Manu demonatate alte o he eganzation, bt ts al dependent onthe abit of Tt align ih and supp, busines eens 1b. Enloncing tetris a cequoment of he IT governance flamework, bu his euiement i only lensed tough lipning 1 with business euiements TIGA Review Questions, Anewors & Explanations Manual 12° Ediionseen ‘DOMAIN 2~GOVERNANCE AND MANAGEMENT OF fT A2405 An IS autora reviewing aa sew sk management program, Meas of scary rik shoul [A. ade al ofthe two etched ovr ie agai te IP strategic plan, C.__comidrthe entire FT enone 1 renit inthe entiation of une tolerances, sstieatbn: [Ar Meats of sce risk should nt be itv network ik Bat thr feu om those aes ih Thetighest rial wo ato achove main rik elton athe lowest psa cot B.__Tstatgie plans aro! granu enough o provide aprrpente mares. Objective ties must tracked ovr tine agaist mensrable youl ths the mansgemen of risk cancel by comparing ted rents aginst esl rm Inst wk, lat month last quater. Rk rent wl profile ‘tk ona network To objectively mesure vulerably hk. © Whom assessing TT security rk, itis important consider the omtire FT environment Monro of sesnty rik do not ie leranes, [A2406 —Theuitime apo of IF governance is: AA, encaurage opti seo 1 Bede T cote C._decenralze FT resoces across the onaization, 1. cemalize conta of Ante arrctansver esta [Ar hgyvermances intended to specify the combination of decison rights wd accountability tha {a bat forthe enterprise. Mis diferent for every enterprise B. _ttcing IT ccs may nt be he best IT govertatce onto Fra elerpis (C. Docnalsng IT rouse creche option ima abays dese although tay be esi ina deconralzed envionment Contain conta fT snot aways dested, An example of whet might be dst isan ‘nei ting a singe point of cuter ect |AL-07 Which of ie allowing the MOST imartnt or IS ator consider when revising a service eel wyesmen with am extra sevice provider? A. Payment tems BUptine guatee Cteetmiication cause D. Deft esolton Bis te carect answer. eat Payment ems ae eps ind in the maser arent ater han inthe service eel agrosment (SLA). 1B, The most important element ofan SLAs the measurable erm of pesformanc, such as upline sgresments, {C_The mlermifction clause fsypclly incl in the master agreement rae tha inthe SLA 1. Thedfult rslaton would oly apy in cas of dtu ofthe SLA therein, more inyartant reves the performance anton af the SLA, {ISA Revi Question, Anamers & Explanations Maal 12 Elon 7 Si re eerano sa109 DOMAIN 2~GOVERNANCE AND MANAGEMENT OF es the PRIMARY objecive of implementing compra governess |A. provide stele diction, 13 Contal sibs operations Sign with buses 1 implement good acti Sestifeaton: sn Corperate governance Is a et of management practice ‘Stuuovation as whole, thereby ensuring that gals are achievable, risk is properly addressed Te arganizatonal sources are propery aned Hence the primary ebjetve of corporate fevornaee ee provide strate direction, ta. Binincr opr are tre a contoled bet onthe stage direction. Corporate onerance apes stato phasing, mentoring and asounability tote ene npmization, nou IT 1b. Cvemance sap hgh the ue of god pasion, but his i at thease of comport goverce Which of fitowing shoul be cons FIRST when implementing» isk maragement progr’? ‘A ndertaning ofthe orgnizion hea suey and isk pote ‘An undergo the wik exons a the potential coasaquences of corpromise A actcinaign sk msanaganen pets ha achat on potential consequences ‘Ak mitgon sey slice! 0 Keg sk consquencs a an aecepable evs Ata the correct answer ustiscation ee impementing risk management, a one of tovernanee, requires collective understandiag af the orgonization’s threat, vulnerability and Fisk profile tes Step. 1s naRlertadig frst tapesre and pens consoense of compremize canbe determined oly fie hore an ndstning he eaations teat, vlncraiiy and ik rail ‘c._Niskimnagmen prritis tat ar are on pte cooroqunces can nly be develope air the fngniation’s reat, vlerabiliy and risk profile determined, Rat mipaton pores re Based onthe hk oie, ask acapianc evel and potential mitigating ‘EStte ese Semen provide a bas for the formation of pis fr risk maigatonsuicen tohexp the comeguanes fom rk at an acceptable eve. PEE eee eae ay Galician basi glenn aa a,2 sex DOMAIN 2-GOVERNANCE AND MANAGEMENT OF IT A110 Inthe conet of festive infomation seat governs the PRIMARY objetve of value diver [AL Opiiniae security iavestnns in sapoet busines objectives 1 rmpments standard et of security prac. CC. mute stander ord ction, 1 imploment a contieet provement cae Justia: [An Inthe conten of effective information security governance, vale dlvey ic implemented to ensure optimization of security lvestments a support of basinese objectives. 18, The eolsand ecnqus for implementing ave deer nclule implementation of sand st of scoity practices howe. mplmentaon of sana a means to achiev the objective of ‘upping ale delivery, not the abet sl Cc. Valo delivery may be supported hough he sof tanda-esed olution, but te we of sama bast slain nt the goal of vale every. 1. Continuous improvement slr in relation oe cuit progam is poss no an jective ALLL Asa dsverof I governce,tangurncy of I's con, alc a ik i primi achive though ‘A. perfrmance measurement 1 Seategte aigomet ae delivery inher compared to objectives, B.Sc alignment rina essex on cing kage of sins an IT plas to pen, C._Valudinery is about exeeting tho vals preposition throghout he dtvery eye. Yale Edo a‘DOMAIN 2-GOVERNANCE AND MANAGEMENT OFT jee" aa a Which ofthe fllowing shoud Bethe MOST important consideration when deci ones oF pry For FH governance implemrttions? A. Process mataity BL Reformanes indians CBsinse rk Assurance eport Cie te correct answer ete eve of proces matrity wil evolve asthe implementation ofthe IF governance program occurs nd iny foe ne the doce making poses, Tose es tha oreen eal nak othe ios Shou be given piety 1b, The level ef procs porformance will anomate the effecveness ofthe program but will at the tiears eo catibls proie for governance. Those res thal reese i othe busines shuld egies pron (C._Prority should 9 given to those areas that presenta known risk tothe enterprise operations. 1D. -Audit reports wi provide ssirance of the elections of he iplomentation of governance Ba Will ‘etd th piri for pegr. Those fsa reese real sk a he bane shold Be spon pity. Responsibility fr the govewance of shoul rest with he: ‘AL strategy commits B Chet information cr © Avbteomninee 1D. Board of det. sustain: stn Taeatzgy commie play signa rol in he sccessfl implementation of TT goverance vin a open, but he uimst responsi tess wih the board of deo 18, Thechet information officer playa significant ole nthe succes implmeattion of 1 tmemance witha an onznation, but the uimteresponstty resides with he Bor of decors, cc. Thou comm tes ply sentient mien montonty ar vesceing he succesful implementation fT governance within am organization, but te ulate rspoasbiy rss wid theta of eneor ‘Governance fe set of responsibiiies and practices exerised by the bard and exccutve ‘management withthe pel of providing stati rection, enrering that objectives are tchievedy anceriling tha ik s mamaged appropriately and yeriyng that the enterprise's ‘esouces are ed eesponsibly.rie ‘DOMAIN 2—COVERNANCE AND MANAGEMENT OF FT ALINE Which off fllowig is normally responsibility ofthe chi infoation sey oft? AL Pei ovewing and oalating the cry potiey 1. Exeating wer apptcaton and oleae esting an von C.Grattingand revoking user aces 0 rears 1. Appi aces 1 dt an appitions Austin [AL Therat of the chief information searity fcr I easure tha the corporate security policy sand ortrol are adequate to prevent unauthorized acces othe enterprise ast cad, ‘ats, programe and eqaipmen. 18. Uerappicton and her aware testing and eraluaton normaly ae the responsibility ofthe stall seg to development and maiteance (Grating snd rvoing aces oT esos i usally inci ose, etek debe ‘entrar, 1 Arma o aces ta ar appications he dy othe dts apis ne, ALLIS When developing fal etemete sce program the MOST cst euoes ctr the ‘A. Esthet ofa review boa BL Creation of scent (Cmte suport ofan eecive sponsor 1 Scetion of sce poco ome Cte cerrect answer. usta [AW Exallshment of reviw bout i st efetve without vse sponsorship of tp manager The cation ofa security units not flctive without viable ponsrsip a op manage. C._The ecutive sponser isin charge of supporting the organizations trate cart program sd sis in dveting the organization’ overall recurty management acts. Therefore, ‘Support bythe executive eel of management the most ral reser ft. 1b Theekctenafscity proces ner ie nteffstiv wet ble sean oop armprt ‘GISA Review Questions, Answers & Explanations Manual 12°Ediion SSSDOMAIN 2~GOVERNANCE AND MANAGENENT OF TT Oya = \When reviewing a ergoization's stg IT plan 1S autor shoul expect to in: [AL Anassesstent ofthe fit ofthe ngnizaion' aplication porto with business objectives 1B. Action reduc: hardware procurement cost CA isting appored supper of casact source. Ades fhe echo acts forthe npnizatons network peineter scat. estication: sre asessment how oll am crganization’s application porto ‘ines abjetves a key component of the overall IT sraegi yen ries the demand seo planning and shold convert nt a eto sraegie uuntlons turther asteament cx then be made of how wll he overall T organization, ceenaingsppieaons infrastructure, service, management process, eam support creams sojecducs"The purpose of an IT strate plans stout how IV wll be sed Steve or support an organteaton's business objectives. ss. Spek een tative inching cost ection of prcosng and miteance atts af ‘Sites belong tate paming ot stags planning. c. Ristofapprove supplies of oonmct ests isa ata rar shan sales concern, 1) Auat-ststepe aan wuld ot nonnlly ioe dal oa spcific echnical architect ‘When dvloing secu si ect, which ofthe flowing ps sould Be exceed FIRST? A. Developing erty proces BL Defining secuty policy (CSpot an access ental mahodlogy 1 Detning roles nt responsbitis asian seen wed to provide dicstion for posed, tn and bss. Therefore, developing, ecu) proclershould be executed ou afer ding secuity poly. 1 Defining a security policy for Information and related technology the frst step tomard Duing a security architecture, A security policy communteates «coherent socurty standard al, Security polis fen se he stage in terms ofthe tals thd procedars that are needed for an organiza c._Spuciningan sees contol metbooloy an implementation concer and should We executed only ter ting acca poly 1, Defining role nd response should Be esse only ater dining a cert poly. “GA levioer Guastions, Answers & liglansiions Mossel 1] Eitanseege DOMAIN 2-GOVERNANCE AND MANAGEMENT OF Tr |ALLIR—Which of fltwing should a IS suitor rsemmind to BEST enforce aipmment of an I proce porto with tatepe eranizainsl prion? |A. Defi attanceseoreand for measuring perormance. Conder er stisfcton in he key performance inion. © Sele projets according o Bins Reef ad sk 1. Mea the yearly process a defining the et pet. Sustineatbns [AL Mesarer suc sa blanco scorscrd ae hp, but do ot gure tht the projets ae aligned tnithbusness rategy 1, Key srormance intr re help to monitor and measure FT perforant they dont forte ha the projets are aligod with sins satay Pri'tiaton of projet on the bash af thir expected benefits to busines andthe related Fini the best nearore for achieving alignment ofthe project porta eam organization's strate priorities, 1. Moding the yearly paces of the projet portfolio dein ight ios the tation, but only if th portfolio diniton proses is lossy be to onpanizationa dala, A219 The PRIMARY beri ofimplemetinga cunt prgra spt of seer govern neck i he ‘A. Aliant oF the FF activites with aut ecommestions BB. Enforcomt ofthe manages of scunty sk (C. plsmentaton oh chet infaaten seer oer recommendations , _Rethetion ofthe cot for I scety esti [A Recanmendsions, visions an bjctivs of the 1S alte ae woul dese within a security ope, but thy woul mat be he major bene 1B. The major beet of implementing» securiy program is management's assessment of Hak and is mitigation tan appropriate lve, and monitoring ofthe residual ak 6. Reeemmentins, sions ad ebjccivs ofthe cel information secur oie re wally ‘poled within a secur erat but hey wold nt be the aor beet Theses fT secanty may oF may not be ede {ISA Review Gowan, Answers & Explanations Maal 12° Eon 1 Sree ere‘DOMAIN 2~GOVERNANCE AND MANAGEMENT OF 7 uno aun ae ‘an organization hos a well stable sk managemest proces: Which of he allowing risk management FST would MOST ily expose the rgniaion wo the atest ncn of comics A. Risk oduct Risk tanster C.Riskavoidance BL Rik miaation Be the correct answer ustieation fuk ection isa ttn synonyms with sk mitigation, Risk ection ower rk toa eel ommensirate wih the Oration’ sk appetite. Risk redston wets he ish whi rik taster docs nat always res compliance risk, ‘a, iak transfer nelly addreses ancl risk: For instance, an insurance plicy fs commonly (© ask aoidance des not expone the oranzation vo cempianoe isk cause tb busines rate that ause the ara sk 2 eit wo fge eing prs 1. Siigating tsk wl tll expose he organization to certain mount offic, Risk mitigation lowers Tak oa level conmensurte with Kc orguntntions rk apatite. Hower isd nsfrece tthe ‘scans Dene sik miiion teats th sk, whe bk transfer dss moc nce ass ‘omplance ek ‘An cinployes who haces to highly conidia informatio resigned pen departure, which f te Fotloring sald be de FIRST? [AL Conducta exit teva wit he employes 1h Ene macs plans ae in place C._Revoke the empliyecsaovese al saris Reva the empoye job hisey ‘Ch te correct ans ostieatio raat important heve an extntrviow with any ples; however, his would ne be the Fs step to uke upon the employ depart rte he eotieity o normation, 1B, Stccession plane are important o prevent darupin of operations. his wuld adress sil ox confidently of eration (C.Man employees dal with highly clase information, the fst tp is to revoke thee acces (all systome f prevent efitraton of data and restriet aces to the information. 1. esping a urd of he jb sory mportans howenr effec ees maybe iy and ‘CISA Review Questions, Answers & Explanations Mandal 12° Eon este an nefois sayin ‘DOMAIN 2-GOVERNANCE AND MANAGEMENT OFT ana im hs ctsourced it helpdesk activin. An IS adios GREATEST concern won ‘viewing te contract and arsciated service Insel agreement betwen the organization and veo shoul Bethe provi fo ecurentation ofa background checks independent anit repr fall aut access epring the year-4ear meme cst ection. ‘poring sa turnover development or esining. stents ‘AL Alta itis necesary to document th ath bakgroun hock te esformes his sly one ‘ofthe provisions tha shoud en placer wai, Wher the faction of an IT department are ovpource, an 1 autor should ensure 1 provision Is made or Independent ait reports that cover al essntal areas otal the ‘ouooucer has fll audit acces, C, Finacil measures sch Jer to-yea nerenentl ost eto te dese to have in & svi evel aprsment (SLA); however, cont rdatons ae a eno a he vib of independent su reports ofl aa sees. 1D. AwSLA mig inca hua lationship ears such a eure planning. ta trove, ‘evelopment rt, ba thine pet the reierens or independent epertso| Tul att acess by the ouourcingonanization. ‘An IS aut iene that reports on product profit produced by an organization's nance and ‘matting copartments ive iffeent rents, Further ivestgation reveals ht the pod defntion being Used by the two depen iiferet, What shel he HS ator rece? User ccetance tein our Foral reports belo rele ino prdstion Ongarizattonal data governance pacts we putin place C. _Stind stare tool are aed for report development, Mangement sgn off on requrrons fr new opr, estan [AD Reconmending tht usr sepa testing acu foal epts bain lesen ction does tnt deat the root cute af the prcblem decid, TW rhoie directly addreses the preblem. An orgunization-vide approach i needed to sche cfectve management of data assets and reporting tandards, Tie lncles enforcing standard ‘efntins oF data elements, which part af a data governance iiiatve €. Recommending sand efor oases fr rp deeloprent des nt aes the 9 cus he problem described 1. Recommending that managerent ign of on requirements fr new fers does not ade the rot ‘use te pobian desea {SA Review deesttons Avowers& Explanations Maal 12 Elon 9 Snes‘DOMAIN 2~GOVERNANCE AND MANAGEMENT OF IT = aa [Which of te flowing BEST suppor the pronation of ew I projects? 1A. lca contol sessment BB Information syste uit Cnvestment ptbio analysis DL Basie ak asset Cis the correct anew station: Ja metal cont sassessmert (CSA) may highlight noocomplince w the cute! plicy bat may nt resem e th es sours for driving he prinizaton of FT poets. 1 Tike imernal CSA IS aut are owl tive contol und may provide ony part ofthe pictere Fee the portizaton of IT pois, (CMs mast desirable conduct an av is which will present nat ony 2 le for termiaatng nonperforming IT projet 1. Business ok andysis spt ofthe investment pro analysis bu, by isa, atthe best method for pein new IT projets “Which ofthe followin i the MOST important IS ait consideration whe an organization outsources a ‘Sonor rei revi system fo hip service prove The povier [AL Claims to mest reso industry sou tabs BB Agrees tobe eto external secur reviews. (C._Hlasa good mart oputtionFrservice and experience 1D. Complics with secur police ofthe onanizaon, Bis the correct osteo are Comptance with security tas snot, but ere iso wy oven o roe ta is the ese ‘whut an indent resin. 1k, his evical thar an independent secur review af wn ontiourcng vendor be obtained, becuse ‘untomer ere information il be hept with the vendor. (c.Thoush long experiance in Business nd good reputation ia important facto sess service ‘ual, he bases cant cutource to 3 provider whore secant corals wea 1b. Complonce wi ogmizatonl scanty plies sport, bul ere sno way very oF prove tha tat sth cae without an independent oven Wiican a ees__ 2~COVERNANCE: (ea et Domain 2 AND MANAGEMENT OF TF (A226 Afr emerge of tno organs kp self devlopodepcy apis om bth organ tte to be npc by om common plaonm Which f te kl the GREATEST na? ‘A. Prot manager ad progr epring combined in project mangement office hat i hve by era coma 18. Theroacmar efor coi of even independent projet wit inegmting the este {ccten ipo managenkt apron c._Thecsouves ofeach ofthe opiston seni xa while hy ae bing fami hte oer ronan py sem Theme patio lfc the bes at of Both ranean change hr work poceses, ‘er a ean exes ting ee Bathe caret ane Suttentn rpm icpation ogame, is comnon o fr oftmaaageme ofece oe led thecal experts) tere anced on compare fran leven te pling SEpoing rts an conte dopendone pj dvr race 1h These shuld be comatdated oesure sgn withthe overalratey a the postmerger orgunaton If teseuree lection ro conte, the separate projects kr cvereuimating the vats of key knewinde resources or he Wrhene-eeped lene ppt Cc _ The vere of po ng sytem can neg some owe of te eke steno tainenundrsunding of ch snes prose 1. Frmoterses mere resi in pein change dh in ig needs agains nd procs chang erage he nd sey els fhe mers. AZ12T —Duingan i a1 dtr oe at i IT deprinen of edit rnin bas 2 Sryrt sk mangnent acts the ergs eperton vik dametton ny cota 3 {ey aly ced ope of Tok: Wet she MOST syria esnmenion it aot ‘A. Crean vi manager paren an son ik evo wih head fetal tok nomenon eer 1 Use common iy std’ iodide exiting sik ocmetton no eve nv typeof re which wl be ese ane c._Nescanmendaon i eesuary Dene te cre proc is apoio «med sind Gotoh eplr sk mangement mectingso ety ad ase i mcrae tpt plan tsa tthe opezlga oat management Dithe erect anon sta eons onizaon wuld aealy at hive a seat Tsk matagment pre arver ter sl mags enh so tht exter ep ld ote se 8 Whbeommn sy be crab ny nds, ey cnt aden he spe staon Dan rant, nd types of sk wil not be ceed tt deed sessment Fo withthe nanan Spin son ak pon in seven not alien o marge Hk ¢. Theautor bold esommend mal rk managsint rt base the fare Sonate repute sk marageret ye abit fhe ration 'b, Katanga Tris management meting the xt wy Ye ety and ase {Tere ak ns meine ergata adres perl tthe rope sameeren and hep the ik regter and mitigation plans pC dae {Bla even Gunton, Anos 4 Eiannton Mena! 7 Eton 7m eeeDOMAIN 2-GOVERNANCE AND MANAGEMENT OFF ann ‘vera quantitative busines ik fr panicle can De exposed A.A product ft liketiboo and msgnite ofthe impact iret secestllyexplis 2 alert 15 The tpn othe imptif esatsource sucessfully expos the vulaembiiy, The iteiond ofa gven ts source exploing a given vlan, D.__ The cofosve olgment ofthe risk sessment eam Iustication eee Suerall busines risk takes into consideration the Hkeliond and magnitde af he impact when inecat upto svatnrabili, and provides the Best measure ofthe risk fan ast. bp, hurtenlato sacra cosde pac sf iethoe oF hat ot rest cures) expliting st vulperbii cc. Ghundonn onl the tiki ofan expiant the poet or damage caused ot slice 10 ‘tine the eral is 1b, Thetaletiv jutgnent ofthe isk scare tam ia ps of quate rik assasment but mas ‘combined wit eakultons oth pact on the business 0 dtrmine vel hk ‘White conducting a 8 ai of service provide fora goverment program invlving confident {normation, tS etalor noted th th erie provider delegated a art of the IS work to anther “ipconacoc Which the following roids the MOST assurance tha he requirements for potting ‘Sntdctality of infomation ae met ‘Monthly commitse mostings ince thesubconiraciors 1 manage. omigamerroew's weekly wor rm he subeenracte Permision cain! rm he goverment ape regarding the conte. sic independent suit ofthe werk delegated the ubcotacto Dis the corretansner. Jestiteation: ee Repl comites meetings ae goad monitoring tot for delegated operations; homer independent vows provide beter asian, 18 Miragement snl not oly yo a eprted intrmaton om he subsontractx Coun sms om te goverment gat is ot rele 6 ensuring the confidently of tnfeaton Periedi Inlependent ats provide reason surance that the requirements or protectingAn130 = ‘DOMAIN 2-GOVERNANCE AND MANAGEMENT OF IT Dui an aut, which fhe Flowing simatons ate MOST concerning for an orsenization that Sievifcany outsources IS procesing to. pivate network? ‘A. The contact doesnot cone ight lane for the hind party, 1B. The cont was not eviews by an nfrmation secur subj! ar expt pit sgning GC. The Soutwurcinggubsines are not apgove by the board of dros. D._Thersie lack of wel defined IS performance easton procs Aiethecrvect newer Av Lack of rgh-to-audit tase in the contract impacts the IS auditor's ability to perform the IS sak. Hence the 18 auditor ls most concerned with such a sitvation, Inthe cae a otsnarcing ter private network, the erguniraton should ens that the thir party hat inst of [rseuriey controls in place and that they are nperating flectiely 18, Havin onmation secant Subject mater expert review a contacts god practice, but ‘a repirerent inal indus. ©. _-Apymal othe 1 outsourcing audlines by the board i go practice of govern, a isk of appeal iar oul seve Honor dos rot mac the Saar ability to perf Sst. Lato well-defined procedares docs nt enable objective evaaatin of IS performance an suit fr, Howener, doe not reulintoraor io ropercstos nd sl des net pect he IS nitr abityt pertorm an IS out The MOST important clement fr the lfc dpm of am information scot plc the AA. teat anda BR _prorseeurty incidents, C,_Goesingtecokonies. D._cntenvie isk petite Dt correct anne. Austen: ‘AL The feat landscape is dynam. should be cemsidered when developing pole, bt is a the primary fico spicy snot meant to change ar fen the deat laminae 18 riorscunity inckens my provide insight ithe ak appetite sateen; ower they are mare likely waft secu standards and prceares, C. _Emowing technologies are coninual eveling. They shouldbe considered when devcoping pley, but ey ae nol the primary floras plicy fem mar to changes fen a ecology. D. The ak appetites the amount of risk ona road eel that um ently Is ling to accept sit fis nisin to meet is stele sbjectives. The purpose ofthe iformation security ey to auanage infarmation ik eau acrepable level, tha the poly Is pracpally ‘ignd withthe isk appt “A Renew Gusto, Anwar & Explnations Manual 7 lon 733 eee‘DoluatN 2~GOVERNANCE AND MANAGEMENT OF 1 As esl of pofiailiy peesus, senor management fan ener decided keep ives in ‘Atsnnatonssunty atom mado levsh nih of he flowing isthe BEST recommendation of 1S suaior [AL Use bond prvi fr los opsratins 1B Revie complies enforcement proces. {C.__Requs that snr manager aceop th sk 1. Postpone low pron socunty procs, (Cth corrct answer. Sustfeaton: parte mc of lol roves mayor may no provide cost Svings or ower isk 1B Campitnee ence processes that Sey hh evel eal kare working es intended i shot ot Devise ¢. Stnior management determines resource allocations Having established tha the level of Scout f inadequate i imperative that senior management accep the isk resulting From thelr decisions. , The Sandor leuid yt recommend postponing ay procedures. This is a management cision and Imanagrnet sul! ist scp the isk, ‘Which ofthe lowing insurance types provide fora fost avs fom fala ats by employes? A. Business interapton BFiciy eoverge CEnurs and omssions D. Exim expense is the correct estfeation: ser peninen terran insane covers he los of profit de 1 the dtupton in he operations of an ‘exzanatin, |B, Fidelity Insrarce covers the los arsng from dishonest or travdulent acs by employes CC. Eno and mins insurance provides lel ability potection ia he event that he profess wacionr cots an ct hat rls Fn [ost ou cont. ns exper surance dosigodt cover the ext cost of eontoing operations fllowing a isan within a rgnization morn aut process PRIMARILY inact which ofthe following rs? [A Detection isk B Inheeat risk C Comtot ik Di Basines rik ‘Aisha correct answer. Detection rs the probability that the aut procedures may fil detect existence of ‘materi eroeo ra 1 Insenktels tothe dk inves inthe rate of Business or eansesin and is ot acted by Cont rai sk hat til ror xis that would ot be prevented dette on a imey Jost te cn often corr 1. Busines rik snot a compnent of ait isk “CISA Review Questions, Anewers & Eiglonstions Mfonual 12” Sdilea(ead se DOMAIN 2~GOVERNANCE AND MANAGEMENT OF ALISS Which of he fllowing is MOST importante conser when eiewing he classifi evel of infor sect? A. Peterlee 3 Finscial cot Potential eat sess tte ss for at at Siege rebar octet pose ciny fo 2 pre bid D> terme wulbe obued bat on ae Cen Which of fllowing is of MOST interest oan 18 autor evewing an organization's ik tategy? A. Alles mitigated effectively 1B Renan! ik seo ar conta plementation, CAI iss wowed ad ark. 1 Theargarization wes an eas ik amework Cie the correct answer usticaion: ‘AN Rsk mitigation can only occur ar al isk is ideted al rank 1B Wistighy wally endl isk would bez, ikly to impact the organization shoul be identified a risk strategy. Without knowing the ris, there io esk strate. 1b. Itistecas important toute an stash ik nr ae it oy arn ll ely sks that on be sles mented as part ofthe ALI37 —_Ancnlee i ooking to obtain clo hosting series fom a cloud weno wth high vel af atari Which a te flowing is MOST important fr te audio ensure comtinedslignnest wih the enor souy requirements? |A. The vendor provides the lest hind pty aut prt or verification 1. The ondr provides the test intra ait repo fe efit. {C._The endo rest implement contol in ligament wi th cater 1D. The endo agrees o provid annua extra aut pot in he ent ostiteatin [A Althea the vendors proving the mast ect hia aaliteprt fa views her 0 ‘great cotactallythat would que the ender continue to prvi rma eps fo 18, Althea the vendor i proving the mast reset intr at port or eviews {ercanntcovtractally tat woul gue te endo comin wo prvi anal spor for ‘erfatcn ara review CWithat alte tthe contrac, an agreement implement controls des no provide assurance ha ens wl contin ob implemented alignment withthe enterprise 1D, Theva way to enmure that any potent risk le mitted today and the ture oiled 4 ciate within the entract that the vendor il preside future eter suit reports, Witho ‘the ait ie the vendor cam choot to forego future audit. “GA Review Guetons Answer Explanations Manual 1 Fan Eero eeereae SeeDOMAIN 2~COVERNANCE AND MANAGEMENT OF TF ania au ‘An autor cvalutng the FT govermance framework of an organization. Which ofthe following is he GREATEST concer |A. Seni management as inte imsolvement {8 Return on investnent snot meas {C._Chapshack of” cost snot consent DL Riskappetite sat quantified. ‘Atethe correct ansner. usta: annnrcnnure that he TF governance framework is effectively i place, senior management must ot roles and responsi. Therefore, ts ost essential to eure the 1 Ersring evens mangement ra part afte objectives inte FT govemance Fmevurk, There iain mot effin wong th soundness oF TT govermans. (¢.Tnnectin of cnt allocation system pat ofthe objectives in an FT govemunce newer Thcafore, so ffective in wring the sods TT gonna 1. Enimaton oapetie porn ower tthe sans ine, mangas soul ese tht ons fecinplace Tore chesting only a ik appetite dos er) Seuss a TF govern ater an organization complet tat sd vlnerabitiy anys pat of ish assessment te fa ‘oper suggested iat. sionprvesion system (UPS) shuld be insta ot he main Ire aieways ‘Sr tat busine nits shoul! Be spared via proxy renal Which ofthe flowing isthe BEST ‘method io dteine vater the cons shoul be plemented? A sot boneitaalysis 1B. An annual os expectancy eaeation CA conparzon of he costo the PS an rel an the cost of the busines ystems Do A business mpct naj Ai the correct ans Tstfeation sretina cos-beneft analysis, the total expected purchase and eperatonalsupport costs tative vale for al actons are weighted again! the total expecied Denes rst fechas mot proiable least expensive or aceepabl isk option, 18, The anno! less expotuncy ithe expected monetary lp hte or a asc ner aca ycat perio It sa wsfl akan that shuld be cluded in determining the neces of entls bas ot sce aloe Thecostof the horde sss should be compare othe ft vale of he infomation tht the et [owes insldg the cont ofthe ryt wher he dt ese nd across which dal ar Wns. 1b. Penal basins input only one prt ofthe cout beset arabs Le erannnTeinte MaEMEnI anEEEEeeeereaeatiae= ‘DOMAIN 2-GOVERNANCE AND MANAGEMENT OFT An Satie seiewing coer managemnt proces to determi the facil vty fa fae veo fee active basnes aplication An Sandor ei detenine whether te vero ten Conidae |A. Can deliver onthe inet cna BL teotsiiae nancial standing 2s the ergo (© Mas sigifcant nancial elizations ht can ips Habit tothe oaizaton, 1. Ca ipport the rani neon te, Die the earrect answer, Susie [Ar The capability ofthe nganiation o soporte enterprise shoul extend beyond the time of scan ofthe inmate cota. The objective a Financial elation should nat be confined {he immediate cntat but should et provide aesrance of wnat ovr lange ie fae Whaler the vendors of similar ean staing a the rch i srloant oh revi (©The vendor showin hive fitancia bligaton that could npn abit th prc ho Final oblgtions are usally ra the prchuse othe vendo 1D, The oneterm financial vay of vendor is essential for driving mixin vale for the zations more kel that a laacilly sound Yerdor woul be i business fra long ered of time and thereby more likely be capable af providing long-term suppart forthe Derehased product ALIA Which of We flowing i the BEST way to cose at epanizational policies comply with ep reiremerts? A. tnclsion of blake egal tema in cach ply 1 Peritirview by abject mater exerte Canal signal snior management on orarizationsl policies 1B Ply alignment fo the roel entctine regulations Jasin [ALA Hike al satament in cach poli to are w al appiabe laws a reputions i nefetive cae the readers of he ole tral pesne wil not knw which sere re applicable tthe specific nature of th requirements As sult, personal may lack the knee perform the raged ete for lea comphince, [RL Perladle review ofplcies by persmel wit specific knowledge of regulatory and lee surements best ensures hat organizational polices ae aligved with kyl requirements (Canal sige by senior management on et ostizations police ps set the lone the tp But oes ot rsa that he polices comply wi regulatory ane eal requremens, 1D. Aligring policies tothe most rerictive egeaons may rete an acceptable financial nd Kc the paization. This eoul then ea to sewing nal vik yer the sate depres hose entaing serie castor dita ander information pote by kato, ‘9A Review Gossins, Answers & Expansions Nanal 7 Eon 737DOMAIN 2-GOVERNANCE AND MANAGEMENT OF TF ane anus ‘An iS auditors oviewng the risk management process. Which of th allowing is the MOST important ‘onstestion daring hs ecw? [AL Control te impemented tase on cost benefit nays 1B Sherk mmagenent framework Base om global standards Che epee proses fr ak espase iin place. Tri presente in business ems, Dis me correct answer estat ener Setel to mit risk rst be implemented base on cost hemi aay however, the cst one analyis ffctive only fk spresented busines terms. eR DE amener bared on pil snake rpc im ein completeness: Rowe. ‘rgmcatons mut adap to si spe businessrequrerents ¢._‘Rrprovas fori reaponse come ater in the oes Di Perak management to be effective, ite necessary to align FT risk with busines objectives. ‘Tis tan be de by sdopting acceptable terminology thats wdestood by al, and he best ay ernie this sto present IF risk in business tern ‘pm eterpise oss itt center onsite and has usourcsd the managenet ofits key ania pptenon ot mre provider Which of he lowing conols BEST exsues ht the service proves Cleplyess are tote scuty pices? [AL Signoffis equ on the enterprises scuity pices fal ser BB An nent lvoe ela in the contact wit th sevice provi. Maney scanty sacenes ising impemento forall sr 1D. Secuy pote! shold ke aiid to srs empliane by the pary wes estat ee aning srs ino on piss a gow practic eweve, this only pts he os of copie on the inva om te rgnizatin. 1h. aing the serice provider signa incemty cause will enter compliance to the enterprise's ‘curity pili, becuse any wation scovered wil ead oa financial ailty fr the vie pene This wil aso prompt the enterprise tw anoalr security vieltions ces. cc, earenseminag san excel onl but wll ot easce he the sree ponder employss adhere pokey 1. Moaiteaton fscusy policy dos not smu compliance by users unless the pis re Zppropratelyconmenicted to usrs and enforced and avarcnes ining spo i eeenaaaion® DOMAIN 2~GOVERNANCE AND MANAGEMENT OF fF i i f A244 The comoate I polly for cll ener egies that al users ean nig wer scouts, On income that his nt te eae forall career, wha the MOST arpropraterccrmersin? A. Haw the current cnfieerton appro by operations magnet Ere tat here fan ai rural exisin accounts {C_Implmentinividul user scours fora ah DL Amend the FF pobey tallow share accouns, (Civ thecervectamener ostfatos 1A Having the current ceafiguiton appones a recommendation tit st in complisnce withthe ners oa policy and would volte good practic. Having an aural for existing shod ascents would ne provide accountability or eolve the (C. _Individua wer accounts alow or accountability of tranections and shouldbe the mest inpertant recrmmeadaton given the corren scenario, 1. Shard wer IDs do not allow for acount of taactons and wld ma refet good pice ALLS Which oft fotloming remons BEST describes the pupae matory vacation pokey? ‘A. Toca that cmplaycs are propery cros-ainodin mip futons B._Toinproe employee more C.Toicaniy potential eer ot nconsisencies in business processes Tobe wrod ana cost-saving menmine ‘AL Ensing that employes are ree eros. in mule fnstions improves th sil of mpyes and roids for suecsin planing but a th rnary pap of anatoy |B impoving employee morale helps in reducing employee buraut bio the primy reson fr CMantatory vacations help uncover potential fraud oF inconsise hnaveacessosesitiefteral contol or precese ake mandatry va often regulatory requirement and, most nportanty, goed way t ancover 18. Manltary vacations mayor my nt bea cstsaving metre depen em the enters. “GEA Review Questions Answers & Explanations Manaal 12° Eailon —s EeDOMAIN 2~GOVERNANCE AND NAMAGEMENT OF Qed tani 2A AND ASOT : Ans ‘he MOST important point of consideration fran IS autor while reviewing an enterprise's projec. otfolio hai Docs no exes the existing IT budget Ie alignd wih te vestments as boon apron by the IT ssering commie. Isalipned with he bane pln Dis the correct answer. ostifcatin ‘At should be iste if he proc porto excea the I get, bat i ot cet as ensuring that aligned wih the busines plan. ligne with thobsines pls ‘c.__Angeopnate apron f the projet proto should he pant. Hemever, aot ery ener hs SF string Comms, an hi nt acral searing tha he prjets ar aligned wih he tasines plan 1D, Perle management takes a Noliste view af an enterprise's overall I strategy, when turn, ‘Should be aligned with the busines strategy. business pau prevides the jstieation fr each ‘tthe projects the project porta, and that ithe major consideration fran 8 m A 1S autor observes that an encprin as outoced sofware development thi pry that sa ‘vt company To casa tht the eferpie's vest in software pote, whi ofthe following Should be recommend by the 1S star? ue igen shouldbe performed on the software vendor ‘quater at of he vendor flies should be performed ‘There shou bw sure code escrow aproement i ples [high pom clase shuld be iced in the ont ner (Cathe correct answer Jastiento eeislnough dhe dligsice a ged practic, does not ensure avait ofthe sourcecode athe ‘ent af vendor fae 18 ‘Ahough equate uct of vendor facies» tod patie, it does aa ease aval of he source cade ne evens offal the star-ap vendo. cc. Xsonre ade crow ngreement primarily recommended to elp Investment instars, because the ures code wil be avaiable th and canbe releyed if the start-up vender goes out of business. 1a. Athos pony cltse «good pacts, des nat rvide ptation oe esr sway of ‘hesouce coven the event of eed bankrupts. ee the enterprise's ih rue thie afens seen DOMAIN 2-GOVERNANCE AND MANAGEMENT OF IT AL-LUR An coors risk spetite BEST enabled by A. The eho eal tice 5B Searity management © Then eommitoe DL The tecrng commitee isthe carrect anoner, suite [Ar Alling hie ep oce ean ive guidance regarding legis he policy hey cant ‘ktermine the risk appt 18, Thevoewrity management ea is concerned with managing the sou pote bu not with ltcrining the posture 1D. The eering committe f best sited a determine the enterprise risk appetite eco the commited its representation fo enor management [ALLY fianciatsrvices colrpriss ha mall IT department, an indivi perf mre hay one Which othe following practices repens the GREATEST nk? |A. The dcvelanes promote cde ito the prstion envionment. The snes analyst writs the requirements nd peeorns anton testing, (CThe I manage lo performs tems inition, 1D. The database administrator alo perform deta baka Sestineatin: [AD IT developers have accent othe produc be migrated ito the production ensronm nitions which there rn deieted testing group, the business anal i fe the ae a rerfrm testing because the analyst hs deta eigen the syiem must fncion 2 revo oF writin th reiremonts (© ttiscccepable in sal ea fo th IF manage to perf sytem administration lang the amet does not le deve cnie 1b maybe part of the database dministators ates to perf data Backus “GtA Reson Question, Anowers &Expleetons Menal 1 Ellin SSS Ssoun 2-coveRANe i MANAGEMENT OF @== axis suast | financial etemrise las ha ificuics estabishiag clear responsibilis between ts sttexy ‘ines and string corti. Which ofthe Following espostiltcs would MOST Hitly be Stained tos sere commie? A. Approving pest rans and bodes BB Afuning Teo business objstnes Advising on TF eomplince isk 1. Promoting IF goverance ratios A fethe correet ans. ustieaton eT tering committe typically haa variety of responiilies, incading approving IT ete ed budgets owe sated te bine ahortivee, kad governance ae ‘eslofties hat are generally ssigned aan IT strategy committe, because provides insight and set the board 1. Aiming TT to bsiaes objectives is tsk any asianed oan I sate commits. The ering ace would be mere Involved seo and motoring a individu projects and budgets Cc. Inver elt tocomplionss re tks yoy signed oat sae commits The tering ‘Scutec would be mor vole in aproal an monitor of inidal projects ad buds 1b. gmersunce se tsk usally asigned to an satay commit. The seeing comes would ‘emote involve a approval rd moniring of inva projects and buds Wich ofthe lowing i the BEST crake for suteie alignment fermen business an IT? A.A matuiy moi 1 Goals and mati Como objectives DL Aresponstie rcumtable, coma and intbrmed (RACK) cart stati Natit models enable sissmen! of erent proces capability and cook be Sd ex poses Throwment an rarenng hematin ofthe aga proces, bul fhe do nat diet enable slaps allgamet 1B, Goals and mets ensure that IT goals are set based on business gol, ‘cables of tae agement. ¢Contol objet acate th plementation of entols in he rested procescs conn 0 ‘ses ogee 1b. RaCr chars cuble the assignment of responsibility to bey fanctionric but Jo nt ensure sep ligament Whey are the best SE aE‘ee ‘DOMAIN 2~GOVERNANCE AND MANAGEMENT OFF (cish sae ALIS2—_ An IT stering commie sk [AL Inclnes mix of members rom diferent departments ad a evel 1 Ease that infomation seeuriypobeis and procedure ave been exscted propery, C._Mritin mints of ts meetin nd sep the bra of distor normed 1D. Bele about new tends and pada at cach moeing y a vendor, tte correct ansner. ‘Ar Only sir ranagcmen ot high-level staff members soul en ths commie becuse a is srtsgic mission 1, Envi hat information seu poise al procedare ve been exceed propery snot sreponsbiity of thi comnts ut he respons ty of managsment nthe oc C.Teicimportant o keep detailed FT storing committee minses to document the desisons cts ofthe I steering committee. The board of directors thos be informed ab ‘echions on 2 tn 16, vendor shoo he ia o meetings oly when aprepite. {ISA Revlon Question, Anawere & Expansions Mansel ™EBWiog 78OEE Page intentionally left blank enSEES Doman s-mnroRMAnion YSTEMS ACQUISITION, EVELOPMENT AND IMPLEMENTATION ‘DOMAIN 3~INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION (12%) ALL Who should evow and apyeove tem deliverable they are defined and acompished 0 nse the succesful :ompletion so inpemettion oa aew busines stem aplication? A. Usermanagetnen Prt seeing commie © Seriwe management DL Quultyasance stat Auth correct answer. {ccepance testing and wer traning. User management sh review and approve sytem Setserabes at they are defied and accomplished, or implemented, BA prvcct tering commie provides over diection, ensues apepie eresenation ofthe naj sakeldes i the poets cutee eviews project ropes rely and Hoke eeseacy tottngs when required A projet steering commie ukimay respi rl deters, Proj cots nd sche, (C_Semnr mangement demonstrates commitment othe projet nl approves the ness) Hse 0 lt the project Ths commitment om sco agate els eas inlet by tne ‘nore nos comple the projec. 1. Quslty assurance staf review res and deliverables within cach phase, ent the cof ach haw confirm crane with ands and veuitement. The eing orev depends othe fysten development life ec the input of potential deviation metindloyy wed the tte ee tape of the systema ato ptetaldevioton |A32 Which ofte following REST help pricetize peje! activities and detemine te ine ln for projet? A. AG chart Bsa vlearalass rogue view etnigue Fore pont sais Cin the correct answer estan A” A-Gant chat isa simple projet management oo a woul elp wih the pinion requirement but tis not as eet as program evaluation even lelnigue (PERT Earl talc analysis ecigu rack projet east vers post dieraies bt doesnot asst in ring tk, ©The PERT method works on the principle of obtaining project time ines based on project evens for thee likly senariognorthest and norma. The tnline i calculated by » [predefined formula and ies the eel path, which ideatfes the hey atv tht be parted Fanci pin mays measure the compleiy of ap and output and dos ct lp opine projet actin “GEA Review Qeatons Answers &Expnotine Monaal TP Edllon we SeeDOMAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION e sepsce= ‘An IS aude reviewing soris of completed projets finds da ths implement anton ofen aaeeseitounmentsand most ofthe prec a sinicaty over buds. Whish of thes areas oF the ‘Steunizton's projet mnagerent proces the MOST iy case ofthis es? A. Proj cope manager Projet ime mageme Projet rik management 1 Projet procurerent nanagerent ‘Atte correct answer, estat etjccaue the implemented functionality greter than what was Fequlee, tnd only the recired work to complete the project. 1 Pret ne managment sdfin asthe presse eget ensure inst completion of the projctThe sue noted in be queton docs ot mention whtberprojecn were completed os th a the mes ely cause CPaojet risk management fis as the process concerned with inti, abe and ‘espmng to poet ink. Aug) the Bt oweranamcsone abo preset one orm of [jet they appear ob case by iplcating oo rach fietonly which alates more ‘rely to projo spe 1b. Projet vere managements dein as the proces eed to scqure god and serves Fo outperforming orgniaton, iho purchasing gos and ovies that e109 {Capen cares budget veran nth cate the key 0 the gusto ie hat implemented Fanconi is reser han wht wa resuire, wich more Hy rated projet seeps ‘an 1S alto isrevieving the sofware development process fran agtizaton, Which of the lowing famction ar appropri or he end wn to penton? Program ouput esting System configuration (C._Program ogi seston D. Peformnce nara Abs the corret suse, sticati see aser ean tet program autpat by checking the program input and comparing it with fystem eutpat. This tas, iy done bythe programme, cam also be one effective by the wer 1, Synem confusion is sly to tenia to be accomplish by a use and tis station could ‘Gee sxariy ious, Thi could ntre a sgregation oF aise ‘crop lpi speifiction i yry tse thas emally performed by rorumme. This foul noducesopepation of dts ise 1D. erfaoman eg ss roe igh level of echnia hil ad will tbe elecively complished bya wer This cul nadie a sereaton of ties fs aicaeesapensliaes aueenannaepenentemeaneanien-aoilias(cro SSSicE" __ DOMAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION as ‘AS aio i reviewing system devlpmt fr ash care nprizaton with wo arco ries — Production and ws. Darian teri, the autor ces th poco date wo te occa {ex progr changes. Wt the MOST sigs patra this station? A. The est emiromnent ayn ve adequate con to enue dl acta. |The estenvirnment may pode acre ress de toe of production dt (Caste the et roe miny nt he Hetil tthe roe enytnenent 1D. Te estenvronment may no have adequate acess conto plement Yo esi dt conn. Austen: Av The securacy of data uel ia the et evr so iii concer as on as these data 18 Using prediction dt inthe et emo docs not cau test results toe inact. Pay thing, ‘sing prsction data proves he aecaracy of etn proces, Dena the date mst closely tee the poco enviroment In pt ht Fc th vk fata datos or unvuthor zed {ew in th ext enonant il significant an ex rr rocton data Soul nt be ened Inthe est ciroment. This expel empertnt n Bel cae ongantation wher pati! ta enue ete and privacy fw nay courses stick pais on mie ofthese ‘ts, © Hardsat in the test cnicrment boul mir te proton emionmnt to emu tht tng ‘elie However, ths doesnot lt he isk fo using ive date commen Tis no the correct answer been oes mt rele fo the sk pres in the sera, (st envionment i not conigered mith the same access controls For example, programmers may have privileged ‘cess tothe test environment (fe Lesting) bat not the production envionment he es ‘evionment does not have adeeate acres contra the prcton dale {ISA Review Questions Anewers&Explontions Momul 2° Ellon nateDOMAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION “The 1S ator is evioving a rcerly comple conversion fo a new enters rescues planing nyse rina fal stage othe conversion process the ofzanization ante o and new systems pal for 30 lteter allowing the new system fori on town, What sthe MOST sigan advantage othe Crznicaton by wing fistateny? [AL Signin cost savings ver or testing aProsces 1 Attra tht ne. taser andar is capable withthe new yen {C.__Ausurane that he nev sysem moes fenton requirements 1. Toresed vay during the parallel processing ive ustiieation: Seip provi ligh hve wane th then tom Stns propery compared eintaud ton Parte) operation gerry expensive nl dacs na provide a st savings re ne eng appestes Inmany cts, pall operation isthe mos expensive Fora of scant dt the neo for dal dts em, dsl soso dwar. dal aintence and al Ree ie tvs the amount of wos as runing» potion syste an therfore ts oe ime ara ney 1 Monies comput sould be determi nl tse mach carer in he comerion projet cee aotanabuntag of parll operation. Conga s eeealy dtc based on the Plicaion patched speifeton anon ssc esting in lb envionment. Farle operation ergesignd the application’ eivenes ad igpry of pplication da, not haar “npubtiy lngenera fava compares more wo the operating system evel than fo eral appeaton. Although ne harder stem conversion rus be tested under real tio Ton his canbe oe without paral sen c. Murae operaton i deslgned to prove assurance that anew system meet ts fanetonal quirement. Tas the safes form of stem coaverion pplication developer pute abs an ackups) on th aystms te ensure tha the nem system fs roiable before ‘nphgaing teste. Deere ney dering pull prossing it timate outcome fm his scenario, bt the vantage tp onporsy ad mints this 1 he crest answer EE(era) Se" _ DOMAIN 2-.NFORMATION SYSTEMS ACQUISTION, DEVELOPMENT AND DYPLEMENTATION ALT Whatkindot soar api sing i omidred the Fina stage ofexting nd typically inches users ‘outside the develepmen ta? Alpla esting Whe hoe sie Repression testing otatesting usta ‘AL Alpta testing the ting sae ja before hota esting Alpha esting is yl fra by Programmer: and basins nays instead of wr Ala stings sd to Mets Bug or ish {hat on te fsed efor et testing bugis wilh ester wes Aesng, White bx testing i ed o tease he effsvencs of saleare program loi wht et D iethe correct answer. Justia [A Altah he projet sn ine al bgt, der maybe probleme wth he post plan snuse conndrable amounts of unplanno verte have been reed however the eal poser aye with teh the projet plan frei, not jst te courting (©. ts posible hate programmers are yin o ake advantage ofthe time sem, bu ithe everine tas ton required 1o Kop the projet on track ts ure Hy atthe te ines a expectations of {he project re unre 1. _Aluhugh the dates on whieh Key projects are completed are important, there may be issues vith thepeaject pam fam extraordinary ove dates tn ent ese, the projet pls programmers to work considerable overtime ie A2AS A projestcovlopmon tami comerng ang production data ois tex deck. The tam remove eritve dat clement before oan tim the st ewitoemet. Which ofthe allowing aor ‘mcs sol an IS aur have wht practice? |A. Nota fntioaity wile teste resistin dt are intr inf he et riot Speci aig oie, 1B. The project may un over bud. Jusieat [ALA primary rsh of using production data i a est dock i that not all ransctons oF Funeionaity may be weed i there are no dat that mee the reqerement. The resence of production dain st izoament isnt concern i th ens clement have beenscrabed (Cetera deck pron dat doc trie pid Knowl, 0 his i at once 1. Thesiak of pot runing ovr badge slays Concer, bit is nt ela othe racic of sing ration data in tes coionment ‘TIGA Review Questions, Answers & Eaplanaans Mansel Edn 1DOMAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION some A326 Which ofthe ftlowingconsidestios ithe MOST portant while evaluating busines case forthe aon of anew sean application?” [AL Total cost of urentip of he aplication The snares rue for implemetston (Cetin on ester fo he company The ia aml complexity of ecryrouiemnts Cathe correct answer. usta panna cost of owreshipof th plication important undorstand the escure and budget Tepirements inte short at ong er, bowser, decisions shoul bs has on beef lization {Sobvnis enum Teste ttn om meatment (ROI i tho ost pert sneeraon si Thevavource eyed for iplsmenacn she aplication ae an important comirton Homes, rcs shoul bas ca faci realtone hs investment. Therefor, ROI sold be ‘roflly comida cThepropened HOI benefits slong with targets o mets that can be measerd, ar the most Innpartant ropes ots busines eave. Wile reviewing the busines case, It shouldbe verified {hu the peeposed ROL is achievable does nat make unreasonable assumptions and ean be ‘menure for secess. (ens realization shoo look beyond project eeles vo longer tem ‘tes that conser the fetal Benesits and tal eests thraughoat theif the new system.) 1. Thecontand conplexty of cunt eestor ae ipo eosidetions, but Tie) nee be eich agaist propo benefits ofthe sppisation. Therefore, ROI is mor port [A327 —Thedovelopment oa appiction bs been outsourced ta 38 ofthe vendor, Which of he allowing {Mould be of GREATEST concer 0 nS auto? [AL Thesight to at caas was noticable contrat Th The usines cue wan not stubs (C.There nas no sues code escrow agreement 1. Theconac os ot cover change management proclires, estat tne lack ofthe ight oat clause presente ish the onpniation; however, the sk is mot as ensesatil the nk of a husinss case 1, Became dhe busines ease wat nt exablhed ts Hkey that he business rationale, isk and Fk miligation strates for outourcing the application development were nt fully evaluated ind the apprevite information was not provided ser matagement or formal approval ‘This staton present the bigest isk to the oryaniza (crt sure ole is held y the provi and nt proved wo the rgaizaton, the ack of sourcecode ‘Henne precnna fk the orgaizaton ower, he ako as comegctial a the ack of | bres ese 1D. Thelack of lange manaysment procs presen a sto the organization, speci withthe ‘ossly oreoriny charges or any segue changes however, he Hs ha ws Consequential Site lock of barnes caseEafe DOMAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION ots Ss 22K Before implementing cntols ina newly develope sytem, management sould PRIMARILY nse hat the conta: (A. satiny a exuiement in aes dont reduce productivity Cetus on «minimized ont analy D.beditectve or croc. “The purpose of control te mitigate ars; therfore, the primary consideration when selecting contol stat i efetively mitigates am denied risk When designing contol, fe neretary to consider alo the aspects in choices A through D Ivan Meal siteation, contra the cost maybe prohiiie; therefore is necessary Wo consider te ‘onto related primarily tote tretment of essing risk Ia te organization 18 Contls wil olen ale roductty aed performance weve, hs mite alco agus he tenet obtained fom de plementation the cel ©The most important reason fora cont ol so mia kan the selection of ont uly tel om a cabot analy maton selecting jn he es expensive in 1D. _Agsind control environment mil insite proventve, detective aml canetve cnt, (A329 Infomation for detecting uauorzed input fom a user workstation woul be BEST provi by the; A. cong printout transition journal Cautonated sponse Fe isting sro ep isthe correct answer osicatin: Av Acobole asprin mothe st toca aes recond ety rom a pif emia. [BL The ransition Journal recor all transaction activity which then ean be compared 1 the sutyried source decunents to deny any uesuthrlond inpat. Amanat pense ie iting sory tua activity where a eit ror cctre 1B. Theasereer opt ists aly iat th oll an eit oral dos mt ec inp ang “GGA Review Gonetion, Anewers&Eelenstone Monl 7 Ellon — pan cpm ch ingONAN 2-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND mapLeMEnTATION — (cisy Siti [A330 Which of th fawn has the MOST significa pact onthe sucess of an aplication ‘sytem inplemeratie? |A. The prototyping application developmen thology Compliance wit applicable extemal equrmens Tae ver onpantzatcna exvioament 1. The software resnineering tchnigue (Ce the correct answer. Justeation: anne matting application develops fsbrigue reduces he inet deploy syioms primaniy {yng aster velopment os Ha alow a wer ose ahghleel view ofthe woking of he Pe pm natta actors ped ane The we o anyone dnwleerot eesicgy will Fane lined pact on the soos ofthe pose 1h Compliance wit plicable extemal icc his ntact on he implementation stces, bt he nnoct snot significant a th impact ofthe overall otganizationa ev ronments. The overall xpanationa environment has the most gai ppticains sytema implemented. This includes the alignment beoneen ‘rvimatariy ofthe development proces andthe use of change control and other project management eo 1. Thosatwarrominsering ionique a proces of uplatingan existing sysicm by extracting Tin teuang derpnad preg criponens This sue Suppert major change in he way ‘eniation ope, is mpact on the mcsest the appliaion yes ht are mpemene Stra ecmpared with he impact ofthe over organiza erirnen |A331._— The cigs of dt etre aa rome sit is pcfrmed MOST cffestivey a A. cental proces st fe rama the aplication stm {2 St proses site during the rnning of he aplication sem. Canoe proce ste afer anion ofthe dato the cota roesing it. 1 Rona ues ate pir torsion ofthe data to he coil provesing isthe correct anaver: astcation: sree ating dat pio to emaison i the most ficient method aa tes the eff of tansniting ‘Shroceming sad dts, However, de to he isk of tors beng inodueed dating tensmission st Sto god price e-sadnte the data a he central procesig ie Nidan dataport ansmisson he mt ficial method snd snes the ffert of rans tr pening raid dt, However, dc wo the risk fers Being introduced dr ico pod pretice 1 r-ldate ted athe cena processing it. coveted cr thas boos ansted is mot a all conta 1D. ei important thatthe data entered rom a remot site is edited ‘ransom the central precesing ite — (SE a RN AFess GEER __DOMAM 3-mFORMATION SYSTEMS ACOUIITIN, DEVELOPMENT AND IMPLEMENTATION A332 The MAJOR consiation fer a IS alte reviewing an organization's T projet plinth AL Whales cist I environment buts li, 1 invetmen plan, station ‘ArT bgt is inert to ese th he resources ae bing ase ness mans bu this is secouary tothe imporancs of reviening the sins pln. 18, Thoeniing IT erwronment x important nl wet rnine gp analysis bl i secondary othe insertance of revioing the busines pn. iemant akes a hole view of company's fverall strategy, IT strateny shouldbe aligned with the business strategy ad, hence, ‘viewing me busines plan shoud be the major consider 1b. _Theimesenen pans mportant a sto projet pores, scot the portance of revising the busines pln, AAS Regression esting uneraken PRIMARILY tense AA. syst fnctonliy msc customer regurments ev system can operate nthe target em roe Cppleble development standard ve boon mints 1. apd changes vent inroduced new eros De the correct anewer Sustain [A Nidan testing ic tne ott the factional ofthe sytem agai ded rien to esire tha sofware consucon i traceable o ester resumen 8. _Socibiity testing is ase 0 se wher the item ea aerate inthe tag environ without advase imp on the exsing stan €. Safar ty asinine and ese reviews or wo to deteine wheter development tnd are 1b, Repression esting i used f tet forthe ntrodcten of new erorsin the system ar changes have been applied ‘TSA Review Questions, Answers & faplanelns Manual TP Eldon aonDOMAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION oun ‘apropos nection procesing applic wl ave many daa cpr sous a cups in paper ak aaeittnc em, To cuae that ansation ar nol bst during procesing an 1 wator shoul reomimend the nslson of A. alitiion conto 1B inernal roi checks, Ceca conta poses. stoned systems balancing. ie corect answer. esti seaman output validation cons ae certainly val controls but wil at detest ma opot 1 tema rely hocks ave vali cool to detect mor in peocessing but will ode nd ‘pot ot ransstions. redetal prove could he wot summarize and compare inputs nd oups; However. 8 eons proces ss suscep oer 1. Avemated syst balancing would be the best way to ensure that no transactions ae lst fan) imbalace between foal inpats and total Qutputs would be reported fer investigation \Whish of he itowing shoud Be an Sault’ PRIMARY conez fer dscovering ta the ope of 1S projet has change aan impact stay as no sea performed? ‘A. Thetine and ost implications cause by the cans 1S Therisk tha eesion tents wil fi {C.__User mot arcing withthe change 1. The oj cum avin he kills to make he necessary change sernAny sope change might have an impact on duration a ‘nhy an pact tad ie comdcted, ud the elent is nformed of the po 1, change om sep doesnot nessa impact heist esesson tests wl fl ©. Avinpoc sty wl otter ether ses wl age wih a ange op, 1. Comlatng an tpt ay could deny lack of oporces such as the poet eam locking he SGitencceuary o mate the change; boweve, this ony part of he impact on he overall tine Tins fn ont othe projet du to he chang, EneDOMAIN 3-INFORNATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION AL36 An Stators revicwing the softaare developmen capabilities of an oganzation tt as apt the azle mettodology- The andor woul be the MOST eoncemed i A. cern projet cations pris prof- concept delves a unfit cde 15 applcatonfearres an developer processes arena extensively doctmeni (C._Stvre developmen cams coma rep ech spo heir mse posts, 1D. project managers donot maraze project sous, leaving Hao pojet en members Atte correct ner usta ‘AL Theagil software development methodology isan erative proces wher each iteration ‘or supine produces font development team was producing code fr ‘emoastat a se Benue the follwing Hertions ofthe projet B. _Onetocus of agile methodology toy more an eam knowlege an rece fntina ede ‘ily These characteristics would eatin es etenive daimentaion o decimentaion mele nthe ede el (©. ‘At each teraton oe "pin pie develope team epla the pests that unfinished task se perormed, ap esemres ca he elle ee The corti panning sky component of ail develope motile The vanagement of aie sofware deepens erent from conventions development sppesce tha lads al fiiirs a allow en mane o dete howto manage {iown esourees to et each spit cmplta. Because the arn meet re peer te wok, they ae in ge potion to wnrstand ow mich melt equ to compl si, ASST. Which of eloing sata vation litte in dtsting transposition ad tami eros? AL Range hock Chet die Vali desk Dupe chock Bis the cerect answer ote: ‘AL Arrange check is checking stata matches a preterm ring of alawable vals, 1B. Acdech at isa numeric yale thats eaeuatd mathematically ands append to data t ensure ‘hat the vigil dats have not been tered (2, an incorrect, bu val vale substi forthe Digna, This cone elective detecting transposition ad transcription errors GA vaiiy checks rorammed checking ofthe dats vail nace Wi edo crea 1 Inadupicate check. ner fesh uansacons are matched o those previo ered tense tt they me nt ary in the syste, “GGA Review Questions, Answers &Eaplaneane Mansel Eden 168OMAN 3-INFORMATION SYSTEMS ACOUIITION, DEVELOPMENT AND IMPLEMENTATION [A338 Two monte fer mor aplication inplementton, manugenent, who assume tha the projet went wel, Trerelh an saute forma rvitw of complete poet The I auior's PRIMARY fous thoald boo |A. derma whether user festa onthe system ns been documented BB Secs unter the plnned ont benefits are Being mesure analy and eprtd CE vc cools ut to the ys ass that they ae operating 8 signed 1. ev sbeoqet program ange ree (Chete correct answer. ustifiaton; Fane 8 autor soul chosk whoter wor eedback as been provid, bu ti a fe most roman taf 1h Wsiprtnt was he ffevones of he post; however, asain that he potion ioe equnlyconlled afer the implementation if pamury ence. ¢.__Docsune management is sasuming thatthe plementation went wel the primary focus of hes sudior tots the contrat ult ate the appteaon to assure chit the ae functioning ar desigeed. 1b. Revonng chnyerquess my bea god idea, but hiss mae importa ithe aplieton s pvesived to fave problem. [A339 Which of he fllowing typos of sk could est om inadequate ware prochain? A. Sigp-ottdehys 1B Sotwar ey vobtions Scope creep Dy Inadequate conta Cin the corret ans. siiaton: eam dlays may occur de to nabs sofrsbasoinngs however, hes ae mos sly ‘nod by scope eee, 1b. Sobre iggy vations ca be case by haar or sofware falas malicious nis or Ciorerrors, Sine tsclining dacs aot help prove soften voto c._vottnare basin the cool point inthe design and development of» system. Beyond this point, ditions requirments oF medications to dhe scope must go through formal, tit Praccdure for approval based on a busines cos-benl¢ analysis allure fo adequately manage pevoten thug besening ean rest uncontrolled changes law project's cope and may {ncur the and budget overruns. 1 Inadequate cont ate mos ily presi in stations ia wbich information security i wt dy Cowie mth begining of sete dvslpmon hy are mot ik tha an be adequately bese by sefbarebseing ee Eee te eee eee eee eee a(ord SSE” _DOMAIN3-INFORIMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION [A340 An organization implement dstsibted acseunting sem, andthe IS aio is concn & ‘estiplerentationreiow to provide astrance nh data ney cons. Which the flowing ‘Shoes sul he autor prtoon FIRST? Eval the change request proves valde the revnetinion coer Revi the data ow dig, paee Dis te correct anne. Josten ‘AL The view of wr access would be inutanthoweve, in ems of ata inti would be ter to revi te dota flow diagram, fystan should be dnoument Trt dtrinewhathr the ranstns Mow to ter nyt Calin thereon cools would ely oensire data epi; however ts ore imprint ouindertnnd the eta feo he apliction to crsire thatthe veoneition conte ae lect in he caret place 1, The 8 auditor should review the appeation dats lw eagram to understand the fw of da ‘ith the apeation and to ther systems This wil enable the IS autor to evaluate he ean an effectiveness ofthe data lntegrity control A241 Daring theaulit of an acid software package, a Sali fnds th the soar purchase was sed ‘on fermi obiaine trough the Ite, arta respuesta requ for propos The 1S ‘dior shold FIRST: ‘A. tet sofvate for compat with xing hardware BR _peverma pap amine Cv the ening pig. 1. cha that the posers hal Koen appro De the correct answer usta [Ao Because the sotware pckage hase been equi tis mest ily tat its in use and therfore ‘ompatbie with existing ava. Frte, the st esponsitty ft 1S aud oes that the purchasing proces ve osha 1 Becase tere was no Feust for propos, hee mu emo docisnenaon ofthe expectations ofthe pra and noting to measure x apy against. The rs task For the IS autor io ese tha the Parclsing proces were vel 6. The iensing py shoul be reviewed to ensire prope icsing but oly afte he purchasing procedures rechecked Inthe cae af deviation from the predefined procedures am 1S auditor shoud it ensure tha the procedure followed fer acquiring the stare fe consent withthe busines objectives hasbeen approved by the appropriate authors. ‘GEA Review Question, Answers & Eplnations Manoel 1 Edllon Se[DOMAIN 3-INFORMATION SYSTENS ACQUISITION, DEVELOPMENT AND BAPLEMENTATION |AB2 A fails dacovered in hich ofthe flowing testing tages would Have the GREATEST impacton the implementation of now application softwar AL Sytem testing BR Aseptanee testing ,etogration sting DL Uniting Die the correct answer Jusieation: ‘Ar Syatou tating isundetan by the development cam oder if the combined units of software Swrk iogeter sa tha the software met nr reurerct or peificatons. A Fre hae wuld beenpenive Duteaser to fix dan a alae oud late in the testing proces 18, ‘Acceptance testing the final tage efor the software fnsaled andi available fr use. The reatn impact would eeu the software falls atthe aceptance testing lve ‘Soul real in clas and ost overruns C._Iogration texting enamine: the unmade integrated system and unit esting examines he invidel units o components ofthe sofware. A file ore would be expensive and ei re week ‘fhe modus ft wou athe a expoaive a problem found jest pir 1 iplementtion, 1p. Syst inogat aunt testing ral erfomoy ths developer vars ta dln the int ffs comparator ech han he at th acepance esting Ss AB} Which ofthe following is the MOST Hey henefi of implemesting tare infastacture? Improved csttctivsnes of 1 service dlvry and operational suppast crs soc ofthe IT secice dlery cote Reco level of avestneat ie the FT insite Re nod fr esting Fate apbction changes ‘Awe cortect answer. ‘pe stanardiecdTiafrastratare provides a content set of platforms and operating systems scross the orgasieaton. This standardization reduces the ane and fort required to mage 8 {tet dgparateplatforns and operating systems. In addon, the implementation of enkanced ‘perational support tools (eg, password management tol, patch management took and ato provisioning after acest) tmplied. These ols ca help the organization reduce the Cost, [IT service dvery and operational sepport 1 Avtndart tse ests ina mae omegencous einen whichis me pene atacks (CWhiestinlriten co rue spp os te tant oa sandal Kc be epee, three thecal! oF astute messnent a ayo Be ac. 1 Retandrdaed aastactare may simpy esing of changes, but it Joes nat reduce ened or ‘ch og = —_ “GIEA Review Questions, Anawers & Explanstions Manual 12” Eatin(isd SESE _ DOMAIN 3-INFORMATION SYSTENS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION ALAA Which of fllowig tthe MOST inportnt clement in he design oa data warchoas? A Qnty ofthe metas 1B Spool ofthe tamctons C_Vobaity or the da Valet ofthe stem Awe correct ansner. Justia: ‘Ar Qual of de metadata the most important lment in the design ow data warehouse. A atavrarchoate ra copy of Metadata describes the data in the warehouse and aim provide a table of contents othe stored information. Com ave built warchouses elev that ma 1m, ‘Aldta warehouse se for analyse ned reser, nt For proaction operation, othe sped of (© Dataina das warchouse sequently recive ra many searces and vast sown of nfrmation ‘maybe recive om an hourly o diy ase, Eacept ensue adequate rage capi ti a Dray concen of the designer 1 alawarehouses may contain sent informatio, or can be asd research sense infomation, safe scuniy ofthe dts wren ergot Howser his nthe primary concer of Ae cesianer ASS Mealy sess esting shoud be cari ot in [AL testemironmont sing ts dat, 1 prodiction cwionmet using Hie worklods, CC. Cxteroament using five wrk 1 prdaction vironment using tet dat, inthe crrect aamer. Austin: ‘An Atotemzonment shoul abayshe wed io avid damning the production esironment, bi only testing with test data yo tet al aspects of the sytem equi, 1 Tet should never uke plase ma proton eminent C.__Sies testing is carried out to ensure that a system can cope with production workloads. Testing ‘nth production level worktouds i iportant to ensure that the system wl operate effectly Ince moved into production, 1D. eis nat advsble dose leg in a prehcson eminent Atel, if ny est ta are sel ee no certainty ha teste Ws tess ested adel “GGA Review Quston, Answors& aplnains Manca! 7 Eon Fees 17‘DOMAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION (cso As sear Assignment of process ownership f ese stem development projects bese i AL orbs the tacking ofthe development completion prema: 1B optimize the dig cost of wer aceeptance fst case. {C_mininiaes the gps betwoon requirements and funtion, 1 Grn ht syst design i ted on business nets D tethe correct answer. Avstifiaton: partes onneshipasienment as ot va Fare o tack te compton percentage of dla. A Whetber the dst cot of es ans wil be pteized isnot determine fon th signet of ross cers ay hel ta seme extn owen there ars many or Factors ioe nthe (sgn ora C._For pip minimicaon, pete rurement aml fame work should be in place ad then ppt, hewevee a zap muy be foul between the exign and tho ay bl system tht coll Kea to SPR ution nt mecting repro, This wil be ientifiod daring ar acepance esting Poco emer alone dos not hve the cipbity to mize requrent gps 1b. Thwinvolvement of proces awnery will ensue that he system wil be designed according the shade af the bsess processes that depend on spsem function. A sig-at onthe design by the pracss owners crucial Before development bens. “The BEST tine foran1S autor to assess he contol specication fnew aplication softwae package shih being considered for quisition is dung A. the internal ab ting pase tenga port ser aecepance, Cthereuerment pthering proces the smplementten phase (Ce me correct suse useations annnparng testing fe 1 aioe will ensue hl the secur requirement are me. This is at the inet ‘oc the cont specications. 18, Thocomolspeifistion wl dive the scuriyroqutement tht ar ul io the contact and Auld be ese bafre the prodet acgued and ste C.The est ie br the involvement of an IS andlor is atthe Delanig ofthe requirements Aeon a hs development or aeqastion af applications softwar. This provides maximum, Cpportunity fr review of the vendors and thir produes. Early engagement ef an 18 xudior inca commitment to given solution tha aight be inadequate and mare ditt ovecome asthe process continues, ‘0. Daring the implementation phase the IS sur may cock whether th corrols ave bec enabled: eves ote ime oases the cool gases a ae a‘SEms™ __ DONAN 9-INFORMATIN SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION 24H The phasosond deliverables of stam development ie cele projet shou eden A. ring he inal panning stages of te projec, A Sfersaly pinning as hoon complete bt bare work has began {© houou the won tgs, tse on sk and exposures, 1. eral risk snd expres have ben enti an the 1S autor has recommend srrepitecamols ustiiatin: [A Wirextremely important tha the project be planted property and thal the specie phase and ‘alvrable are identified daring the cary stage ofthe project. Thi enable projet racking snd revource management C.Thersqirements may change ovr thei of «proj, ut he nial elverbles shuld he Secueated To the bepaning ofthe projet. 1B. Rsk mangement isa neering proces 9 pre! pling came at nl al ri as een eid A249 Management serv hat the iil phase of a mulias inplomeaatin was bebine! shee ant over bud Prieto cormmereing withthe next phase, am 1S abter's PRIMARY suggestion fora prtinplenctation focus hoa be 1: |A. se water the planned cot benefit ae being measure, analyzed and reported, _tovtw ent ances an verify tha he ye procesing data county. C_teview the impacto program changes nace dating the st pee othe renin ofthe proj. 1. deternine wheter he sytem’ objectives were achieved Cee erret answer Sasieati [AL Whileal choices are valid the postimplememation focus and primary objective sould be testing the pact ofthe problems tn the ist asec terrain ofthe ple. 15 Theveviw shold anes Wiehe the cn f working eared but shoul oes on the poems tha Edo pect ontrasin budget and ne (CBecase mangement is aware that the projec had problems, evewlag the subsequent impact wit potential cscs ofthe prefect sues. Tis wl help (0 ealy whether FT has adequately planned for thne neni subsequent projects 1D. Enring ht thst work primary objet fre Soni, bt nhac base he project ming are, he IS sk cso ese nina ae “GigA Review Gonaons, Anewars & Explanations Maal 7 Eon EEE Een geesOMAN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION [A350 When implementing an piton sofa pk, which he lowing presets he GREATEST is? ‘Uncoioled muti sotare versions Source progr are se syacnenized wit bjs od Inconel set punters Prosamming ts Cis the correct answer. Justia sreeslanng tiple version isa probe, but as lng he corr version i implement the most ‘cious rk during ilermntiton ove he parameter oth pregram st nce .Lackefsymtoztion Dotan wore nd jot cede wil be sels isk fr ater maitenance ompled progr, he wll wt ft fbr yes engrams ad at he mt eos sk at the tine of implementation Cc. Parameters thatare not st correctly would be the greatest concern when implementing correct set parameters area inumedite pra that could sytem breach, fallare oF meneompliace. 1b, Programming err soul be ound during testing. nt the ine of inplementtion A351 Which of he following isan advantage of prototyping? ‘AL ‘The nse syst normaly has tog nea ent 1B Pretty systems cam provide sinieant Gime ara ost svg. {CChange conto i often less cmplcted with petty systems 1. Prttping cass tha fintions or extras ae no ded othe intend stem Bs the correct answer. sostcaton seeing on has poor intra contisbecase the esis primary icy, nt on Seay ‘RL Prowinpe systems can provide sigeficant time and cost avings throug Deter user inert ed the abity a apy ada to changing requirements: however they aso have several ‘advantages, eluding os of overall security focus, project oversight and implementation of 4 prottype hari not yt ready for production c.Ghing ent tesomes mach more complied with prteyping 1 Prtyping en ad wo fancins ce ext being a to thse hat nee ot rg in — Seeeetenaliies iiieeaeenenaeemeienramanSEHR Doma s-inroRMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION ABS2 Tho PRIVARY objective of performing a postinidnt eve that presents an oppectanty ‘AL impove itera contrat proces. 1B hardin the network to inky good paces Cig the imorance of inert esponse management management, 1. pve employe anareness of the etal sponse procs. Aine correct anener, ent. The lessons earned the purpose and er the information security ty improve she security program proving theft re 18 A pestnedent review yrs in improvements conto ats peimay papose ato harden nemo. The supose of postin ee ese tat he opprtamity is pres 1 er esos am {he ice, eno tee ae Fru to educate mange 1p. ‘Acide may te sed wo enusize the inperssice of lent espns Bu that sot he Intetion of the postin ee ASSS An advange of wing std lve tansactions in test data ithe ‘A. alltnsetion types wil bint 12 cyer nvr ction Hel ob ested C.__pevia outines are oq 1 sts the roel 1. test tansactons ae reese a ve processing 1 ite correct anower Sestientons ‘AL Sunized production dats may nt contain all trastton types. The et data may ned to be modified to err tht all datatypes are represreed 1 Noval er types are Seo bette Besase mes! proton dt wil ony conan certain pe fees, ©The wis ean be ese using veal routines, tu a is ot a initia advantage of sine ssnized Tie data 1D. Testdata wil be representative of Hive processing: however, is important that al senstve Information inthe ve wransaion He & salir o prevent improper data dacasure. {GA Review Gunton, Anewers & Explanations Manal 1° Eilon eee htDOMAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION ASS! An IS auior's PRIMARY concem when aplication developers wish fo use #copy af estes ‘roduc tasaction le fe volume es hat A. wpes may preferio use contrive data fr testing 8 drmuthrze aces to sensitive data my res C_Sror handing ant eel chocks may ote fll eon DL the fl fnetondty of he new proces may not noses bested Rie the correct answer usta react data re sai fr were owe oc comparison purposcs, TR Unies the data ae sanitized there Isa risk of dsloing vensitve dat evi a thes fleas of sensitive data 1b. Usnurncopy of oseton dt ay’ no sal uncon, bu this wo as ero a8 he risk of Coches of rnitive Jat. |ABSS Which of th following ithe PRIMARY purpose frconduting parti sting?” [AL Todetrmine wher the sytem is cost-etve BL Toone comprtensve unit and syst esting Tobit crs te peop nesoces with ile 1. Toonsre the now yom oes user requremcis Die the corrctansner alll etng ry sh ta he lyst is ths othe pay reason fr parallel ting 18 Unizand systemtesting are completed before parallel ting propa avert with file ar tnd for ern: drt Stem testing 1D. "The purpose otparallel esting it ensure thatthe implementation of» ne system will mest thor raeiremants by comparing the rere the oyster withthe new system 0 em ceorect processing 1 more cos atv ha the new sytem, but |ASS6 The kromladge base ofan expert system that wes questionaire to fea the ser dough w eis of his baton conchson reached Is known ‘ecsion es DL dtaow dagen ise correct ansver ustiieation petals refer tothe expression of declarat Deeb Inreached. Somme es consis fa graph in wich nods pest pial ox consul jetsam eas ‘Serb he tosh toon the nodes. 1b. ‘Natatow diagram std to map the progtss of daa Hugh x ye and examine ogi, ee nding a its management nowlodge through the use oF then elton. ies to lend ace trough a series choles unl a conch py care § Romasteas Hamad 1° Gone= GEST _OOMAM a-FORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION [AST Anaanlag in wing bitmap vers op don ppch to software esting is at A. tere eros are detected ei. FR confienc nthe stem is ahive eal. © roe merical modules re detected exc. mao fantons and processing ar eed ci. estiieaton erie eros wll ot be found wt liter in he ttn press ata et of iteration of syston ting 1B, Confdonce the system cote cise ail th esting i competed G ach to stare esting begins with the tein of atric wets, such as Suvantapee nf sing a botton-ep approach to software testing are the Tat that errors i eval Imadale are found erhir 1. otem-up esting tess naa components and majo fections and processing wil nt be doytely testa isto lita esting scope [A¥SH—_Dacing whch ofthe flowing phases in system development would user aczpanc et plans normaly beremaed? A. Resi study 1B Regurements definition Implement planing 1 Peanplmontation eiew isthe correct answer asian: ‘An The iit sy isto cry Forsch eae ser fveemen |B. During requirements definition, the project tam wll be working wih he users Co define thir reese objectives and functional needs, AC ths am i be working withthe eum {o caneher and document hw the ste fanctionaty cam be tested to ensare that it Aheir sated needs. An 1S a0 nse that Cost effective and filet C.Themplenenticn punning pase when the es are conducted is to late in the proces to Aeveop the es pan 1. Useraceptnce testing should be cone pio to inplementation. {18h Revow Govstems,Anomare Enplanaons Moncal 1 ESlon 7‘DOMAIN 3-INFORNEATION SYSTEMS ACQUISITION, DEVELOPIENT AND IMPLEMENTATION A389 The ws of objector design and developmen techies woukl MOST ily: [AL fiat the aby reuse modules Benge system performance ennce cna estivenes. 1. speed up the systim development ie yee Ashe correct answer. estifeaton: sree the major benefits fost oreted design and development the aby (9 ease modes. 1B Obgctonemed ceign ent infendet a method of mpeving ster pedfrmanes Colter etextncyess is nat an sjsive of objeto design and conto stvenss yin Fass reduced tg thi approsch 1 Thlutcofcbjge anced dsgn may spd up the tem development i yee (SDLC) for fate Fojcas tough he ouse of mals, but wil ot speedup development of he ini projet [A360 Which oft flowing shouldbe inhi in eat stay for a proct to implenent an lcronic ‘ut intrchane proces” [AL The norton seerith fmt BL The dota mer conel procedures {Che necessary communication prosoeels 1D. The propo ese hi-partyaprsment ‘Cite correct ans. Insti: Freres taon algoithns ar eo detailed for hie pas They would nly be utp, and any cost perlxmanceinpcations shown 1h, Pecenal sont ocedures re oo dts fr thi phos. They woul nly be ote and any cst te perfomance plications shown CC. Tae communicitons protocols mest be jee because there may be sgnifican coat Irptcatons if ew hardware and software ae iyolved, and sk implications Ifthe ec emer to the anganlati 1. Thnry agremens are too detailed fr this phase, Thy woul nly be outing and any cot or forming tgcations shown When new system 0 Be prc within a short ine fame, MOST important finish writing wer mamas perform user espns ting TI fst inte enbancemeuts 0 funciona, ‘sure tat th ado a eon docurented and revowed osteo: sreentne complain ofthe yer mana ss inportan an the neo wo test the syst ately ‘BL Toul be mst rsportant to complete te user aceptance esting to ensure that he system Co be implementa working correct ime eiht fe ht hig one wold war odo is al ante enhances boast wok be town toe the oles phe th testing te make ay te bangs fate 1 Trend be appopeae to hve the ode documented and rowed, bt ules the wesepanes esting {Stomper sn tan ht he syste wil wrk corres an mest ser reuirements, en EEe SSEREE __DoMam 3—WFoRMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION A862 Once an ognizaton hes Finish the business pcos engineering (BPR) ofl terial operations, an 1S auditor would MOST likely feus ona review of (AL pre-BPR process owchas. 1B pose BPR proces Macher CPR prose pans. 1. contnaoun ngrovement am! monitoring plans. estat: [Av An ISauitor mast review th process itis today, tas inthe past. 1B AmB auditor's task Isto deaty and ensure that key contra have ben incorperaed into the reengineered process. {© Rainn peneeerergicoing(QDB) projet plane ar aca within a BPR peje 1. Costas inprovemen ed montring pln ae sap within 2 HP peje [A363 An IS autor finds that a ystem under development has 12 ike le nl ah tem of data can cay upto 10 dnb atte ke. The syst hans ever milion sacs a year Which of thee techno coal Sadr we to etna the sie of the development eet? ‘A. Pragar evaluation evew technique 1B Fantion post aaa GCouting source ines of oe D. Whit box toring Bic the corest answer estioation: ‘A Progam evaluation vow technique a projet mangement technique we nthe planning nd con of system projets 1. Fancion point analysis sn technique used to determine the ie of «development task based on ‘he numberof futon potas. Function point are fctrs sich as Inte, outpas,inauies and ogi internal sites. CTherumbe of source eso eae pe et ms of poring, bt tas a all er he ergy ha my be case by hain mull ike mds arty of mp aut 10. Whitebox testing involves deel reviow ofthe Behave of prog cae Iisa quality assurance tcc sued Yo simple applications daring the deen and bing sage of delat {GGA Review Govains Anewers& Explanations Manel Eilon eee‘oman 3-iNFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION [Axes Accompany bax contd wi ah extemal consuing frm o implement comune financial sem to area siing soem developed tease. Tn renewing He roo development approach, which of {fe fallowing would be of GREATEST cance? [AL Acceptance teing isto be managed by wer BAe plan sot part of the contracted deters, CREE tines incon wil be avait on inal mpemettion {5 Peteyping bon set onfem ta the ssi meets business eysiremens ustifeaton eto nelly manag by the wr ate caus Wes st be sified hat he new system 1B, Aquat plan ban essential lems ‘pe reqire to produce such » pli a projects. Iti rite! that the contracted supper The quality plan forthe proposed development contrat pe ral uc comprehensive and encempas al phate af the development and inchade which thins neta wil be inckded and when eee ana nsein approach to nyplemerting the application i rasonabl approach GPa aval to of ensring ta th system wi meet bsiness requirement 13.65 When pain busos ato spr the nel fan lect at warchoas olin, which of he Mica icttice he MOST important ssi management nth decsicrmaking poses? A. Dnata singe soon Consider ceri control Demme sii 1D. Cons the st doparen [Cs the correct answer cation: Munna cave soul discuss all posible solatons toa given pcm, which wou nab Ape tacts the best option. Ths may nla he opin 0 o undertake the projec AAD ape unt pinche rey soridosone a he busines case secant 8 mporint ey a ad wl eee te publ; bowser fe Fas sty smere import nd is ecesoary alow ofthe ype of ble ‘c_Thetaince ave sould demonstrate fensbity fr any potent project. By inctading « a ht cacy i the business ease slong with emst-Denet ana}, management ex tiaormed dcson. Men poner preparing the business case my consult with dhe anganizations uit departmsnt, ‘hou baton ands aot ecessry to clue in the sis eaeiis” __poma 3-roRMArion sySTaMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION ‘53-66 Funcionlty ie characterise sci with evan the quality of software procs throughout tsi Tie eye, andi BEST decribed ae the st of stiles tat bar on he: A. existnce of se oficial pci proper, sly ofthe sofware to be nsferad fom one entrenment oath C.__Saeiiy of software to maintain te evel of perfomance understated coon, 1. _reatonhip betwee te perfantce ofthe software ted he aroant o resouers bed [Ar Funcionaity i the set of tributes tht bears onthe existence of st of functions and thei speed properties. The fanctinalty ofa system represeats the ass, opertions and purpose tthe system i achieving i objetve (ie, supporting» besiness quirement). 18, Thesilty of th wotwore toh trmfered mane seen to nether rer poral The cai of are omnis velo prermance una stl como lr reat 1D. The sitionhip between the poformance afte sofware an he amoxnt of esoures wed ees toeticency A367 During he development of an apliation. ality assurance esting and user accep esting were ‘smb The MAJOR concer fora IS ate evewing the pret sth thee wil be: A. nro maemo. 1B improper documentation ofesing. CC. rppersexepance o's rage DL deisin prblem reson inthe crret answer. ustieatin ‘An The netod of esting wid wll allt he maintence ofthe tem, 2 Quattyacsrance an wer necepticefesing ae oflen ed busnesvprsenttves according fo 2 etic tt pan The combination thse to et wl no affect cameron © Themajor Fisk of combining au ser: may apply pressure ‘mest quality newarancewandarde 1b, The nth o esting shoul not aes the time ins frreoblen eto, AMO The GREATEST advange fap aration develpent over te ton systom development cle ist it AL Siciltates wer imoleren Blows early testing of cbc Fears Cf cormersion tthe new sytem, 1. shoe th velopen time fame D ithe correct answer usta ‘An Rap pplication development (RAD) emphasizes rete ster ivovement eure ti the yom ‘mot arr requirements; bower, primary objetivo speed up development 1B RAD dour alow cy ting but lie cal ee fre ona ys devspmet ie sl mol CC. RAE dows nt fc cameson to ew stom, 1D, The greatet advantage and care objective of RAD ie rhorer time frame forthe development ofa sien, “GA Review Gueton, Answers & plains Manca Ellon a eres‘DoLAN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPHENT ‘As Aa lS auditor eiewing propoolaplisatin oftware asqusiion shoul ensure that ie: operating syste (0S) bing wid i compatible with the xsi hardware pat, sree 8 ups have bn shell o minimize neve imps on company ne ‘Ds asthe atest vests and upd. rodet is comple with he cere planed OS. iste correct answer. Sustifcaton: sean: caine tem (OS) curly being ws cis xpi wth the existing havare Dt: ft were compile, it wouK! nt opera pop Fh olamd OSupdner hou te sted 0 minimize mate impacts on the onion, bt {ine uti ve wen condenng Teac uF nen as co Reet Os sould be equipped with te mos recon versions and updates (with sficient caseand sty), Because ts stale is not consideration atthe tne of considering, ‘csunin one application. 1. Inteviewing th proposed application the waiter should chore sre snupaie wih the current or planed OS. re hat the prodacts te be [A370 Which ofthe lowing sof GREATEST conem fan I$ autor when eroming an alt of cent ‘eluoship wang sysiem migration projet? A. ‘The ectnical gration i planned fora Eriy eecoting slang weekend and he ime wit i 09 short for emptiness Bee pec iorcting the stem ae concerned that he dt repesntton inthe new system is cnet iret om the old sytem cc SURAEEeincmation i planned mmedately decommissioning he kesy system. Fan samira ts taret dhe re il ancrous detec inthe pti Fnsinality ofthe new syste fis (isthe correct ansver. Sestieation: Joven canbe va aime balers tht the new stem wil hve a beter chance of bei up td rnming afer te weekend 1. Taneantt rapes doesnot ean diferent daa presentation the font end Fen when TN ctstis uc can be sls by alegane taining and wet suppor. c._Majortystem migration should include» phase of parallel operation oa phased cu-oyer i eta entation risk. Decemmissoning or asposing of thee hardware would aca nt falback stray, should the new system not operate correct ores inctonliy common neo he tinction toe oe in anew system became secret tcp foformet sn any snes event This meangl esting and he especie a only poonble ater al tbr prs of the salvar ave been succesfully eoSehete” __pomam 3-mroRNATioN SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION ARTL_— Which of he fllowing peso esting would detente whether @ new ot moe system can operate in fs argt vironment wathotadrely inpctng oer existing ste? AL Palle esting DL Pio testing .etacefncpsion esting D.Socabiity texting Die te exerectanewer stent [An Paral sting isthe proces of feeding daa into two sytems—the modified system and an aerate _syrtm_aal comparing the rosa. ths pywoach the ld and ne sysems operate coneatently for period of time und perform the sme processing anton. Thi lows ew sen fo be et wit fete exist systems 18 Pies kes pace int atone lation ais then extended othe locations. The pape to sce Fhe nes syn opus atiafictony none place Belo implementing at ther ston. I to cnc the clever othe new ystom wil dab existing stems C.ntofceintgration tating ia hardware or softer et that halts the connsction 0 oF or components that pass nfaematon om one ate oath The objeto ke une ‘roca an Dl am grt Hts. Th il ot et a re rodton ensrnent 1b, Theperpne o sociability testing Isto confirm that x new or modified system ean operate fn etree environment without aaversl inpactogexstig ystems. Tis should ever the plagorm that il perform primary nppleaton processing and ineraces with ther systems 5 Wellas changes ote desktop Ina clene-server or web development. ASE Attho en ofthe testing phase of sofware development, an I lito nerves ht a inert sofware {src at ben corcted. No ation las bec thon to fsove the tr. The IS air seul [AL repr the ror a finding am ave thr exploit to he aie’ dsctton BL aterpt wo rsalve the eror {C._tosanmend that probly resolton be exalted 1D. gncre theese caus ist possible to st bjt evince For the softwar ere. Ch theeereet answer. Josieaton: 1A Recs it as «minor ero an ving ito the sie retin woul be inapropriat, Astin shoal he taken before the pian oes nto predation, 1, ThelSandtor aot author ese the eer C._ Win am IS ator observer such conitins ett ally apis the auditce and sugest (hal urther problem resolutions be attempted inladingescaatlon i eessry 1b. Negctng the eror won inte tht he str has not token tps rth roe the fs to stil end ‘ISA Review Ovestns, Answers & Explanations Manca 1 Ealen 7 San egnmeeeoun 3-tNoRATON SYSTENSACOUSTION ELEN AN WPLEMETATION seme —— ez aun “Which ofthe following i the GREATEST rsh wo the eectveness of pplication syscm contol? [AL Removal of mama cessing sens 1B aagante proelure marnals Colson between employees 1. Unrest regulary compliance suse ‘Cis tne correct answer, estieaton: pannmnetemation shod remove mans procetsing tops wherever possible. The only isk woul be the ‘nova of manu surg sont thou replacement wi atmated conto th Tac bck of dourenution is prolam on many systems bat ot seus isk in most css, G Chhe tsam seve attack wore mor cllahaate ta hype contol uch 5 Separation Of ‘Gate Such breaches may be dificult to entity becane even Wel-hought-outxpiiat entrols may becirowmvente. Unga omplance iss are rsk but do wot meas ihe effete he eons, An organizations mplemnting new te to replace a epcy syste, Which ofthe lowing ‘Sonvcron practices seats the GREATEST risk? AL Plt Pat CDi eater Do Phasad (ee correct ans. station: Feet eter acres ae done gral and thas, provide gretr recoverability and ar oss isk. Jt implemetton othe implementa ofthe system at single location repo an then a ‘low athe ym fo tert he ean ser the pplication and iplemertation pln ave ton poven wo vr cosety hei ostion 1h cpa tt egies running bot fhe ol and ew syst in paral! fora ine peiod. This wou ‘itt any pbtems or sorssencies between the old and Ae sites. c._Darvetcutover ple switching tthe new system fmmediaty, usualy without the ability to ‘Pocet the at sstem i the even of problems. This the kien approach and may cause a ‘Significant ipa on the organtzato Aight apposch s sed plemeat the system in phases sections this minimizes the overall ‘ik by only fing one aca at ine, aan‘BoM INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION Daring te miementsdfniton sage ofa propose enterprise eure planning system the eect sponsor regits hal the procuenen! ad acouns payable modules be inked Which the following est ‘methods weal be the BEST to perform? Inept esting Soca testing Quay essane etn, is the correct answer. ies: 1h Uniting cece ta se tater gi hina ert rogram or mode a dos te speiclly abs the nkge tetoon stare rede Intranet the est ser rucure dictated by dete. c._Sceibity testing contin tha the ne or modi sytem ca operat in sagt enviroment svthou versely impacting existing systems an does wo spi oftware modules gratia tse best ashe 1. Qualyssrane testing pny wed ere he icf tapi i oct and ds ‘Sevilla thea staan far males Intranet bet newer ‘ress th inka betwee Dring pst nplemeneion review of an energie resource management systm at 1S autor woul MOST lily A. revi acces contol contigraton BR _ahne interac toting C_teviow dete design documentation, 1 vale ystom ein usin [ND Reving aces contol conigraton would be the ist task performed to determine whether scuity has heen appropriately mapped tn deste, 1 lcane a postimplemcration eis done aler wer acepanc esting ad acta imphmenttion, or wel ot eager testing oF detailed design documentation. Evaating interac testing would arto th implementation proces. The isu of reviewing deta design docusentaton isos geval elean toon etre esence matagement syste bocate tes ar wily vendor packager wih wir moral. Farter, ‘cas the syst hr bog plement the I ar woul nly check th tae design iho tryed to bea gap betwoon design and fnsionaiy. 1b. Stan testing shoal be pertorme efre ial we signoll. The IS autor should nt ea to review the lem ots pose implementation, “Gish Revie Quwain, Answers 8 Explanations Namal 1 Ellin SSCScoms-neomunoserrconinoysononunsmsmononen 69} i= aur au ‘An organization ecm delayed customer rbaionsip management aplication tat was develop ‘Mette. Which ot thefllowing the BEST option o cms hl the sppeation eras a signe? A. User accep esting Projet ik assesment © Postimplementaton view 1D. Management aproval of the system isthe correct answer Justiteation: {A User aceptnce esting (UAT) verifies hat the system fupetonaliy has Been dese acceptable bythe end mars ofthe syste: ower, a review of UAT wil ot validate wheter the system i pvorming opr hose UAT would be performed ona subse of salon futon. The TIAT ewe a at af the postimplementaion review 1B. Whilearskasscmment woul high the risk of te system, would not nla sana 0 ‘ery hath stem is operating as designe 6. The parpose of os match orginal yobs, objectives and deliverables. The post how effective th project management practices mer in keeping the projet amt 1D. Managemen appenal of th system cold be bases on educod fartionaiy mds na verify tat the syst is opeting as designed. Managemeet approval isa par of post plementation view ‘tn an online tamsacton proessing stom, dat integrity i mining tht a anacion ia ‘her cpl int entrety ono at all This principe of data meg known a: ‘A. olan, B. consteny. some Do darby stint ‘A Isolation ensures cach transaction is isolated fom eter wanton; hence each ransaction ean ny acest dota iia eg simultaneously accessed ot moiied by anther recess. 18 Consieney cnr ht al intogiy conditions nthe abuse are maintained with cach tans C._The principle atomicity requres that a tamsaetion be completed ints ately or wot a all IE inerroro interruption occ all changet made wp to tha point are backed out 1b. Durty enue that when 4 wanton has boo prt ack to user as complet, the estan ‘hang the dab will aviv subsequet dare or svar lee eoSee Doman 3-mroRATion SYSTEMS ACQUISTION, DEVELOPMENT AND IMPLEMENTATION ASS company undesakesa bases process enpneing projetin ppt of ew al ret mating pose to sscktomars Which ofthe falositg would bean Sao an conc athe ow pce! ‘A. Wheter key contol arin place to etat assets and normatonrexorces 1B, Whoter the stom ables comport ester requirements (C.— Wheber ihe syste can met the performance eas DL Whether the acm system wll pert separation oF tis Aine cevectanower, estat: * oF he key controls and verify that the controls are In pice before implementing the new proces 1 Thesymtom mint meet he roqurenent Of al eaomer ot jut corpse sttcners This i a the (© Thessstom rat meet performance requirements but thc i of ssconlry concer othe need sre that hey conto ae pc, 1 Sepwaton of dress a ey cero —bat ony ene ofthe contro tha shoud en place to set the wets ofthe onpnization, [A380 A compan has implemen new clon server serie resource planing (ERE) syste. Local branches transit ester ares to a cena manafctring fait. Which ofthe lowing would BEST che that he eds re procesed accurately andthe corespanting product are produced? A. Nosiyng production of car ondens Logging all ester rds the ERP system CU ah otal the oder trnaiting pes 1. Appioving (reaction sepsis) alos porto production Atte correct anower. Josue ‘AL Veriteation of the products produced wi the praduced products mate the, Inte order system, Logging can be used to det nacurcis but dos not, nsf, puranie accurate processing (CHa will ema accurate order rnsmison but not acura processing ctrl, 1. Production supervisory pais tine ostaning, eal pes a doesnt earn prepercon ‘CISA Review Questions, Answers & Explanations Manual 12°dlion RSDowAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLENENTATION omnes [ASS When moor more aystns are neato the 1S aioe must evew input conto nthe [Ac Systems osining he output of ater syste 8. Systems sending vtpat oe ystems C._Systens sending ind reesiving da 1D. nrfces Bowen the vo sys, Farm responsible cota so pote dnsran sytem fom contamination eam an wpsteam system, This rite su tharos dso review it cut and the eceling system fo Fees Np Syn scading ita Yo oe systems shoul sire thatthe data ty send are cre, bu a thf the sytans mun be reviewed for kpoutpat eonteols because the syeter eth inp for the other. 1b. Thoimtertaces mat be sep ovetly and provide ero onl, but zo practice io review the Ata bore sending and afer recep ip for Ata2 An tS auiorvecommonts ha inal vain conto! be programmed ata eet card wansaction ‘Splare apptcton he itl yaldton procs would MOST likely: [AL heck to ensre tht the typ of aati i all forthe cad type 1B verfy the formato the number etre then eat ton he dt {C__Sesue thatthe nscton ened whi the ardor’ cre it 1 confinn that he sad i ot sown a Tost rst on the muster ile isthe corret answer, ustication: pen! valton wouldnt bead to check the wansactiontyp2—just te vali of he cant eumbou ‘Tenia validation should conte wheter he ears vali This validity is established Uhvoug the card umber and persona identification numer entered by the wer. ¢.Theinial valton to prove the ord number enero vald--ony thon eat the wansaton amount be checked or approval lm he nk 1b. The vein hte cad sno been reported sto tole is only doe afer she card number as bean vats corey ere, — OS ne ee(ers) GESISE™ __DOMAIN3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION. A343 A small conpany cannot seregte dtc twee is development process and its hangs contol faction. What ete BEST way to ose that he feed coe hit moved psd the sam? A. Reese manarement sovare Maal code comparison C_Repression testing in pecpection 1. Mangement anges of changes Ada the correct answer Jest A Awana moving code {inte production nitho 18, Mana sede comparison can deter whether te wrong cde hs been moved into prodstion ‘rung rlese management software. Iwai, anal ce commparsn ic ot lige eliceat fe gts highly shld peso. (¢_Regrssoe esting nurs tht changes do ot res the cunt stem facial or unitinly ‘ero revi: changes. Representing does ou reve mst ce Fo ting it podaion 1, Aca maszement shuld spree every change to prodaction, pprval do not prevent test ‘defor Being mrt note production enionnet AMM Which of he flloing will BEST cnsre the sues oftoredvskpment of basines applications? A. Stringent conta! mangoment practices B. Dette and coretyappel specfcatons G.Awarnes of elt and pobaldierecet D._ Post mplementation view Bis the correct answer, A Contact management practi, tough imporant wil nt caer succesful develope ifthe 8. Wher dealing with offshore operations, itis essential tha etaledspeiietions be evened [Language diterences and a ack af nteratin beneen developers and physically remote eo ‘ser could create gape in communication in mhich assumptions and moda seqsatelycommuniated. Inaccurate speifiatons canna eal be corrected. ©. Cate and pola diercnces,aiough important, shuld net act the delivery of good oduct 1. Pisemplementaen revi, tough portant, oo an the roses Wo ens sucess set dive ans no spol wth succes ofthe peje. {ISA Review Questions, Ansvers& Explanations Manel 12° Ellon ne =‘DOMAIN 3-INFORNATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION ee |AS4S When planing toa sera! ots imposing ine constrains onthe duration of proj, which of the following shouldbe validated FIRST? A, The poe ude The ental path forthe proce G_The enh ofthe emaiing tasks 1D. The person aigned to other asks Bis the correct answer Sestiaton: Given that thre nay be sick ime aiabe on some ofthe eter asks nat on he etic pth the ‘ours allcatin shal! be based on the projet secre tht affect delivery ds. ‘evaluated to svar that addinal resources wil in at, shorten the project duran. c._Ginomthat there may be slick time iabeon some of the ther isks wat dn he etic path 8 b, face sch as length of ther tsk may may na beac DDepeng on th sil lve of he rsnices egal ce lube dali of rescues may Do, i fa shorten th nln. Treo, he st stp examine What resources are equ to {nies the tos on he ea pat ARNG When reviewing a pret where gual isa msjor concer, a 18 autor shoul use he poet ‘management angle explain tat, |A.nereases in uty canbe asic if resource allocation decrease 1B Tneeaes in uaty ae onl ached i esourealloestion is increase C.__Devtemc ia dl ery tine canbe ueiovd este alloeation ie dcreased 1. Decrees in deloery tne ca oly be aebived i quality is deresed Ade the correct anawee. Insti seein tree primary dimensions of projet are determine by the dlverables, the allocated sources tnd he delivery tne. Th area ofthe projet management tangle, comprised of these three dinensions, i fned. Depending onthe degre of feedom, changes in one dimension might be comprnsated by changing ether one or bot Feualaing dlmensions. Thus resource tion deresed an cree in ualty canbe achieved i delay nthe delivery time of the project willbe accepted. The are o the rangle alvays remains constant. 1 Incensyin quay ean be achieved resource locaton inccase rough ints in delivery time, nt only trough ineteascs nner allocation, cA detese nth diney tie and resource allocaon would mean ha quality Would hve to ‘ora 1D. ‘Auscrcss in livery time my lobe adress though an incre insure allocation, een if he gaat cris constant, cee “gaa Bada Guam aonmash tiglieaden tic ailene& (pisces Donan 3-twroRtaATIoN SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION ABT Which of he flouing sa charter of imehox management? A. Not tale fr protaypine or id aplication development RHlmnates the ned for ity pose © Prevents cost overruns and delivery ays 1. Sept system snd wer acepance esting te the correct answer, estate: [A Tipesox managment is ery suitable or protetyping and epi application developement ‘BL Timenon management dos not lint the ned for quali proves (C._Timdbos management, by ls mature sets specif ime and cost boundaries. Ks effective in tha cach pment ofthe proc divided 1. Tian manggemont apa stem an user aecoplance esting ABBE The wae Hfe ycle made fsftwaedevelmet is MOST appropriately usd whe: A. rquremens are well understood and ate expected remain tbe as isthe sins ewiommoe in ‘wc he system wl epee 1. reuiemets ae well understood ane project is sotto Sime ress Che poet inten apply an objet-evite design and programing approach. the projet wil vole the we of new techno ‘tate correct amoner. Justia |S.” Mistericlly he waterfall model has ben best sulted to stable condions and well-defined B, _ When te degre of uncertain ofthe satan to be dives ad the oto in which it wil be sods, the teri mol ha ot bee sce In thee cramsanes, the varios fore of ‘teratve development life eel gives the ahantge of breaking dn the Sepe othe overall sytem torbedeivered making th roremcseathring nd design aves more manageable. The tai to deliver woking software ear alan att alvisi ncetil and may allay a eater reaimton of benef © Thedice oF a design and programming spyroach i tt, sf a dtemining fete of he ype oF softare development if yee tai appropri 1, Ther of new tecnoloy na project nvedices a sgifca element ok. An itetive form of devebpment priculaty one o the al or exploratory methods that focuses on erly develope, fof acl working solar ky tobe te baer pon osname, ‘IGA Review Questions, Answers &Explonetions Manca 7 Eden 187 EsDDOMAN3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND waPLEMenTaTiON (eis) Sate [A349 Which ofthe allowing is MOST crea when ering data fr testing the hic nw new or maid application system? [AL Asus quart of data for cach est case ‘8 Daureprescting conditions hat ae expected in acta processing Completing he est on shetle Lander sample of actual dts isthe correct answer asta anne quantity ofc for each tease not as important as having test cas that wil aes ll {ypes of opruting conditions. .. ic Rnd of data ay In tating computor fe valid ua Hvala but shou limportant than quay. CC. Wintore import ove adage ts dats thant complete the testing on chee 1D. ltisunitely hte radon simple fatal da woul oer responble repro of actu dt ‘estes and prove |AB90 Which of th ftlowing sould an 1S ae evew o gn an unestanding ofthe efetiveness of noe vor the manapsrant fll pots? 1A. Projet database Policy document CC ajot porto database D. Program rganvaon (Ch the carver answer estiiation seen eject data may covtsin he information abou con etivenss for on pif poet ‘tdlustes to wis paramctr partsnng the cutet ls of hat single roe, ‘a. ploy docu proeet management st ieton forthe design, deveoqent,amlementaton tin eoitring 9 the pede cA punject perl databases the bas fr project portfolio management It includes project ‘tr euch ts ovnet schedules, objectives, projet ype sats and cost Project portfllo management rgures specie projeet porta reports 1 rogram onan th tem equ (tering Commitee, gully assures, ses penn, hula eanmer hardware support, ee) Wo mcs te dlivey bjsctves of the prot a a_DOMAI 2~NFORNATION SYSTEMS ACQUISITION, DEVELOPMENT ANO IMPLEMENTATION ARAL ecumention of a busines cas usa nan FT development project shoud retained until A. theend ofthe systems ie cj the oject & appre (C._useraceptanes ofthe system, Di theaystem fin production. Sastiseaton: ‘AL Abainss case cam and should be used throughout the lie ect ofthe produc. I serves as fn anchor for now (nanagement) personne, help o maintain focus and proves vakable information om eximatesferearataas. Quertions such as "Why da we and “How did we perform against the plan” eam be anrwered, sind sons 1. The ines ease should be rtind ven aller poet appro t roid iy 4 review and talc the business cae ance he projet implement {C._The asines ease wl be retained euphout the stem development Me cyte fr ar refeence and akan . Ones the syste sn produto, the business case can be validated 6 ent he promised cots fand tenets were corel ‘A392 During he review ofa web-based softnare development projec 1S stor eles tat coding tans fave not enbred, ad coe reviews at rely cared ot. This ill MOST likly increas th ikea of snucont AL Bale vert Bt force attack (C.-Distated dena of service tack, 1D. Wardilng noc ‘Atethe correct namer, [AL Pooity weten code xpecily in web-based Ison exploited by hackers wing bffereverflaw techniques. 1B Ae frce tak is we to crack passwords, bur this a relate Yo coding stands (CA disibutd dena oF serviee tack Mods aes wth merous packets, to eve i fom ‘espns to lepitimate equess, This fot ela to coding sada 1. War Jang uses meen scaniag wool wo hack private branch exchanges or ahr tcommancations “Gad Review Gueton, Anaware & Explanations Manval 1 Eilon 8couns-mrmurouseroesctsnonsenvmriennavensin (6 ir |A¥5) Which esting approach s MOST appropriate oensare hat inna piston nrface ern ne ‘nied a sm a psi? 1A. Bator esting Soca testing © Tep-dowe testing D. Systom testing sestieat AA blton-up approach o Testing bis with tome unit, sch as poprams and modules, and Woks ‘war unl cpt system st has an place C.The top-down approach to esting ensures that iateriace errors are detected erty and testing of major functions i conducted eal. System tests keplace aa le stage inde development procs. AB When evewing ft zontls an I auibr observes hain accordance wih comport pole, procedures ‘Mow superior averide of at validation eis, The 1S audor shoud: 'A. ot be concernibecuse thre may be other compensating conto to mitigate the ik BB Chau that overs re automaticly Igged and sujet oven CW wht al such veries ae refered to senior management fo approval, 1D fecomancd tt seid ot be permit Bis the correct answer ostfcations pen IS ior shuld nt etume tat compensating contol xs input procederes allo overrides of data val ecur,Avanagement indivi who did ot ‘6. Thelog ay be rviowed by anaher manage bt does nt eau seaot anagem approval Aston asthe wenden a plicy-complant, tees no noe fer eee managment appro bank protiite, —— Peundatieciaediencteniaahaeadeaienanmntedtalies@es= chan 9 rOraNTON STS Kelsi BNGLOPiaT AO RELRESTTTION A895 Tominimie the cst oa sftare project, quay management techniques shoul te applied ‘A. ax cnet thi wring (pin of eigiation) a possible primi at project tart to creda te projets exalted in aconance with ongaizatonal fvaance sundards (C. Sontruowaly thoughout he poet with ak emphasis on ining ad ining det primarily hough testing 0 maximize the delet detection rat 1. aiely at projet close-down to eaptre lesions earned at can be ape ofits projets (Cte correct answer usta 1A Quay asurance (QA) shuld stra ey possible bet contin toh he emt evden pees. 5. Only performine OA during the stat of the project will a dct reba that pen erin he ‘excep vee ‘C.__Alnagh Cis important w property establish a sotvare development project, quality ‘amen should be effectively practiced throwghout the projet. The majo source of tinerpected cout on mest rflware projet fe rework. The general ral dlevdopment ie cycle that a detect occur andthe the mare elfert wll be needed to correct. ‘star, ut tae beastie app Felavely costly and les eetive way Fegeitenent dicevered in he leg phat ca Fv n erapping significant amounts ofr. 1 Capning lessons arn wil be tan ae forthe erent pet. Aaltonaly, applying quality manager etniqc those project ily toyed cu nie to he ens of (galty problems and ass n staff vee. {A396 When drtiing an caer project completion ne, hich so be caine bys premin for ery completion the ais ha sould be seks ae oe: 1A. whe sm of city ie the shen tha tave zero slack time C.that se the longest posible completion ine whe sum of lic tne ithe sorte Bis the cerect answer ostifeaias ‘AL Attention shoud fu on the tts within the erica ath ht have no ack tine: A crtiea! paths activity me fe Tonger than tha for anyother path through te network, This pathis important beause i esersthing goes a scheduled, its lngth give he shartet pole {ompetion time forthe overall projec. Actes onthe citcal path become candidates f (fr reduction i hee time by payment of» remit fr early completion) ‘Acs on the eritial path have zero slack tne andl conversely activites with or lack ne rece erica path By successively relauing sets om aerial path, a curve showing atl Pret cot sera ime ca be abtine. (© Then puth isthe longest time length of the evita not asd themes ime oF ey india sti 1D. Atak the crite! path has wo shack time ‘GA Revi Guneiny, Answers &Explanaone Maal 7 Elon we SeedokeeesowAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION es A397 AntS aur is assign to auch sftware develpment projet, which it mre tan 80 potent complete, ‘thas arcny oven time by I potent an ese by 23 perce. Which othe folowing actions shou tho 1S autor tke? ‘AL Report hat the onganizaion des ot have eee projet managment Recommend he pojost manage be change C.Review he IT govemance svcure 1 Review the huss abe and projet manazeren isthe correct answer. sestiaton: The enanzation ay have festive poset management practices an sil be bhind schol or cover beet 1 There so indication thatthe projet manger shuld be changed witht ooking into the rss for Ae veri ©. The enuization may have sound TT governance an fil be behind shall or ver budget 1. Before making any recemmendstion, an IS andlor needs to understand the projeet and the factors that he contributed to bingg the projet ever budget and over schedule. [A398 Which ofthe fllonng sould a IS auditor review to undesnd projet progress in toms of ins, baget tu deliverables for ealy detection of posse vernine and! or projecting estimates a completion? ‘A. Fanesion point arayst BL Eamod valu ars C Contbudget 1 Program evalatin and review etwique ie the correct answer spe Fumcion poinaayss isan nts manure of sofware size and comple and therefore, dos not es the lees tre and Budge is (EVA) fam industry standard method for measuring a project's time, forecating is completion date and final cat ad analyzing oceeds. compares the planed amount lan EVA works most effectively fa wel formed work breakdown stractare exists. Con bets dont aes tine Program evaluation nd review technique i tie and deliverables maragennt bt sks postions forestnates at mpltion and vel Haan management po — WikavGuhn A a(eisk SSIS" _DOMAIN 3-INFORMATION SYSTENS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION A399 Which fhe olostng system and data conversion steps provi the GREATEST redundancy? BPs CPhased approach DP ram ‘AL Dire euovers actly quite ky boca des no provide fora “shake down peta” nor does t prov an easy flack option. 18 pb ety approach is perormed incrementally, making relback proces dill execute C__Apinsd aprtic sprfomed iceman, making rollback precedes ico execute. new systems are rath IncUFing Wat might spear to Be dexble cat [A3-100, Which of following souk! be developed during the requiements defn phase oF sofware evelopment projet ars epct of safe ttn? ‘AL Tet lta covering ete applications Dotted ct plane CQunltyapsrice test specications 1D. Useracceptance et seiicatone fete correct anewer asian: ‘A Test aa will aly be create dating the syle esting pas, Detaled test plans ae erated daring system testing, CQualty assurance ust specification ate st oot tr nthe develope process. 1D, Ake objective in any software development proc teense tha the developed software ‘il meet the busines objectives and the requtrements af the wer. The ses should be he requirements definition phan of developmen projet and wee acceptance test shoul be developed daring thls phase, [ABIOL Ath complain of yt developer pose tl view shin wich ofthe ilowing? |A. Assn st may Fa to dowatime afer te prdaton rokase 1B ldomtying leon ered hit may be apical to fate projets C._Veriing tht the cons in th tive system ae working i. nsrng ht festa ae deste Bis the cortect ane. Wate “An astesxent a pote downtime shouldbe ade with the perition group and ater pei oor implementing 2 3st0n 1. project team as something olarn from each and every project As sk aewssment i key Issue or project management, important forthe ergniztion accumulate lessons lard nd egrate them into fture prec. c._Yeriing that controls are working shouldbe covered dine the acceptance tes hase and os, sin in the postimplerentain review The pst-poeet review wil acs on etree es 1, Testa should te retinol for fare egresio esting “ISA Review Ovations Answers & Esplnations Manual 12° Ballon eeeenDOMAIN 3~INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION [3-102 An 1S aur has beenasho to pci project ination mesings fr 3 rts jet The IS lion's MAIN concen shoul be that te: 1A. complexity and rik associate with be projet hae sen aay 1B erences nosed thoughout he project ve Boe dete. (C._ecbmcal dslivenles have boo Geni 1. sna fr enteral partis nob inthe projet as bec complted Ate the correct answer. Sustieation ‘Ao Understanding compleity and rsh, and weil iia oa secret outcome. 1 Thrones msde wil dependent ote complexity ofthe projet Cis oneal len the etna deliverables 1D Noval prices ill ete contacts with ete partis ing these throughout a projet are A310) From risk management of vie the BEST approach when implementing age al comples FT nasties [AL amajor deployment ar proof of concep [B_pseyping and: one-phase deplymen {C__eploynent pla ase on sequenced phases. 1. tostmulte te ow infasrctre boo depleyment (Cin the correct ane ostscatio: JA major depen woul pose a hake risk of implementation fale BB Preeypng may tlie developmen fas, bas ge amon Wl sal rie a phased preach C._When developing «large and comples IT Infrastructure good practices ase phased proach tet he eie sytem together. This wil provide greater assurance of quay result, 1b. isnot esl til to sine age and compe I infasteactrs pir to deplymcat. ‘when revising an sve pros, 1 ator obscrved tat tbe Busines ease Was no long aid Base ff reduction mansinte benefit and increas oat. The IS ator shoul ocmmend th he: A. pte discontinue BB basins case Doupdsted and posible consetive ation be identi. {Co rojest retuned othe projet pont for re-approral 1. praectbe comp andthe busin ase Be upd te Ble the carrect answer osieation eninge sar soul not recommend discnsnuing oF completing the projet Belo reviewing an ped basins case 1, The IS auditor should recommend ‘eveuse It a fry input fo decsons made throughout the He af any prefect. (c.Theywojetcatnt be retired tthe sponser el he bsiness case has Boe updated 1D. An iS stator soul ot commend corplsting th projet Before reviewing am pa buns ‘ean esr eproal om the projet pensoe - GaaA ineslon Graclionn, Anmvams Bi igleaaiions Misael G3" BillionSEELEY __Domam 3-mroRNATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION AS10S Which ofthe following san stanage of th o-oo approach svat testy ‘A. Intec cerns ae iefcd ny BB Testy em be re bloe all programs are complete CC. Itimore effective thn teresting apres 1D. Erna in crtial mods are ded svoner A tethecrrac newer ‘AL Theadvantage ofthe top-town fanetions are conducted arly 1 Thatesting canbe stared befor al programs ar complete a8 adbantage ofthe botr-up appoach 1 system esting (¢, The most fete esting sora it deere on the evioament bine ts D.Don resin cal due sont nan ava hep apache i, -A8-106 During he ystem testing phase an application developmont jet he IS air should vow the: A. concptual din specifications vend conte D. progam change eqpests, Josten: [AL Accnepual design speciation sa documen roared darn the aiemets dint phase ‘The tom este wil be based on plan. BLA vedor conc is prepared during 2 softnareacqisition proces nd maybe revi to ese thal che detverabls inthe eomract ve bees dlvere, Dut the os porate of review i the err reports, C._Testng is racial in determining that user reysirements have bee validate. The IS autor shoud be invuved inthis phase an review eror reports for thelr prcon in reseuizing ‘rroneous dts and review the procedures for resaving eters. 1. Progam change requests woeld be revcwed polly as pr ofthe pot nplmetion phase, “GEA Revow Gusto, Answers & Explanations Manual Tallon osDOMAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT aND IMPLEMENTATION (js) Satire aston ‘Which fhe ftlowing woul! be the MOST costffeive recommendation for educing the number of ees cneountrd dng software development projects? A. nereie the timeslot for sytem esting Bmplement ronal sotware inspections crete di devdoprnet sta Di _ Rexuie the signal of al project deliverables Biv he correct answer. esta eto more tine for tsing may seve more defects; ower, ile i reveled ato why the {quality poblemsoreocestng, andthe onto the era esting ad the eos of ecg the defets 1 npestons of ede vd design area proven software quality technique. Am advantage of his tpproach is tha defects are Wend before they propagate through the development ie cele ‘This reduce thy cost of correction beause les ear Is nvoled. C.The bility ofthe Jeslopmet st san have a berg on he quality of whats peaduceds however, ‘eplcing salen bo expensv and drupe, andthe presence ofa competent tu canot (uaa quaity i the absonce of eet quality management process 10, Sigrof of delivesles may help detest delet sights are lige about reviewing died Content: however ths is elt enforce ad may oor on ae inte proces to be costes. Deliverable evans morally donot po down to tose level of deal a sofware inspections. ‘an 1 autor invite a projet development esting ste that no poe as been document ‘When the aor aes is ou. te poject mange espond ta iti oo ery to enti ik and "hai isk stars npg dhe projet ask manager wl isd. The appropiate sponse of th IS dr would be wo: |A. ste thefporunes of spending mea this point nthe projet to conse nd document sk undo Aevlop contingency plans 1 scapes manager poston Bacau the poset manager acountable fr the oatome of the project C,_ffer wo work wis the sk manoper when ones appointed, inform the projet marage that he IS autor wil enc review of he sk athe completion of the quirement dfn peo he pose, Ate the correct answer usetion: renihe majority of project sk cam be inte sore x project bei, allowing mitigation voidanc pan ob pt in place to del wit thi nk A project should havea clear ink back {0 corporate sist) enterprise risk management, and tactical plans to support his strate. "The proces of ting corporate strategy, setting objectives and developing tactical plans shuld Iaclade the consideration of sk. 1B, Thepojet manger cannot accept eiponsbiity fr rik accoptnce The rid mat be addressed ominously -sarting as cry th roost posi (c._Apeining isc manage a good picts but wating wt the projet ha een ict by isk ‘Sized. Rik management nous to be forward! ooking allo sk 1 evolve mo iss that veel impact jet represents flee af nk managment With of waht ik manage, snes thn at nt ofthe project eam net he conse and encourage te eomment when They teiove ne rik has emerged o sk pees have changed. The I aortas an obligation {othe pet spor andthe organization w advise 0 appropriate projet management pacts. ‘Waking forthe possible appolounen of sk manager represen a unecesiy af angers diay toilet sk management 1D. tSauiton eam provid risk evew wihou impsirng ds indepen, ee(cus) Semis __DOMARL3-1NFORMATION SYSTEMS ACOUISION, DEVELOPMENT AND MALSMENTATION A2109 The MAIN purse ofa wanton ui tal A. ree the use of orge modi denne accountability and esponsbiiy for proceed tanssctons. C_hepan avior ace warsactions provi useful infrmaton fr capacky planing. Fastin [Ar Enuing ait tris nero the use of dik pce. ing aut (al ald in establishing the necountbility and respon transactions by tracing thm trough the information system, (C. _-Atamaction fg fle woul be wed to tee tnsactons, but the primary purpose ofan ma iis 1. The sbjectie orcapacity planing he ect and eMectve we of FT resources and rues inforation sich at onal processing uit ulation, bana aed the member of wer y for processed AS-110 An eeganiation i implementing an enteric resource planning plication. OF the flowing, who PRIMARILY responsible for ovenceing the projet near htt progressing im accorance with the jet phi and tae wil deve the expected oss A. Projet speoe BB Sytem development oes sam C._Prjt stecing commits ustiteatins ‘AL Apes sponsor i typicaly the senior manager in charge ofthe primary bisness uni tha the appcatcn wil suport The sans provides fading x the project and werk cloely withthe projet manuger i define the eral srcese factors or metic fo he jet. Ths projec psn ‘ot esgonsible for reviewing the progres af the poet. 1 gitem development projec team completes tensed tasks, works according to the instructions ‘of the prot manage nl corals withthe use projet eam. The SDPT Hs at responsible or ‘oneresing the progres f te project. 'Npniet steering commie that provides an overall direction or the enterprive resource planing (ERP) implementation projects vespoosile for reviewing the projec’ progress 10 ‘nae that wl deliver the expected revel 1, ‘user projet team (UPT) completes te asia ask, communicates effecivey withthe system velopment tam and works according to th advice ofthe poet manage. A UPT is nt espns Fee evtoning the progres ofthe projet “GIA Review Gueton, Answers & Explanations Maal 1 Elon 7DOMAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION ann saan Cy A ogacy puyol appliaton gated tne aplisation. Which ofthe following ikea shouk {SU PRIMARILY repinile Kr esewing and slgnng-offn he acuacy and complectes ofthe data efi eng lve? IS andior Database administrator Project manager Dis the correct answer estfieaton: iS aor should ensue tht theres rovew and sign-off by the data owner during thd aimersion stage of he projet. ‘Nun al Sratrs pins sspnsiiy 0 mining of he database and make te ‘kucasc wallow. A dhs niin inl espns evcwing mired ta, c.Roject meme proves day-to-day management an Tendersbip of the prot bu at ‘esporitle forte aecaracy and inegriyof the data 1b. Daring the data aversion stage of projet the data owners primariy responsible fr reviewing tnd svg thet the date ae migrated completsy and accurately ahd ate ald. a I vat ‘tt espanible fr reviewing a signing onthe accuracy ofthe converted data ‘An organization is mgsting fom epiey sytem wa enters resource pling sys. While ‘eviwing the data migution acti, the MOST important concer fr the IS aur i determin that thee in |A.comreltion of semantic carci ofthe da migra atween the Wo systems. 1h comelation of arctic characters of he data maa eee the to syste. (C._cameltion of fictional characters of he processes between e190 ssi. 1. elaine effing ofthe processes baween the ewo systems usta: sue othe fact ha the two systems could Rave a dllereat data representation, including the ‘Gtabase scheme, the 1S suitors main concer should be a verify tha he interpretation of the dat tract) th same nthe nee a wa athe old ste, 1 Avihmete sharers represent aspect fdas and tral Jfinon inthe database “an terefre a ess sport tan the scare characterises, (¢.Aroncw af th otlton ofthe fnctonal aactonses between the two syst nat elvan to ‘ts migration review Aree of theft effcenses ofthe processes ance theo systems snot evant oa dt ‘migration revi “GiGA Revlon Guastioon, Answers & Explansllons Mansa! 73° Bilton(roy REI” _ DOMAIN 3-INFORMATION SYSTEMS ACQUISITION, CEVELOPMENT AND IMPLEMENTATION 3-113. Nomuly wold be ment a involve whi he loving sachs in te inition stg of poet? A Syston once B Systm ur Speen designers Sistem biter: Ae the correct answer. nstineatan: [AD System owners ae the information system prec sponser or che aévocses. They ‘sre responsible frills funding projets to develop, operate and mal internation systems, 1 Systm users are the iividnls who tse ae ited bythe infematon ase, The reuters ar rca in th reqiements din, tpn and eing sagen of prot 1. _Syatm bles comtrct he syst ved on th specientons rm the syste designers. n most cae the dvigner ahd bier re oe andthe sme AB.I14 A proectnanags fora projet at iets ea IS nor sel FIRS deter |A. the anoutof pote achive computed tthe reject sched ifthe project bags canbe reiiced. ithe jet could be tought in seal of sched 1D. ithe buget sovings xn be pp 1 increase the projec scope Ade the orreotanewer. Justine: ‘A Contperformance a pres cannot be propery amsened in elation of whedule performance CCosteannat be assessed simply in terms of elapsed tine on project 18 Tope asta the project ge poo, te necenary Yo no how ch progres as actly ‘cena and given his, wha vel oF expense would be expected Iti pone Ut project xpedireappsts ob obese act progress hasbeen low Unit analysis of fojst "sim schedule ha eon comps, ismposebie to know wht tht is ny tenon te rece bade the projet his sipped hind schedule then na ny ay here he no reba, But iti yosible tht eur expe may be nek 6 ere the ina. Te low expec Cowl actly Be representa ost where the projets Hl Toms deadlines rather tan Petertly come ahead ne Cte projets found be end of budget ar adjusting for atl progres, hs isnot neces «goad eucere because it pints ows the onal ding process ane a al preven, rth ani i underakn, cannc deernied wheter any spre und calc 1. Ihe projet sind schule aing eae may ete ro thing 10 Wo. ‘isk Review Qos, Ars & Exlenatons Mana 12° Eon = (eter se tneOMAN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION seme ante asair “The MAJOR avantgs af somponent-ased development anpcach the: diy to manage an unrest variety of data ype provision fr meng complex relatonshis Xp to meet he demands of changing eovironment. “Shportaf ulkipe development evenness. Dis e correet answer. estieaton: Fea ots ypes mst be dened win ech components not sr tha any component wil be tet han np datatypes, 18. _Conporent-bard development tno bate thin many ter development ethos at mdling tomes relations eee ectopment one af the mathodslain ta an he ffrdive a mating changing ‘mmfemcnts, buts not it prinary one or pupae Fponen band development that relies on revable modules can Increase the sped ef ‘Gevlopment.Sftware developers cam then focus on Business Ig. ‘The pic abvartage of white box testing that it |A. verifies a prgran can operate socesfly wih oes parts ofthe system Seow magn nconl open eftvnss witht ad othe intemal rogam rere, CC. deermins proce accuracy or canditns ofa program’ peste ee paths DL seamnees progam’ fnetonity by excutg nail conta ot vita envionment with fenced access the host sae, tothe corzeet answer. station ee dhipng the program ca operate sscetily with ther pats of he system sci esting Teun the progam’ finctonshty wiht rowledge of ral tacts black box sing. CMe bon tetng asec the efetvenes of seivare program logic. Specifically, test data are hed in determining procedural accaray or conditions ofa pevgram’s llc pats 1. Conte eating of programs in semilebugsederrnnen ier heal cool step Sve monitoring in viral machines, sn bx sing. ” ‘lowing gon! pts, fal pan far nlementton a 2 iomaton stars are elo dig the: A. development pe Reign pase testi pase. deployment ps Ri the corret ans. sai este peretton plans are updated daring he devclpment ofthe syst ut he pans were tray red daring the dig pase 1 Themlhd of plementation may tet he dena the ssten. Therefore, panning for Implement bol egin we advance ofthe atl implementation date. A oral “aplomentaton plan should he constr athe design pase and revised the devon prowess. cts pe foes on esi he te snot once with nplemeration parsing The depymentpae np the ptm scaring tthe plans et outer inthe design piss eee eet eee eee ee eee ‘ISA Review Questions, Answers & planation Manual 12° Eaton iaagoneehSSibgtege* _DOMAM 3~NFORNATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION snltor i eviewing projet hat suing an apie sofware development aprosch, Which othe Following should the Salter expect 0 il? A Use capability mney model 1B. Relarmomtonng of tree! progrss sais schedule C__tensve use a software development ols maize tum prodctiiy 1D, Posten reves that ey Fess Feared or Tite en the project D bste correct, natin ‘AL The ability rtuity nde places hay emphasis on predtined formal poesia fora projet management and oftware development delivers, wil spl softwar develope jess, by const, rely on refinement of process tated bythe parla ses ofthe proiet sn am dyna. 1, Thee! wecking ome ed becoun ly wesings ity legs al nine ep C__-Agl projects make use of uiabe development aks however, ate are mls asthe pir ‘meat of sehicvingprodtiy, Team harmon, lective communications ad ollestve ty wo fel challenges ae of get in 1D. Alu tenet af the ape appresl project managements ongoing tam learoing to ‘fie projet management and rotware development presse a the project progresses, One (of the best ways t achieve this thatthe tenn considers and document what werked well nd ‘nha coutd nave worked better atthe end af exch eration and Wentifisisprovernents vo be limpet a subsequent erations. Addionaly ts impertance i place on formal paper Insel deliverables, wth the preference beng effective tora communication thin he tea and with Key onside contributors. Age projets produce releasable stare i sort ea ‘ypialy ranging fom four t eight mee. Ths ln Kl, sts cosiderable performance discipline within the team, Ths, combined wih short daily meetings to agree om what he tear i doing athe emicatin of any pediment, render ake! tracking alta schofaleredondant. A119 Ancrganation sells books nd msc onlin it secure web ite, Trnscton at ansfe tthe accountng an livery sytems every howto be pros. Which ofthe lowing contls BEST castes tha sles frocesed on the scare wb site are wanted o bth th diver and acount? |A. Traction als are ecrde on dil bats in he sles sytms Daily ss system eta ar sgreatl nl totaled, 1 _Tranactins ar automatically numescaly sequenced. Seaiences ate chicka and gap in contin (© Proesing syste check fr upicae ration numbers Fa ranscton number is dpc (ale presen) set 1 Syste is sytney sng 2 eral time sere. Al anacsons hve ctine sang, Bis the correc answer: ostiteatin [A Totaling wansctios on he sales system doesnot aes the trast it rm the online ysems tothe accountng syst but rate considers ony theses tem, 1. Astamatie mamercal sequencing isthe ony option that accounts for completeness of tramactlons because any misting transactions wowld be Menied by gap. (¢. _Chectng for dapat vai ental weer, des no ade Whee he ales tansoctions rosa are complete (eruring dat all kenacions ar corded, 1b, Redsitine stamp does ot lp account for tansactions tt are missing or ncraplete by the conning ond delivery departs. {ISA Revi Question, Anewers & Explanations Maal 1 Eton aaaaniait 2‘DOMAIN 3-IFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION ‘rae A220 Which of the fllowingteshniquss Would BEST hip an 1S aud ain easomleasurance that a poject on moe its rgd? A. Eximation of heat nd date ssl onthe completion porsntages and estimated time © ‘complet, ken fom iat ors 18. Confimation of he wget date bse on inerviens with experienced managers an stole in the compleion othe project deliverables (¢. _Extrapoltion of he evel cad date based on competed wrk packages and eurtent resources D. Gallien teexpocet nd de on curren resources and many ie pcet get estiiaton [A The IS autor canot count om th eerie of tin tatu port for reasonable assurance. 1B. Imervews are uluable source of information bt wil nt necessary ny root challenges tecame the pope being inerviowed are evolve n project (C._Diretebservation of results bettr than estimations and qeaiatve information gained from interviews or sss reports Projet managers and involved stall tnd fo underestimate the ine ine ncesary tne butlers for dependences between tas, while 9 (he, M20 rae) 1b, The eaculatom fs on roan baot des ot consider the sped at which he poet has ben progressing ABA2 —AntS auc fndtht ser acoptaco eng ofan stem sbsng ete incre by det es fiom he dew. Wich of he flowing wo bee BEST roam fran Sarto mas? ‘A. Consier he feailty of separate user acceptance enviroment TR Schodule user ating to occur at ven time each dy C. Implement a seize code version conta ot 1. aly test highoroniy des separate: When defects are Mente they cane ved inthe ‘velopment environmen, without iterapting esting before eng migrated na controled manner tothe st environment. separate st environment can aso be used asthe Ml ‘aging are from which code s migrated ta production. Tis enoree a separation between ‘development and production code. The logs of setting up and reeshing customized est fata sense Hs separate avironment is miata. 'B,_tfdevcloper anc esters ar sharing the sme cvionmen they have wo work fete at sepa times of the dy 1 ily tha hi would provide opin prety CC, _Useota sure ade contol oli goo practice, but it doe ac propery mitt he sk fan gpopit et inten Eno low pron fies ra he sk of introducing united sls whe combined wit th ot of the syst co To proven ths, oul regression esting eoveing al Ce ange oul cur A ‘part fet cmsroemens males the legis of grin sing easier 1 manag mm ‘CISA Review Questions, Answers & Explonations Menual 12° EatonSEINE DOMAIN 3-.NFORMATION SYSTEMS ACQUISTION, DEVELOPMENT AND IMPLEMENTATION ‘A3122— An I autor ae found ine contiat and expanded nests abe the rot causes for een vations of porte cata dfinion standards ina new busines itgence projec Which of the Following ithe [MOST appropriate supeestio fora auditor to make? [AL Acne anc alignment though an intease of resources devoted tothe projet 1B ‘Alige the data deminer completion of he projet Cala th project nt compliance wih standards can be achieved 1D. Enfoce sida compliance by adopting pantive mesures aint iol Ate corcect answer. IN Provided thal data architecture, technical and operational quirements ae vainly ‘ocemented the alignment standards elle treated at» specie work package assigned to new project resources. 1 Theamge of oranda da defitons woul! wer the efficiency ofthe new development and incre the risk of errs neal bier dessin. To change sta tion standards er oj eaeluson sky as not wae solution C. _etaring the projet would be an innpropit xpgeston became of business euitements or the ikl damage to oni project pathy 1. Pung he violators woul Be outside the authority of he suitor and inp il he reason |ASI23.— Whats the PRIMARY sesso tu a8 itor would verity that he process of pos-mpementaton review of im application vor completed aera release? ‘A. Tomake sere tha user a appropri rind 1B Tobey that the project mas within bade (C.To heck thatthe projet meet expectations 1B. Todktemine wheter proper contol wee implemented ostiicatin [A Postimplementation review dos not target ering se ting noes. 1B Proj cost sre monitored dang development and aera the ary reson fora post impleertaton view ©The bjecieo postnplementation review fo revel whether the implementation of ter, has aceved planted abcctves (i, nets usinesobtvs an sk scepance rer) 1b. Whiean aor would Be intseted in ening Hat proper coals wee ipa te most imprtant corset woul he that he port macs expectations. {ISA Review Questions, Answers & Explanations Manwl 7° E@lln SSCS Secn sagas torredcows aemurmnriccousronsoconrsoaoanAnen 6) An Saari rviwirg nena’ son develope sing plc. Which of dhe flowing mens ‘Mhacing wc of peiation dt for esing would the 1S ar aside to be MOST py? [AL Seve 18 and business managetent must approve ae efre production data can be ws or esting BB Praction dita cn be used if they are cp io a secure et erie CC. Prntion daa canner bee Alt mt be developed aed sed en vue st es 1D Profetion dita an be used proved tat confidenatyapremens aren pce Ale the correct answer, Cortaptng production 0 the data, Adgionally, there are certain eases in whieh fective ‘Ging requtespeficlly designed date, There ae ther eases in which wing production “Acald provide insights that ave dificult or imposible to get from manafactared test mation stems rea further extmple where acest trea” data key fo enhance testing Some Mexibiiy hc ue of predation data Hky tobe the Best option. In adtont oainng senor iementapareva, conditions dat milgate the sk ‘am be agreed 1B Copgingprostn dta fo socueerronmont is ood pats, but this shuld oly be dane with Phe appreval of anagem. Manageme mst sory the tsk of using poduction da fo testing. C.Creating a compe ft dta would Be a deal siuation buts no abeays posible de 1 the Soke of et det tht ld Be ego 1 Pdi data sel nly be wed with managements pension. Then it canbe appropri re the wo confident agreese& themes DOMAIN 2-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION |AB25_Aneaterprbe i devcloping a new rocrsmet system an things are bind schedule. Asa esl i Proposed atthe ine Biialy planned fer the est phase be shortened. The jet manager aks te 18 [Shit for ecommendation te mitt the rik soca with eos testing. Which of the following {Suitable sk mitigation aategy? A. Testund leases plot with duced fnctinality 1B Fivand rts the highest seventy Tinton dees (© limes planed sting by th development tam, tl proceed sigh acceptance tetng 1. Implement to tole sorte det tacking Ate the correct answer estate: ‘Ay Testing and releasing a pilot with reduced functionally redces ra i a number of ways ‘Reduced functionality should result in ewer overall est ese om and defects to fc and fetes and Ines regression (sting A pot release made availabe tos Select group Of wees ‘vil edace the risk sweinted ith fl implementation. All of he benefits af easing the System tothe all user population will ot be eared but sme Benefit shold start te Mon. tone ascal comment from ral users should be obtained ts guide what extra fancfonalit) and other improvements need (ee included i al release 18, Wher testing tart signal mene of defect ie to eit Focusing onl on he highest very Tuntiona defect rons the rik that other moran aspects sah wb problems rt entntina egiements of perormance and securiy wile gnred The spt may give, bat ‘crema sel oe the sem teed tn elie ines nei (C._Elmiuting esting Wy development wy en. eet ccolnc sting gins, se er ein should ecu aah athe Som ead to cea eee cae or Ising by he devlement team doesnot oer het isa considerable risk ht the stare wil hve Sonic rnb of on-evel eect, sch a tna tha case the ste hang aed nite ‘arr espe: Thiscn prov rating or ws res nhl wh accpnce esting an lat ‘outlet cnr xt ne fo ee ahr than dere 1. Thesse of defect taking el could ly i proving txt ficiency but it does ot aes the funder risk ated by rein the etn effort om asst in whic gly uncer, Giver th ud problems experince here eon fo pct ht gunty pres oul exit [A326 An IS alors involve the engincoring proces hat aims to optimize I instr. Which the folowing vill BEST idea the sues to Be eeled? AL Sefsaessent BL Revo engineering De Gapumis [AW Seleisessmont may be oe ofthe viable options with which to start however, the esl aly inte caret conitons, ot dese sb, a endo some sbjecti. 1B Reveneengincering sa technique app to analyze how a device or program works and isnot pprepit her C_Prooyping is applied to ems that se egies are met price t eine eng in a fl-own devebpment process. be the est method oie sues hat need fo be adres in theDowAN 2-INFORMUATION SYSTINS ACOUSITION oevELormenTAND PLEMENTATION (cy Etta |ASI2T An 5 ai group has boon ined inthe integration of an ante an ol Kt wth an exiting ‘Soren resounes pinning syste, Duc to ERP performance tes, tau tol Ke permite 49 fp lve, Whar chou te 18 soos BEST recommendation be? |A. Review the implementation of selected iterated contol 18) Request adtorl 8 audit rescues (CRs! vendor cee! sport 1 esole pesfrmunce sss 1D. Renew theron of ses ests during se acceptance ting Josten: psovewing te nplmentation fle ime cotls vais th techn! sig ad the conta eicoe bt ints conte re tmaitonal bls comme ge rar Thy Sout be tevewa carly to cmincwthr hy ae masta eran Be pnt sd imegiel rey spi taste ove be npr ramuc ning apliton. 1, Theimbily to plement etsted olay ssn aoa ai sores see thoy aus wll move mana sn howeo tei sold bt yf eso the cforms ts Regpeing vn cia spgr ore frase nein good opto, wth fink frcommeniio. sf racommendstlon io vevew the rel srs tet uring wer acceptance donetaed the perfrmance A3-128 Whats he MEST mets to ie sce ur testing an seceptanceof anew enprie eource plnning pytll yen tat is replacing am xing legacy sem? A. Mule testing Bart vate © elertiontesing DPratype esting Justication ae Mule ttn wll no sompae reais Fo theo and ew systems, 1B. Parallel esting the best method for testing data results an eytem behavior Becase it ‘he wera to corspareeeuls from bath systems before deeommissbonig the egey sem, Parallel testingas revels ia biter wer adoption ofthe new sytem CTrmgraton eng refer to hom the system inte nh ter systems, ad nat efor by 1b. Prototype testing wd during design and developmen! o ensure ht user inputs received: howeve, this meted smo usd oracgured sysems oduing wer acepianee tein rj CISA Review Questions, Answers & Explanations Manual 12 EditonSeiya __voman 3-1romarion sySTENS ACQUSTION DEVELOPMENT AND IMPLEMENTATION |AS-29. rapid apie development meshodolgy has tee sete implement a new enterprise sure Panning ster All fd project ctv fve boon esged othe conraced coming company Treas nema empyors re not sable. What the IS wutor's FIRST sp to cps fr the lack of rears? |A. Revi te projet pln and approach 1 Askihe vendor to provide ational extort {C.Reccrmend hatte corpany Hr more pope 1B. Staph proee nt al hava resource relate Inst ecommendaton er make the appropiate changes compat forthe missing end wer 18. Ailing external people othe poe wl ht ese the problem een thy wl nt beable ccd om Beal ofthe intra mployens who are ually er wes rom he buss side Cig now pple wil take ine and docs pot pune he eaines fnew hires fo make fnprpiate Jecone in thi prj 1, Stopsing the projet aud bea good ion but reviewing the projet and considering al ofthe spec should be done Fst A310 An IS ultor who i ading the software acqusion proces wll nse ht the oat reviewed an approved by the lel counst befor it signe roercnts comin be met with he systems ready in plac. reerens are oud obra or the uses, ‘ser partici sade nthe pres. pope ‘Approved the contrat before management sige the contract Ekg yom mete reqs nego hy chan ae aft Catal fhe requirement in the contt nc to support ital busines ness some eure tay be thre fr eae ous or other rpc .__Userptiiaton int necewany rogue in the software acqution proces. Ina wsers would toa ely partici i requires definition and wer acsptnce eing “GitA Review Gant, Anzwars 8 Explanations Maal 12° Elton Sotto‘DOMAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION [ASML Which of the lowing controls ys preven duplication of vouchers daring at ent? AL Arange check |B Transposon an subsintion © _-ASequence chest DA cyclic redaney chock Cin the correct answer Festa peri range chick woes vera range of mabe: Ese ith same voucher umber reappeats itwil fatey the range se horefoe, ot bo sea 1. Tramponion snd vb te se encoding but wil a ep stabs c._RSequonce check involves increasing the arde of aumberay and would validate whether the ‘vouchers are in sequence and thus prevent duplicate vouchers. 1b. Neyelcratandany check aed for completeness of ats resend over the network buts not {sef i appieaton eae eve aidatns. 1 nique voucher |ALI32 Which the following et tenes woul the S ator we to Mest pei program log tht is ot ben est AL Asmat Tracing and ee Lansing Do Mapping estcation: rN spt recor he Re of designed sation thong li paths within pow 1B) Traci and towne shows th tl of esnctions exec ding an ppliation Logging the att of reondngspecie aks fr Tue ee 1. Mapping dents specific program lg that has 01 been ested and analyzes prageams during execution to cate whether program statements have been excute |ASI33. The PRIMARY cbjcove of comfucting a post implementation review fra business proces aoation A. care da the poet mess the tnd business regent evaluate the adeeuey of conta. C._ Soni commplace with technological standard 1. confi compliance wih regulon requirement A nthe correct answer uation: ‘AL ning thatthe project meets the postimplementition review. 1 vatng te aloqucyofconrols may be pa of te review Bus no the primary bjt C.Convining comiance wit cialgiealsandans is namally wot pat of he poscimplemetaion evi becase tie should be aes during the exgn snd development phase 1, Ganftmingcomiance wih pulatory eqitements is normally ot pr ofthe post implemeration evi beease tie should be arene dong the design and develop phe sd business requirements she primary objective of [— Spaaenienieeeedtiaiiseieiaiaicieneeihcarieeetiermeteen tainsDOMAIN 2-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION ASA34 While crauatng the “out of scope” section specifi in a prac plan an 18 suitor shoal ances snhthor sect A. ffotivey deserter unofficial poset cstv. 1 lteivey desert poet bounari, Clay ste the projets eet ne” acts. 1. prvi the necessary exit 1 the pret ea, ie the correct anener stincatbn: ‘A. Outotscope lems ate nt pat ofthe project. There should be no unofficial proee obtie, Renonable objectives should be casidered by the poe adopter seep in oR) oF rejected out of sop) “The purpose ofthe out of cope section Iso make clear to readers what tes are ered project objectives so that a find what is scape versus et of sope- This applies to all peso india ate €.OwaFscope items ate nt prt ofthe proj, wil ice to anes may’ bens in the poet objec However thy maybe the lat pry onthe lit ol project objets, 1. Oneetacope tome a ot part of he oct the projet ten leit rganng projet ‘objectives should be managed ough robust change rqiet proces. Thi prt portant tod see cep. An audtraseses he post management proces fran nial soar develope prec In respect the software faptonlity the 18 alto soul ok fo in by AL the project manager 1. sytem development management CC. tins it management DL the guity surance team, cath ‘AL The jst manage proves ay 0-dby management a eaership ofthe projet an nse tha oj atvitos renin ne withthe over ction. The project mange hts en Projet ream; that wold he iain of sprain of dies 18 Stans velopment ragsmet proves etal pert fr hardened softar cnet Cites unit management assumes ownership ofthe project and the reveling system, tie espansble for acceptance esting and coaieming that the required functlons are available the witiare. 1 The qty acurance team ens he qo the pel by meaning shee othe xno’ sysem deelgman sey Thy wll cond sag bt at nf ete poet eee ‘ISA Review Questions, Answers & Explanations Manel 12> Eon Pynesous varomureseruconronsenenarnenrenrn Gs |AL36 Which of the flowing s MOST relevant tan 1S a evaluating how he projet mans as monitored the progress af the ros? A. Crea path diagrams BL Program evista rview eign grams C._Fameton point assis D. Ganttehuns Dis ae correct answer. ustieation: et Cotieal path dagams are wis to determine the cal path oe the prot tha opens the Shortest posible tn esi or cmplting the projec. 1, Frown crate stow fchmgus dhgrms ar acral path thd tecigu i which thse Pete (or opps to one) of tine ss aged to complete activism used determine the ‘sia pth Function pin alysis a tecique wet dtemine the sizeof development tisk, bse on the rumba of fneticn pias 1D. Gant chart hel to identity atts that have been completed erly o Tate through Cctporison tr abuscline Progress ofthe entire project ean be read from dhe Gantt chart to “termine eter the pros hind ahead of on shed, |AB137While reviewing an ongoing project the IS stator noes thatthe develope tam has yen ight hows of ey on the ist ay apt «budget of 24 burs ove thc dys). The projet tne wo compte the emaindor of th activi 20 ow. The 1S aio should report tha the roe A. is behind shal BL ieabead of sche CC feomschedle 1. Cannot Be eval unl he att is completed ustfcation earned value aalsis (EV) s bad on the premise that ifs projet task i asiged 24 hours for completion it on be resonably completed during that ne tame. According to EVA, the project behiat schedule because the val of the eight hours spent onthe ask shouldbe only Four hours, comiering that 20 hours of eff remain tobe completed 1 Thepryjct sn dea of stelle because te work emsiingexcads he ine alloted {CThe projet isnt thot base ony 16 hours ein od 20 hours work, 1. Themen of work et as bec eval a 20 hors ad th ime eto he project 16 hours, 80 the autor can elute de carte! stats of _—seseeeeeeseseseee a “ISA Review Qunaton, Answer & Explanations Manal 7 EatonSete oman 2-neronmATion SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION ASIN Which fh folowing BEST helps an 1S adic evaliate the quay of programming activites related © fate muitenace casilites! A. The programming language BThedevelopmen evronment CG. _Avarioncontel sytem D._ Progam coding stndards Die the correct anamer. estan: ‘A” The wogramming language may bea conce its no commenly sed languages homever, ropa coding stands ae more pant 18. The evelopment crvronment may he eevant ocak the esky af the program devskpment ross but no ure maenance ofthe Feet. ¢. _-Avasion contol system eis manage sofware code isons: however, it does aa ener hs ‘dig standard ae corse appli. 1D. Program coding standard are requiced for ecient program maincnanc nd madfcains sce the quality of programming actives an ture msntenance capable program dards arent wring ready “understanding cod, simply and clear, without having reer back aden pelictons. A8-159 During asstem dovlopet ie eye salt fs human resources an payroll application the 18 aa rots thatthe da ued er ser acceptance testing hve been masked. The pupusa asking the da it sre th AL conf dena ofthe da BL scevacy ofthe completeness ofthe da. DL rohit daa, Sanctions [AL Mastings used wo ensure the confeatabty of production environments, 1 Maing does ot cnr accuracy ofthe dt, th neyng dats are inaccurate mashed ata tbo aoa be inaccurate C_Masing does terse completeness ofthe dts, Ihe undying dat ar incomplete the masked ‘ta alse woul be incrplte 1. Mating dos not ensure telat ofthe data, Lhe underyng data are nll, the mse dts alk wo be era ‘ISA Revie Questions, Answers & Explanations Manoel 12> Eton a RagaDOMAIN 3-INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION e mo aso ana ‘Which ofthe following sips an 1S auc evaluate the quality of new software thi is veloped snd mplomanod? |A. ‘The reporting of fa can time Reween les or ne The cwerall meantime o repair flues CThe first eport the mean time Between flares 1. The vera response ie octet ues (Cee correct answer. phe mean ine bowen files tha ar repetitive inca the inisincy in xing the irs repre Fules and isa rection onthe respons fea help det earn fring the roped ss. 18. Themean time tvepir sa reflection onthe sponse bel donk cam i adesing report sacs. C.The mean the tetwee fal “ivironment. This information help the IS suitor is developed and implemented 1b. The respense tans fies he agility ofthe sponse tear rhe lp desk eam in adesing reposted sus. ‘Which ofthe elloing cases the LOWEST risk when managing faites while ranstening frm egy plications to new apetons? A. Phas langeove BL Abrupt hangeoot Clack pocedire Pua tangent Juseation Ar Phased changsoct nvlves the changsover fom thee stem othe new stm in phased tramne Thctn, ano tne wl the od aystom and the neways bth be Fly operational a one Inept ten 1b chaogemsr ts ow syst xchange om the old stom on et dat nd ime, and thecld pstem slacontiued afer change to he new str aks pce Therlre, the od Sete tot wale as back here are problems when the new stem i amplemese. ¢.-Rolack proces inolve restering al sats to he vows working sas however, parle hangover he ator tay 1, Parallel shangever involves fst running the ol system, then running oth the od and ne {tems in pats and finaly fly changing to the ew system ater galing confidence he Fantlonalty of he new systeme (FORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION AMI42 Which ote folowing BEST help an 1 stor ness nid measure the vale ofa newly inp syste? A. Revirw of basins ruieents Syston cerieston © Postimplementation review Di System acreiation Ce the erect answer. [AL While evewing the busines requirement is important. only post-implementation review provides esidnce thr the projet et the business egies 1B System ericson imelnes performing a comprehensive assessment ais a stnd of Imanezement, operational pd technical contol in a nfaration sys wo examine the eve oF Crngance to mesg cenuin epncrcas nah x stm poles, proces reer, work ‘rtractions a uielines C.Onckey objective of «port implementation review i to eae the projected cost-benefit or {he return om nvetmnent metsurement 1 Sytem accrediation sm iil munigerent decision to authorize option ofan nfnmation system ant exphclyaoep the isk othe oraniztons operatic ast onda Bosed On the iplementtion of an apres sof euemens and scat conte, ABI43 —_tuge nasa onzunzation spacing an obsolete leacy sytem an evan wheter 0 buy 8 est slain o develop te ncn Winch fhe fllewing will MOST Iiely acc the decision? ‘A. Technical skis und knowledge within the ganization elated sourcing and sotiware development 1B rivcy requirements av apie ode data prvesed by te api © Whefic the egy sytem being replaced as ueeloped inause 1D. The wer ot devoting reasonable tne to define the feetonales ofthe slain ‘Ade the correct answer [A Crital core competences will mes likly be carfily considered before extiourcing the lansing pase of te appt Pry relations would apy to ft cations. © Wl indids with knowledge ofthe lay system ae epi, thy may not hae the techie shillsto hal’ new sytem: Tharcor, te ot he primary ator ening the make vers ay decison 1D. Unelarbasines requirements (Tanctionaitis) wil smal fet cher development process al xc the primary factor inuencing the mae veri decison ‘ISA Review Questions, Answers &Explancions Manual 12 Elon a aoe‘DOMAIN 3-INFORMATION SYSTEMS ACQUISITION, EVELOPHENT AND IMPLEMENTATION. asus ‘Acompany'sdevlopint cam dove nt flow geverly accep systom development fe ye pacar Vhs tte follwing i MOST ley to ae problens fr sotwae development pres? Fuostional veifiation af th prototypes assigned to end wes ‘The prc is imolemented while minor ioc are open rom user acepunce esting Prsgtrexprstalitcs reno formally defined te begining ofa poe Progam documento is madeqate the correct answer. asta JA rtetypes are vated by ws TR Uneraceepance esting is ekhom completly secs Ierors arent eral, they maybe oer efer aplmenttion witout seus acting was. cEsvoreor ack ofattention in he aa phases of project may cause cosy eerors and inemclences intater pases. Proper planuig ls required at the begining ofa projet. 1b. Lack of adequate prota documentation, whe 3 conan is not as big isk the lack of signed respons cviog the nial tape of tho projec. ‘an 8 alitor has been asked to rovow the implementation of cstomeratinship mangement stem fara lange eeganzatin Th IS air dacovered te project ince sigan over bgt expenses and ‘Rone seep camel the projet to miss hey dts, Which of he owing should the IS aude recommend or fate proj? a Project managenent ining ‘Asafivare base 2 blanod scorcard ‘Awsomatedfoquemens software Bethe carrot answer. cation: Wie projet management ting ta god prot, doce mt neces proven Scope rep tout he we of. sftwae sls and obs egurments change proces, Use software baseline provides aca pint forthe design ofthe system project o pci a scheduled without being delayed by scape ere. ‘Rnlanced screed chron st of performance mesures organized ato our expos hat {cen wiinal Financial rca, bt ne castomer, seal sess proces, and ering and iprowh porapectnes tdows not preven scope creep {ac of atomic siemens sofware does not decrease he risk of scope creep.e Semin __ DOMAIN 3-INFORMATION 6¥STEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION = ASI46 Which oe flowing he BEST inor tt a mwly developed yt wl be ws aris in prion? AL Represion testing User acceptance eating .Socidiiy texting D. Paral exing Bic the correct answer estates 1A” Rogrsson et rests dono asst with the wer exprines an ate imal concen with now fuetonaiy er peocesses at wheber thse changes lied er broke previ Feil, 1B. Useraceetance testing undertaken to preside confidence ha system or system om pertes as htended to prone a basis fr eval¥ating the fplementation ofthe requirements to demonstrate the effectiveness or ellen of the system or component Ife rests ofthe {esti are poor, then thesjtem f unlikely to be adopted bythe wer C._Sovilty test cous nia ow the epication works wth thr components within the ‘minment and snot ndtv of the ner expen, Pale etn is prfoed when he compara of two spins neadd but wil not poi FRetack n wor sation, ABET The proj tering commie i latly reponse or: A day-t-day management and leaders ofthe project. FR locemg the antigo th projet. © projet delierabes. cost and tebe. 1 Cann that syste cols are apace (Cte correct answer. ostiiat [A Day-orday managment and cadrip ofthe project ithe anton af th rjc manage 1B Proving tn uring fort jet the ition of he poet sponse. C._The projet steering committe provides overall direction: ensures appropriate represent athe major stakeholders inthe proses ontceme; and takes alma rerponsiiity fer the Ainerables, ests and metab. 1 Ensring th tem corals ae place the Fncion ofthe project ect office. ‘ISA Review Questions, Answers & xplnatens Mansel 12" Eon ae ReeIN INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION ABA Which ofthe fllowing BEST hops emsre at deviations fom the poset plan ar nti | projet management raework ‘3 pojet managment approach 2 pees ese pan ‘jot perfomance teria Dis the correct answer estat et satshment of projet management menor dates the scope and boundaries of managing projet and the conitent method wo be appli when iting poe but Jes not define the {hte ne to pease project ses. 1a.‘ prose manazenen approach defines guidlines fox project managment processes and dlls but coc ot define th crkena used o measure prose sues Cc Nywojet esos plan dctnes dhe sponse, lationship, autores ad perfrmance criteria pot toamn cms but os not whol define the cits wed to ease projet ccs. 1b, Toltdentfy deviations from the project plan, proc performance criteria mast be established iva baseline, Soseatl completion f the project plans ndicatv of project succes [An 1 wad is reviewing» pet forthe implement oa mision- ocamon hw et move toh 3 proces ‘c _Data iow diagrams are ned axa lo graph or chart data ow and storage They trace data Trot ter orgiaton fo destination, highlighting the paths and storage of ata 1b, Thepurpus of data Now dag sto tack the moveret of sta ough a proces and ino amar to dosent onde how dats are genet. Which o th allowing stern i asta wile drain a disaster recovery plan? |A, Downtine costserese as he recovery pin bjstine ees 8 Downtime cosines with ine CRevonery ints independent of in 1 Recovery cot ca nly be controled uns short er bass Bis the correct ans station retpowntine costars nt rll to the every pin ebectve (FLFO)-The RHO defies the da ecu stategy ic cata ofcovery cont ter thn to dowaime costs 1 Downtime cont-such alu f sles, lle resources, salaries—ineeabe wih time A disaster fecovery plan sould Be dra t achive the lowest downtime css possible (¢.Revovery eats aetense wih the ine alle fer ocvery Far example evovey oss recone Thies operalins within te days wil Be ghar than th costo fever buss within seve days The escce of uncletne DRP sto minimize wecrinty and increase prettily. 1b. With goo planing, recovery costs can Be rected wd cone ‘CISA Review Questions, Answers & Explanations Manual 12° Elton= DOMAIN 4-INFORMATION YSTEMS OPERATIONS AND BUSINESS RESILIENCE Ad Although naagerent has sted others, an Saar as eons obi tthe cegnizaion is (Sing softeae tat nt Hoes Ia siteaton the 1 ator sboukd FIRST ‘A. incl the statement fom management in the ait ep. Bh very the sofware ie nue rough ftng (Cnc the tom inthe aud report. dacs he ese with senior management Deca i could have a neste fact on he organization, Jusicaton: ‘AL Thestement fom management maybe ica th ait repr, bt estar sold fnpendnly vate the satements mae by management ene sompltees and acc, ‘8. When there sn indicauon that an organization might be using uneesed software, the audior should obtain sucent evidence before nla i Fenort, CM respst to thie mtr eesti oboe set cat bs nde vei. 1. ATi ognization i usng software tha nlc the Sa, to ani je a independent nc this nthe report, bs th Sai should vr th i a Fat te cssehfor resting it senior mangginct AUIS Anadianage of using oriole twisted pir (UTP cable for det communion oer athe oper asd abe that UTP ae ‘A. reduces ergs eten pai 1 prondesproection agate wien Gane wed in ong staes otek D_issinplet insal, Ante cvrret annver [AL These of unshielded twisted-pair (UT) in capper wil reduce the Uhelioed of cost While the vised mtr of the media will rive sensvity To leona: dtrbonces melded copper wie dec not provi adequate preteen apn! wiring. (©. _‘tsation sare if eopper twit piel sod for than 100 meter seta the wie oa peter 1 Thetecte and ecbiguo to install UTP are ot simpler or ese th tr copperhaed cables. ALI6 Which of he allring the MOST crcl tment to eetvly exe sat esovery plan? A. Offste song of fackup dats 1B Upetlate tis of key dss ecovery cots © Atuiabilty ofa replacement da coer, 1D. Clery delined resovery tne objective Ate the correct anewer, (rage of chaps the most critica aster recovery plan (DIP) element of the tem sted because aces fo backup datas rquived te reser systems, 1 Having lis fey contacts portant but not as impetan as having adequate da backup CC ADUP may sea replacement dls enter or some cher soation sch ae a mobiles, reciprocal green or outsourcing agreement, 1. Thviga ely define emery tine bjt especialy npr fr snes etn planning theorem of sas coer ie ecovey of Tsai capt) da ky “Gish Revow Govt, Anawers 8 Explanations Manual Eitan warDOMAIN 4-INFOAMATION SYSTENS OPERATIONS AND BUSINESS RESILIENCE (easy sata Ms ‘hie reviewing the psi or continuous monitoring ofthe capacity and perfomance oF TF resources, an [Sutter shoukd PRINARILY ensue that the peocess soe or [AL edzgutely monitoring service levels of resnurees and services BB proving data tele tmely pinning or capac aa performance requrement {C.__Froviing accuse feedback on TT rescrce capaci 1. propelyfrcastng performance, cap and hughput oF IT resources te corres estneaton: see Continuous monicrng fest eau that sevice lel agreements (SLAs) ar et, bu this woul fer beth pinay Toss of monitoring. Is possible tat even ia sytem wore fig, it wuld moe the reuiements af un SLA. Therefore accurate ealiy mentoring is more imporant. 15. Whicau anol fm capacity snl perfomance montonng would Be sn input he planning owes the pinay focus would be mono atari. c.‘Kecuraecapacty monitoriag oT resourees would be the mos crital element eects 1. Wile contour monitring woul lp manggsoont prs! ikely IT resource capubiite,the Ino tcl us would be that niaity motoring cere. Wich ofthe fellowing group it the REST source of norman for determining the erica of| plication systems guar of business pct ana? ‘AL sins pocesss ors BT management C._Sonor bins management Industry expats Ate he corset usta 18 While FT managmont must be involved hey may not Be fully aware ofthe busines process that ea obs pote (C._Whil sine mansgemont must be iol hey my pete lly aware oF the erica of tlieaoes thu neo abe protect 1. ThebIA fs dependent on the unique basness ned of he osanzaton ad he sic of incry capers ta in ae. “CISA Review Guectiona, Answers & Explanations Mancal 12° Editioned DDOMAN 4-INFORMATION SYSTENS OPERATIONS AND BUSINESS RESILENCE ish sess A419 An IS audir reviewing an onganization' aster covery pln (DRP) plementation. The roe was ernpletedon tine anon budget. Dating the review, th sur uncovers sveal areas of concern Which ofthe long pects the GREATEST risk? [AL Testing ofthe DRP has nt been plo The distr rooney sayy does no speci use fa hose Thetusnes impact unalae vas conduc et the rsalts were nt used DL The dhastr roctery projet manager for he implemen hae recertly let the egaizaion Ce the correct anever. Austin: [AD Atha testnga disaster recney pan (DRP) crcl component of sist der sory stress othe bigest ke agent ik comes om plan al nt pe designed 15. Usoata hot site sa sales termination hasan looker ctl oa Foe ‘Atco singh te aye eesdeted a pond pacts, this fe very coy sl tat ay fotbe require forthe onganizaton The risk of wot wing the elo the busines pact planting cane thatthe DRP my not be designed te cecoer the mos tel aes te Correct order. Ara ren the pla tay not be adequate Yo Ifthe DRP i designed and decumestod prope the oss of an experienced projet mange shoal ‘ave mininalinpct The risk fs poorly desig plan tity me mes te requirements of the loses much more significa than tek ose ye ofthe project manage. ‘84-20, A ser in lease several rita seewnty pte ver the pst ew masa his has pt tin ‘onthe ably ofthe admits whee the ples tered a dpayed tel mame The ‘Mhinisatrs ve asked if they ould edue he esting ofthe pees, What appeach shoal the ganization ake? [AL Continue the cartnt process of esting an ppg patches, Reduce esting al ensure that un alate cK plan in place C._Delay patching util resources for fsing a able, Rely nthe venors tenting ofthe patches Ale the corestanomer, usta: 'AL Appling security software patches prompt critical to maintain the scary of the ever fart, esting the patches s important because the patches may afc oer sans Tse operations. Because the vendor har recety rks several rial patches nw shor ae ope ha this sa terporary problem ae dns wot ned a revi fo poly wr proedres 1B, Reduted testing increases the rsh of business operation dinrption da oa ft o corpse fh While a backout plan does elp iat thers thorough esting up fet mou be the hor sppropnte oon (C._‘Applsngsecusity Sova patches pomp is rial omni the seri ofthe servers Delsing patch woul inrese te rik secur beac eo rystom slr 1 thetesing done by the vendor may not he appeal the ystems ad vant he cremation that nots depo the patho ‘TEA Review Quatons Anawor & Explanations Manual Raioncount 1-nromusron so oP ATONS Ao WHNeR RENCE @== ae Mar Which ofthe following isis shoul bes MAJOR concem to an Sauder who is viewing service lov agtesment (SLAP [A.A srvice ajc resulting fon an exception rept ok day to meme AL Thecomplenty faacation logs ed for service motoring mods the review iia C.Service meases were not teed nde SLA, 1 The document apt ona anal Basis tte correc ustieaton: Reson ists lat to exception reports is a operational sue a sul bo aes the Service level assent (SLA) hawever response ime of one dy maybe accep depending on the tr ofthe S.A 15, The compleity cf appicaton loss is an operational isu, which snot relate tothe SLA, C.Lackaf service nensure wll ake aiuto gauge the elflency and effectiveness of the IT services being provided. 1b. While itisimparant hat he document be current, depen the emo he agreement, may ote neces change the document more equ han ara During am 1 aio he diate recovery plan fa plot enter, the aor observes tha some ‘emote offices have very ned lol esores, Which he following absevaians wo be the MOST ria or the Sse? [AL Atest has ton mide to ese tha oa esouees could intun Secu an service standards then covering frm a disaster rieden. 18. The comport uses comity plan des not secur document the systems tha exit t remot ss. cc. Corporat ity esses ave not bean icerperated in tees pan tet no rn mae to ensure hat tap Backups from te reo oes reusable Awe estteation: ‘Ar Reperdes of te capability of lea TF resoures, the mast ei testing which would dent quality sues nthe reevery proces. 1b, Thcorpote nines continuity plan my nat include iter ecovery plan (DRE details for ‘emote oes iportant to sae tha the eal plans have ben tse. (C._Scewiy isan importa ese case any cons my be missing ding a ster Homever, not ving tested lan more sport 1b. Thelschups camo be tue un ey bave Been eed, Haweve, this shoot be ne as pan oftheeee DOMAIN ¢~NFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE |AE23. Which of he following repos shoul an IS auhor ast check compliance with service lvl agreements requirement or pine? A, Uilzation septs BL Hardware ere epors Systm foes Do Asada roors [Ar Uilzaton reports docamcn the ae of computer equipment an ca be wel by magento rect how, wher andlor when ours merited. 1B, Tlarlware error esos prove formation Jo ad in detetinghavae files ad ining once action, Thee ero reports may not dirt atal system apie, Cc. Sywom loge ae ued for reonding the ws active, They may at idee aii, 'D, 1Sianeiity se a downtime, adrensd by availabilty reports, These reports provide {he Ime perinds daring which the computer wae aallable for wlzain by wre or ather pracesien AL24 Which of he following would an IS autor use fo dtemine if unathxized madifcaons were mde Production prowams? ‘AL Syst og ans BL Compliance testing .Rovasic anahst D. Amica review isthe correct answer statin ‘AW Syst log ali woud identity changes and stvty on a sylem bat weld no ei whether the change wae authori une conde a ato a compliance te Determining th thorized mieatins are mad to reduction programs would reir the change management proces be reviewed to evaluate the elstonce of rl of ‘documentary evidence. Compliance testing would help Co verify tht the change management proves hasbeen applied consistently (cori analy sa pili ohn for criminal investigation, 1D. Ananayical oie assesses the general enol enorme fan organization {isa Revi Guests, Answers Explanations Manual 1° Eaion a pan omenDOMAIN 4-.NFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILENCE (ed eta ae aun ‘burg chang eo auto peso ten at IS au Fins at cage angevet procs is ew fly Soames Smeaton roses le Wl shook the fa do net? |A. Recommend redesigning the change miaement press ‘8. Gain more asurnce onthe Sings trough root cause aa {C._Recommcnd that yoru migration be topped until the change proces is documented Document faking ond present io merase Bis the correct nse’ Jestieation: pe Whie it nay be roses to rdetign the change management proces, his cannot be done util root cause alts constod to determine why the cre proces snot being flowed management prec) the TS auditor should gin asurance that elated te deflcincer the change management process and not caused hy some process ether change management. ‘ptsnea leon Ben able to make changes when necessary. and security patches must fen Be payed promptly I wou te ease hal al eanges unt aw proces developed 1. Therewheof hem including te fndings of nancompiance wil be delivered to managerat ‘nce not ease anagss oF he iss has been compet ‘An 1S aor evant sions of igh svat newer shuld be MOST conrad if [AL the seupis peopl dispersed 18 the servers are cetera in one te {hot stern or ction. divers ring simplemente or the network asian A Diopersd pgm lations provide backup if st ae Been dastryed ‘3. -Aclustered setesn one sie makes te entre network volneable fo natura eruptive event cA tor se woul ss bea god aernuive Fora single pola fire she 1D. _Ditene outing roves tlecommuniaons buck a network fot avilable, Management conde wo projections fr its disse reovery pln: pla A wih two moms ally ecover a plan B with ight months to fly exovr. The ecver plat ebjetives ee the sme in bth Plans is ressonable expect th plan B projected higher A. dont costs 1 resumption cots C_tecovery coat D. walkeugh cods ustietion: [An Because management cosidereda longer time window for ecovery In plan B, downtime costs Incl in the pam are likely te hh 1 suas the reser tie rps anger, resumpin costs can be expt o Be howe (Ceca th everytime x pln 8s lrg, secovey cuss can be expected to Be we DL Wallrough cons art part of aster coreysexton ‘DOMAIN 4-INFORMATION SYSTENS OPERATIONS AND BUSINESS RESILIENCE — A$2K Which ofthe following woud an 1S autor cans tobe MOST help when evahating the effectiveness and adegacy of povenine computer mainonnce pou? A. Arte down og BL Melos laity ures Repay sched maintenance log Aiton prevntve maitonnce schol ‘AL -Asystem downtime log provide evidence regarding the effectiveness and adequacy of computer preventive maintenance programs. The lag a detective entrl ut esse ti adating the flfeciveness of the maintenance program, it validating a preventive contro 1 Vaors lability ewesare eet neler maser af ree msinteance progam, C._Revewing the log pod detective contol we ensre that rsintnance ms hn: fee, oy the system dovatine wll adeate wheter the preventive matenance actly working well 1D. Aschodule isa goed contol tense that untenanc i sched and ht ote ate mised in the mnntenanee shee however, snot gumance ha dhe work Is actly being done (M29 An organisation kas mplemcrted an olin cistomer Hep dk aplcation ang software as e seve (Sa:8) operating model \n 8 air i asked to recommend the best conto 9 monito the erie lev ‘agreement (SLA) wit the Sa vendor a oat te aabiy. Wath BEST rscomncaton that the IS attr can provide? A. Askthe SaaS vendor to provide a weekly repet on aplication opine 55. Impkmen sn nie poling tol a moniter theapletion sd rc tages, C. _Lopalfappicaon outages repre by usr an pera the tage tine wee ._Ganractan independent thi party opevidewecly reports on appietion tims ‘AL Weel aptcation ailabiiy reports ate wl, but thes eps reset ony te vendor’ peste. While monitving these reports the nzniation can ras concems Of nace, However witout neal monitoring, ck concerns cannot be subst, lapemet outages te Best option fern organization to moniter the software asa sevice application avilaliy. Comparing intemal reports withthe vend vencor's montorng ofthe (C.Loguing tbe outage ies ep by sess ell but dos not give ator pare fal eulges of| ‘he ane applistion Some oatages ay 0 uneported especialy the ouinges renee, DL Conracting hid party to implement awaisblty montorng to cst elective option ‘Allen this rele nx shift oo mono the Sa senor to monitoring the itd ey ‘GSA Review Questions, Answers & Expansions Manual Edin aDOMAN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESIUENCE soem [A430 Applying stemion dae on file wil ensue tha |A. dats inno be ea uni the dat is BB da wil nt be dete bore at date C._bchop copie reno tained afer ha date DD dniaset having he same name ae diferente Bethe covet anne Justification: the retention dit wil ntfs the bly 1 real the Me 1h. _Aretenton date il enure that le cannot he averwriten or dete before hat ate as pase. C.ochup copes would be expel to hive lifes retention date and rte, may bo tain ses he flea een were. 1p. ‘Theetaton date nt the Ttetion date, wil ecu ile wth he ame name. AMAL Whit ofthe followings a network dagstic el that montrs ad ecords nctwork information? A. Online monitor B Downtime pont Helpdesk eport 1. Prtonlanalyce Sasa seen Sotine mositersneasirefscommuniation transmissions nd determine Whether nsmissons wine scouate ad compete 1 Downtime pot rack ds vay of tecommaicton ines and cea {CH desk reports are prepre bythe lp desk, whichis staed cr srt by IS hn support perros! wana handle prblcns curing daring the couse of 1 operation. 1b, Protocol analars are network diagnostic tol tht monitor and record netwark information from prchetstrveling in the link to which the asayer Is attached |A&32 An autor oadsoreview the prea usl to estore sofware application tit sae rie tan Upgrade, Three th suitor nee 0 ass: ‘A. problem managonont procures 1 efwaredevlopnent procedure. Cacho proce. insides mamagensr proces (Cis the corrcet answer Iusication aetpablom managencn proces are wed to ck we fedhack al nucs eae tothe option of tm applcation feed ali and problem relation. 1b. Sonar develojmen proceduce sth he sofware deelopent Hi eyele (SDLO) ae wsed tranage te ccatono acquisition of moo oid sofware [Backowtprocedres are usd to restore a yatta x previous sat and are an impertant ‘lent a the shang contrat process. The other chic are not rated to the change control proves prone which specifier what procedures shouldbe followed when software sb Upgraded but he epgrade docs nt work aad requires fallback tos formers 1D. Welene manaponent pocees re wed to manage sro o robles with system operation. They [snuly weloy shel dst One ofthe acidnt management pocedres ay be Wo 1 alow faback pn oo TaaA Devhon Grestoes, Answers 5 Riplasaiions Maman! 12° BionDOMAIN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE A433 Which oft ltowing sa MAJOR concer dering review oly desk activites? ‘A. Cerin calls could not be solve ty th ep desk ean, 1A delcated ie no signed the lp desk ta C. _Resaved incidents are cloned witoa referee To end ser 1D. Theboip desk instant mosaping has hace down fer more tan sx months, Clete conroct anever. [A Aliph tis of concer, it should be expected. A econ sso procedre shold be ‘lesoped o tan sch errs 18. Wea helpdesk eam sould have dedeated ine, bt thi encpton mas ei he tect! eam uate losing an ici. C.‘Thehetp desk function fen service-oriented unit, Te ed asers mt aie fare a Incident cam be regarded a else. 1B. Insant messaging tan acon io inprove the effectiveness ofthe lp des ea, Hs absence cot essen ava majo once x lon cals can il be ade ALE The MAIN purpose for periodically testing oft aster recovery Fie A. prot the inti ofthe data in he dears BB Glmsnate the noe to develop dete contingency plas. {Cen the cominued compat of the contingency ees 1D ue that program an spem dicemetton remains caret [A Thetesing ofan oft fcty des nehing 10 pots the stg ofthe datas, It oy tt he salty of backs bat dos not pot tht 1B, Testing an offi ato yt the ale othe cootingeny plans andi no sed to eliminate led plans. © Thema purpose of ofiehardvare testing is to cnnure the continued compat of the comtngeny facies oth assurance can e pained that the contingency plans would work it 1. Pregam and stem documentation shuld he rvewed continuous for en. Aes of a fie {sce may nvre th th downto fort sit carte bat this sot he rps etn anoTee fly, {BSA Revow Ganson, Anwar Explanations Mancal 1 Elon a pee‘DOMANN 4-INFORMATION SYSTENS OPERATIONS ANO BUSINESS RESILIENCE ssas A laege cain of hors wih electronic fds wane a point fle devices as ental commucations prowenor fr connor the bukngteiwork, Which ofthe following she BEST dnt covery isn fr the communion proceso? A. Offsite storage ody boskops 8 _‘Alernatve sandy proceso onsite Calton of depen eration Tinks 1D. Ateative sy procenar at anther nctwork node Din te correct answer. Sestfieaton ‘A Ofte voageo°buckupé would no sp, cause electronic fans tansfr endo be a caine proves and offi age wil trac the dyfuntonal proceso. 1, The povinon ofan altsrate proces ote would be fine were a euipenent problem but ‘rol ot help ee eae os pomerontage and my ree tchncal expr octave the therat eine Cleats of apo commusication links would Be most apropriatsii¢ were oly the omarion Ik that se vy processor at another netrerk node would eth est sli, nkty of the central communications processor would disrupt all acces to the banking network, rsutg nthe asruption of operations for all of he shops. Tis culd be eee eet The datise admis soegess that dates ficiency ean be improved by desemalziag some fables This would et ‘A. es of confidentiality 1 increased reduniney C.muborized sess application malfencons. Dis the correct amwer. station ‘Av Denoraaton bul! ot cas ls fone ven hough one da may be mele The ‘Staeus aminttr soa ens tt esos ono dass ein eave 1 Normalvation a design or optimization processor a reaanal database that increas redundancy Redundancy, wtih wbellyconsered postive when Ks question of resource aaa, tentve na database enviroment eae demands adonal and aherwse wines dat handing flor Denoraalation i sometinesavsbl for feetonl reasons (¢. _Denormizaton perish socio the database, mt the aces cones shook no ea Sn unaitorized cos 1. Denormalzaton may rogue some changes tthe eal tween datshases and aplications bu should sot caue appeion alunctions “CISA Review Questions, Answers & Explanations Mancal 12 Eon(oad ss ‘DOMAIN 4-NFORMATION SYSTENS OPERATIONS AND BUSINESS RESIUIENCE ‘AGT An IS autor hs oon assigned to conduct tes tht compares jo run lst computer jo sche, Which of fe following servations mould be othe GREATEST concern othe Is auditor? ‘A. Thow ae growing number of emogsney changes 1B. Thow were instance han some jb ware nt completed cn tne C. ‘Thove were instances when sme jobs wore onedden by computer oper 1, Bvicence shows that oly sched jb were ran (Cte crest answer stficatin [An Emagency changes are acepuble as long they are propery documented a par af he process. nines of jobs not being comple cn tne i Leia se ad shuld Be vested bat sot fe greatest cancer ‘© ‘Theoveriding of computer processing fobs by computer operators could lead wo unauthorized 1b. Thonn shoul id ht al sched jbe were rn and hat ny exceptions were dosent This sro wot be a silation, Mae ment rouired changing database vendre, Which of th allowing ats should the {8 tor PRIMARILY examine in elation to his iplementtion? A. Ina ofthe data 1B Timngor the caver © Authorzation ve of ass 1. Nermazation ofthe de ‘Ate te vert answer. ato ‘Acai sse when migrating ata from one database o another s the lategrty of the data sindeasuring thatthe data are migrated completly and correct 18, Thotening oh eatver is important but because he dla ee ing migrated nw datas, Ahpkcaton shold not be ee (C.‘Thosuthoriation of th users snot as relevant athe athvizaion ofthe apistion because the er il stds with the taba ough an application, and the wes wl ot sty nls tithe database, 1D. Normazaton itso desig he dtsse and isnot necessarily related to database migration AMAD_——“The objooive of concurrency contol in database system ‘AL reset updating ofthe database to authorized users 1 nse inept when two process tet opiate the same data he same tne _prevnt inveret or uatorzed dselsie of dia the dataase ensue te accuray, completeness and consistency of dt, ‘isthe corect anne Suse [Ar Accts conto restrict updating of the tba to authried ser. 'B. Conerreney controls prevent dat integrity problems, which an aise when we update Proverer acces he same dat tem athe same time. (¢.Canmissuch as passes revert he inherent o unauoried ses fd or the ibe 1. Quay sonra sch eis emu th accuracy, completeness and cnsinteny of data maine in theta ‘GisAReven Guess, newer & Explanations Maal 12 Eton Bar =sacaoeeDOMAIN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE ae Mean Which ofthe following conte would provi he GREATEST assurance of database ites? A. Aaait og prsedes BB) Tubletinrofrence checks Cuca accor tne ces 1. Rolack and slFrvard database fears Bie the corres Justiication: area lg proceds enable soning of al ees thi hve Ben atid and el in acing the ‘rents. However tcy ely pont to the even an do ol ensure emptor acetmcy of he ‘atshas comets 1. Performing fale Uakirference checks serves dete abe aking ereors (se Completeness an} accuracy af the contents ofthe database}, and ths provides the grenest surance of database integrity. c.Queryingmoniting table aes tin checks lps designers improve database performance but sot inte 1. Rollck and olfrvantdatubse fests ensure sory fom an aera dmption. They assure the imogty of te tanction that wa being proceed atthe Gime of depen but do mo provide tswrane cn the lgray of he conets of te datas. Which oF he allowing i widely accepted as ne of he titi eomponcns in eswoking management? |A.Configraton an chang management BL Tepoogial mappings C._Appliction of matoing tools D. Prog server toupeshootng Sostifeation: A Configura ‘because estabtaes haw the network wil function interna the managemen of configuration and nonKoring performance. Change management enreres preety tack 1 Toya eapyings provide outlines ofthe component ofthe network and is comeetviy This iepora to aco asus such as single pin of ali and proper nar ton bat ote thon eal emponent of netork marge c. _Rppcati montoring fot» cri! prof network management DL Pany sore robleshacing Is wo for troubleshooing parposes, and managlag 2 pony i only Smal put of etork management “CISA Review Questlons, Anowers & Explonations Monual 12> Giltionem DOMAIN INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE aun ang ropranmed conto overpass mansgemen, which ofthe followings the 1S audiae MOST icy 1 rely 012 A. Ase ohece B. Abst ol Rui check Do Aleildesk (Cis the correct anower ostieat on: [AL Aros check it wef because pastors should havea minim length, bt ti ot x tong of a ‘contol a vali, 1, Pauwords ae no pally entered ina atch mo, co ahh ttl Would at be effete: More ot mee aye pss, eros or omen ©. ‘Kuala eek would be the most useful forthe verison of passnords becanse it would ‘er thar the reqieed fe i 1. Theimplememation of ek chek woul nthe eetve as vat chock da erie a all asso eters have oes mist. M43 Which ofthe flowing represents the GREATEST risk crested hy arsine gremont or dite ecvery nade Between vo companies? A. Devsopmens may rest in hardware and softvate incompatibiiy 1B Resortes ay ot be avaiable when need © Theresvery plan canot eve tested 1D Thesecary dates each cmp maybe difeet A she erect answer ostiteaton: ‘A. Hone organization updates its hardvare and software conigeation, stay mean that itis no longer compattle with the ystems ofthe other party bn the agreement. Tis may mean that ‘ach company i unable ou the falies a the oer company to recever thei processing Toteing disaster 1, Reserces boing uvilable when ned ar an intrinsic ik yea arse, but his ‘contractual mater an is ot the retest ik ¢.Theplancan bette ty papers walk thos and psy by greet Betws the comps 1. Thodfrencein eeu nascar, while ik, sot nsmconae, “GisA Review Queso, Avowors &Explenetons Mona! Elion SS —DOMAIN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE some aes Which oe followings MOST dissect by network performance moiterng ool? A. tei 1B Avmlabiy ©. Completeness D. Confident isthe corect answe Justieation: A Netmork motrin ols canbe ws delet eros th are propagating trough a network, but thet primary fas on nese reli 80a th network is viable whe ru. 1b, Network monitoring tol allow observation of retwerk performance aud problems. This allows the alminstratr to take corrective ation when network problems are observed. Therefore (he ‘characteristic tha mst aieeuy ected By MetMOrR moira. ¢._Nework montorng tol wll ot measie compatanes of the cnmunican, Ths is metre by the ond pois ne cmmmuicaon 1b._‘Anctwork monirng to! cn ile content by allowing network administrator ocbserve ‘onceneryaed tec This eee call protectin and police regarding the we of network rmonrng tools ‘Wen anding the onsite achiving proces of emails th 1S auto shoul pay the MOST ateton wo Ae exsene ofa dat eterton poi the store capacty ofthe archiving clutn, the love! of wr arenes concerng eal us {hesappet and sabi of the arching lion manatrer. Ata the correct answer ostifeaion [AL Without a data retention policy ‘requirements, teemall archive wen required 1h The storage caps of te achving soigion would be elvan ithe proper email messages hve hat been prope preserved ad thes have boon delete. aligned tothe company’s business and compliance preserve and reproduce the correct information y c The evel of useramarcncs concerning email we wold ot ety af tho comptones and earcy ofthe achive ema 1b, The support and ably ofthe archiving slion manufacture secondary tothe ned ensare {retention policy Vendor suport woul ot deat aft the completes and accuracy oF he ‘sched email mo as peet a aChal DOMAIN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE A446 Venors hve release putes xing seuiy ans in soe software, Which ofthe following should a suitor rcommond in tistaaon? A. Asoc hema f patches riot instalation. RA voor fora new slate venion with al fies inca CI the cuit patch inant 1D. Decl to del with thee vendors nthe Sts At the correct answer estat: [AL Thestec of tstaling the patch shouldbe immediatly esluated and installation should vecur bhaed onthe reals of the evahatlon, There are numero caes mere a pach rom ove vendor as tfected ther stems; therefore Is necessary to test the patches as much as possible before ling them wut tothe etre vega fin consuming © Toit the path without knowing whit i might affect oul asi cause problems. The islation a ch yl ale spte avalbiythoefne, the patch shouldbe ld ot 3 neta {copa to the busines 1B. _Declning wo dent with vendors dos no tke care ofthe Maw and may severly limi service options, AMAT Which afte following conte would be MOST effective in ening hat production sure ene and objet code ae synetraized? AL Retest rte: sure and objet comparison eps BB Liar control sofvare reticting changes to our cade C._Resticed acces to source cade an objet cove D. Dateand ies reviews of source a jet ee Dis the carect answer ostiicatin [A Using veson contol software and comparing source and objet cade a god practice But may ot dete «problem where the rource cde ea dioent version than the objet cose All peconiro shoukl be preted wih acces contd, nd hs ny pct omc a om npg Hower this wil mo cme tt sauce ad eget ode aha on he sae esi © Wes good practic te poet all eure a ebjectcae—even in development However this ill nat ene the sychronation of source and ebjetcoe 1D, Dateand timestamp reviews of soure and abject code would ensure that source code, which hasbeen compiled, matches the preduction object coe. Thi i the mos effective may ta eae {hat ihe approved production source cde I compiled and the ane Belng sed ‘ISA Revlon Gustin, Answers &Explanaone Manual 12° Eaion| a ‘Sten igenDOMAN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE a Me Mo ‘A daahose anise (DHA) who nests o ake emergency changes wa database ler normal working ese shoal og in: |A. with her mame scout to make the eangss 1B with he shared DBA account to make he changes Cote server sdsisraive account to maketh change. tothe wer accent to make the changes. ‘Ads te correct answer eenroing in wing the named user account before dstabase administrate (DBA) secount provide accountability by noting the person making the change. 1b, The DRA sevnun terval wh mersecount The shared account makes i fit © etblh the diy ofthe apport user who performing he database up “The server ative accounts ae site and ay be we By lip suppor users, aiton, the server ely counts my not lave te abit to perfor database chung. 1b. ‘Thu ot nr se acount woud no ve list vik mae changes onthe ss, Ding an assessment cf sftwate development practices an 1S ator finds ht opensource software ‘Rapansns were ust an application desig! fo acm, What she GREATEST concer the autor ‘woul have aut the we of pen sours soivaré A. The client did pay foe the open sourvesfimae components The onpnizatonand cnt mst empl with open sure softwar sense terms, C._Open source sftate hs secuty valerie. Open soe soaae fumble or commer ws, ise correct ostiication:| are ajo benoit of esing opensource sofware it that ise. Te cle is pt equi to py for the ‘Cpureurcetttvate comnts; however both the devckping zanzation and he lie should Be Een aboutte hensing terms and sons of the open source salvar emmpenent tht we tring weed 18, There are many (pes of open source software licenses and each has differen terms and Comdtnns, Some opensource software Licensing allows seo the open source sft “mponen free) but reysies that the completed safovare predet must ae all the sme ‘ant, This haow ds vial Weensing sod Ifthe development ergalztin is mot caret, procs oul lla ining term 9y sling the produt for profi. The I autor shouldbe Thon! concerned with opensource vaftwae ceningcompllane o aod uintonded int foperty sk rll consequences. cc. Bynes like any sia cods, thud be este for security favs ad should be eek the normal ysiem development ile cycle (SDLC) proses Ts not mae oa concern han Teomsing eomplance , panics sofware Joc mt iterely lack quay Like any software code, t should be esta Reva ant sbol be pat ofthe noma SOLC press. This at mar of «cone han Tesmingcomplnee Gniciatndien euniicindaianl aanOMAN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE (MS0 An IS audio evening database contol discovered that hang oe dtahae daring normal working hours wer handled tough a tnd set of posed However, changes made afer nor hrs reed oly an abbreviated numer of tp: this sition, which ofthe following woul bs conser tonadequne et of compensating corrl |A. Allow changes o be made only wi the atahas isto (DBA) ws account Make changes ote databse afer grating access normal wer acount (C.__Use fe DIA wseracou make changes the charges reve the change oe he flowin dy 1B. Use he normal wer court to make changes, og the changes and review the chang lng the fellow day lanes tobe mado to databases er access the soso was obtained Arma wr acount should ot have aecss o dahe This wool peri ucontole changes toa of the datas, G_Theuse of DBA user account i normaly st upto lag all changes made and ie most ppropeate for changer mace outie of normal hours The we of slg, which records the ‘hanger, allows changes te be reviewed, Hecase an abbreviated mute of steps are wd, this ‘eprtent an adequate se of compensating contra. 1. User sould ot beable to make changes. Logeing souk! only prvi inforation on changes made tut would ot init charges wo only thse whe were aol ASI Which of te flowing tests perme by an IS aio woul be the MOST efesve ie determining omplane with change contol procedures nan egaization? Revi oftware migration reson nd verify appv 1. eny changes hat have eccured and veri apo Revi change control documentation and veri pra 1D. nurs dt oa apeopae saff can migrate chnges no rodeton estat [A Sotare migration recone may not vel changes st ckanges cull Bae bem ma that were aad in th migration eco 15 Then ei mh termine wat hanes han eh mae (hc and road dates) and then verity th ve been approved Chaes contol cords may ot vel cage Is. 'D._Enaring that only appropriate sta migrate change ino prdction s 8 Ky con pres at inst does nx very complance ‘18a Revi Govan, Answers & Explntons Maal 12° Eon 38DOMAM 4-.NFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE ak sepem mst Ms |When an organization's disaster recovery plan as a cipocl agreement, which of he lowing isk treatment approaches sbeing apie? A, Tense B sidzation CAvendance D. Acceptance ustification engi ners de trnsfrece ok to thi pay (ee, ne surance for ates that pose a fi. ach other nthe event of fn. Ths esually works well I ‘oth organizations have similar information prcesing ats, Because the Itende eet st reciprcal er recovery pla ts sk ligation steatgy- (¢.Rak mothaceis he decent cas apts cats tha erie ask Fo cumple 2 fern ay tasting cat i payments al he kof rst ca inimaton ds ie 1 ak areepaneetecurs wh a ngaivation decides ascept he rik a sand wo do thing stg or tans it [A peogrammes malicosly nied prodasion progam to chang dat and thon restored it bak he ‘inal ene Which the filowing woul MOST eietiely dtc the malicious activi? ‘A. Comparing some: cose 1B Reviewing system fg os Comparing jer cae DL Reviowing cxecvsbe and source coe intesity estat Jr Soure code comparisons at inefctve beau the xsi pops were estore ad he change gra acs exis. 18, Reviewing system les the ony tral that may provide information abot thew ‘tities nthe production bear. c. _Objeetcede comparisons atin sense the orginal programs were restora nd the changed program does no exis. 1 Revioingexceustic and sourcecode inet i a inte contol, because the touce cde was ‘Snel bk tothe vigil and will aoe withthe caret execute shoreed Saar ealinaaan Tana caeEEEmeeetemeaetantiliena _DOMAN 4—-NFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE ‘AGS4 An IS autor it evewing sn orarizalion's eovery from a distri which not all he etal data ‘nonded to rename Busines peratons were flied. Whih ofthe falling was incre defined A Theinterrption window Therese time jective .‘Theservice delivery omectne D, _Therecovery point obctve Dis carrct answer. usta ‘Ar The terion window sind he amon ding wich he nization sublet smn operations or doit ofr othe tine ut he ral sro eet 18, Therecovery tine ofective determined bass n the acetabledawnuame the ease of 8 c._Theserce delivery objective (S00) i dsl tld tothe busines nec. SO is the evel of server to be reached daring the alternate pets ma il the mma sition i este. 1D, Thorveavery point objetive (RPO) is determined bate on the accoplable data loss inthe isrupton of operations. RPO defines the pat in time From which messy > ecoer the data and quntiies, interna ine the persibe amount of or iterruption AUSS The PRIMARY benefit ofan IT manager mantra tical epacy iso A. ienify the ned for nw hardware and soe proce determine the tre capacity ned bane om we (C.__snme that the service eel termes re me sre that ston opente at optral cape. (Cine crrect sneer. Josten {A This oe benefit of moritring tecnica! cpscityecase team ep ase fei demands no just eat sytem irs However, the pay responsi ofthe IT manager i most the ‘rel roqemet to entice dat Tf mating the service evel expen of the sions 18 Detemining fre capacity sone define benefit of technical eaebty mentoring CCaptety monitoring bas mall objectives weve, the primary aj camplisnce wit the laternal service level agreement between the business ad TT. 1. FP management is interested in suring that stems are operating at pina epaciy bat thir peimiy ela orien meting the service level rqurment the bins ‘ISA Review Questions, Answers &Explaneians Manual 12° Eaton aeDOMAIN 4-.NFORMATION SYSTENVS OPERATIONS AND BUSINESS RESILIENCE es aust ‘An IS autor reviewing an ore ations sar ecoery pan soul MARILY verify that itis A. tested every sic ont regula reviewed and upd prone by the be exccve office 1 communica tevery deprtecat headin the ogaization, 184s he correct Justia sete lon must he aubjst 10 regula eng, bat he period ote esis wil depend on the mati ‘ihc ongniatn ih runt of change the onpitation an the ela importance oF IS. Tes tons even nly, ay be appeopeit nde ccumstinces i the rate of change of ystems ad persaael hers, a become out of date a cnger be offetiv cc. ‘Awugh he distr covey pla shoal sive the ppv of sor managment, esd a be te chi eceat cer ancterexciive oie egal) or ote appropiate. For aptly [Sood pin te exc espana frichlogy may have approved he pla, hough tans cna pln Hk bs cell tbat a anatase ‘Seoy pn willl beac docanea and el lant Sa commancation There ae several mais of providing elecarmnicaton contin. The shod of routing tafe hough spi-able or cpleate-able aes scale gh AA. atcnative routing Bre outing © lengaul ntwoak ders. DL lasnil crait proteton Bw cation “Atv ong 8 wehod of outing information va a ete medium suchas copper abe fier opts naan the wa of diferent net, cea a en points should he nora equ be aval routes raffle through spli-cable facies or duplicate-cable faites. This am with erat andlor dupate cable seats. different eae sheaths are ted, the eable may hein the sane conduit and, therefore, subject to the ume interruptions a fe cable is bahtag ap. The commenication service suerte ean dupieate the fais by having alternate reutesalhough the entrance to and from the customer premises may Ben the me condet The suveriber eux stain diverse rout and alternate routing trom the local Carrie, Including dual-entrance facilites. This type of acess sie consuming and cosy ¢.Tomhalweserk divers diver, ong dstance network sing dren’ packet switching ‘iret among th ma long isunce cao I evutes long-distance aces should any earier ‘xperice amet ale 1p. Laimie cuitpotation ia rind combination of acl crit Es (E-Is n Eure), Incromave ade coal able acs 0 he local commons lop This enables he ait to fave moos ara local suse communion dar Alert lcci rating so wo eee eees ‘DOMAN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE ASH Recovery ocedures fran infomation procesing iy are BEST bs on A. recoery tie bjotne BB. _tecomy pont objet. © mxinam tolerable outage Di information eecuy pais Austin: A The ecovery time objective (RTO). the amount of te allowed forthe recovery of barnes Iunton or resource after asaster occurs he RTO isthe desred recovery te frame based ‘on maxims tokerale outage (MTO) and aallable recovery alternatives. 15. Thevecovery point eject (PO) has the gress nunc onthe resvey rates for even oe dori ase on he seabed laws caso &srapon of aon. The KPO ‘flecively quan the permissible aout of da Joss nese of nterrption, 6, MTC the smount of tine allow fr the recovery of busines fneton or escuela dsr ‘ccc reprosnts the time by which he sevice mst be restrd befne te onpnizntion i faced srk he tet of ellapc. 1. Aa formation security poiey dos not arn ecovery posed Ad-59 An IS andr is performing an sin the data center when te fie alam bens sounding. The aut supe ‘nce diastr recovery so the stor observes the datacenter aff reson tothe sla, Which he Felowing the MOST ptt ston for he dat ener tal tocar th cena? A. Natity the lca fre department af the alr coon rept o activate the fe sipresion system (CEs all persons in the daa eee are raced Rete all backups en the data ona (Cite corer Jesticatin [A Lifesty sabes the st ry, iin the ie depart fe a ie py sesesur bee td cent sar re cigar ato eer he a ene 1. Firerppresron synems are designed oepate eternal, and stating he system when stall lust yet cyoiated oul erst confsin an ani, eadingf ini or even ft. Maal ‘gringo the yom could he necesary un catsin condos, ut only ll other ate ‘ene personnel re safely eve. G_Imanemergenc,tfety of ie is alvays the frst pole; therefore, the complete acetion ofthe fae taf would be the most portant activity, orderly Remo of actos rom the dt contr sot sh appre cin Bcnas could delay the vacation of peseael Mos companies woul have copies of backups nite Hore oma hei of at lone or this ype of deterMor [An Saar discovers atthe dsasor emery pa (DRE) fr acompany does incl pplicion ‘ised he chun Maruere epost fut he aver epee or dst ecvey (DR) ul Dela sting Wat the NENT eae of ata ete Iau prs? Pan an ait of the cloud vendor Review the vender contract to dteiae its DR capabilites. Review an inert stor’ oper ofthe cloud vende: Request copy ofthe DRP fom the cul vend: Bis te correct answer Iestfaton: are ing the cloud yendor woul be weil however this wold only be seu the vendor is eect rsed to pov dtr momar (DB) corse. 1h. DRscrices como be expected from the vendor when expliily Hated inthe content with snotderined resvery ne objectives and recvery pt abjectvs. Without the contract Tangvage, the sndor eno required o provide DI servis. (¢,_-Anandspndent stars report sich ax Satements on Sala or Axton Engagement 16,08 1D copabies canbe revi oats he vendors DR east, however, this ill ony be fu ifthe venor ws coetractaly required to prove DR series 1b, Reopyof DR paces can be aquest to rele eke adeqcy: homer this wil oly be we if the vor cata requve to provide DR servis. ‘An 1S susie is peroring review ofthe disaster recovery Hast wed by aan iasttation, Which ‘fhe flowing would be the GREATEST cone? |A. Sytem admins ue shared accounts which never expt he hot it {8k squce wiheton date ate mt hep cartes {C_Physcl ses onto the ha tt are es robust than the main site D._Servesat te site do wot hive the same pistons a at he ain site estieation serie i ot goo paste fr secur aminsraor 4 share arco that do aa expe, the rete rst ths sstario would Be rnin oto sk space 18 Nat knowing ow ant disk space fn se und, theretore, how anh i weeded atthe disaster Feeovery ste cond ereate major sues a the case ofa distr (C.Phytal sect cons re important and this would be a ence, but the more inprtant concern ‘ould be runny ot of Usk ope. The particular physical character ofthe aster rear sie ‘may cl fect ots that my appear o bes robust th the rin; however, ach 2 sk coul be cool nuh ply and prods or by ang aitonl personnel acted 1b. tongs the savers th tt at capable of inning the programs hat ae required is “Gust recover station, the reise capitis of he ever atthe ot st ot a maj isk ‘Scena to cue tha sofvar configuration ad cing atch the servers a the main it, but ow for never and more poser sven to exist athe main site fo every ay production tos servers ae es power a ce NYAbe Aes OMAN 4—:NFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE ‘When revicnng sym parametr, an IS ador's PRIMARY concen shall be tha: ‘A. hey se Seto ect ath security an perfomance reqiemets BB Ghamper ae reson nan adil and penal reviews ‘hangs ate theized and supp hy apport eames ‘sce 10 pramets inthe system ses, ‘Atw te correct answer. ustieatons [Ao The primary concern i te Gnd the balance between secarity snd performance. Recording ‘eanges in an ai all and periokeally reviewing them Is detective control; however, Irpatameters are not set according to bases ules, lectve cont CL Ifparimstere ae st incor the related documentation and he fc tha the ae ahoi dos to aise tho impact 1. Resrction of acceso parameters ens that ly athried staff cn acess he parm Tmever the paren are slice siting acces will fave aw adn pe An oie information processing fay with letra wring st condoning an Mooring, bu > Cennpter”communictnscgupncat, apts procesing aii Jon A cll ete ready te resive equipment but dacs nt offer any componente the site aadace ofthe need. 1 vcr st em fete Bckap atta is tly conigeed with network connections eles periph ejepment sich a dik al tape aise tl ental paces ite {oop a informatio peocessing fit. ©. Aalkap tei ted or ete aces, al no Fr oh information paces. 1D. A dupct inermaton peocessingfaiity i dedicated fly developed recovery ste that can Back ‘cri pplication Am optimized ssaster recovery plan fran ansnization shoud A. ted he lena ofthe recovery time an the eof every increase the length ofthe recovery tine a th et every. (© seduc th drain ofthe ecovery dime apd increase the cst of reeo.er. 1. otalet he recovery time theca of econ. fete correct answer este ‘A One sf th objectives ofa dsester recovery plan (DRP) ito reduce the duration and east of recovering from a dase 18 _A'DRP would incre the cost of operations Before and fir he dss cis. CARP sh ce the tine o retro cena operations . ADDRP shal tice the cot ht could rer om a deser “CsA Review Questions Answers &Explonations Manoa F™ Fan SEE eiiae‘DotA 4—NFORNATION SYSTERE OPERATIONS AND BUSINESS RESILIENCE (od tsa ees Ne ‘A ses recon lan an nein’ ran eye pis thal he eonery pit ajo a9 ‘Aciimeccony te objet fo 72 our Whi o he feng he MOST cxecve oon? ‘sit that cae operation night hous with asynchronous chp ofthe transaction lps Dinubuted date systems molipls locaton: updated asynchronousty ‘Shlomo ups ofthe dt eal stand ative systems 2 REE Synshronos emate copy ofthe dt na warm se at ean Be operational in 48 hours snep D nthe corset answer. Sotieaton: sae pat te would nee the recovery sine objective (RTO) bat wold incr higher ents han necessary. ‘B._Asynchomous upltes ofthe dab in distbuted latins do ot meet the every pint Senta te c.__Syhctmous utes ofthe date and sandy active systems in ot site meet the RPO nd RTO requis tae cost than a wa te soon 1b, _"Thesyachronow copy ofthe data slarageacleves the RP hore meets the required RTO. ds warm st operations in inca isitton tat proccss milion of tansetion each day has ental communcaons Frerotte) for onactng to sumatd teller racine, Which ofthe fowing won be the BEST evingansy plan the communiations pressor? |A. Respro aprcenent with anther organization 1B Alert proses i he sae location Alerts proc st another sete node _Dyplex commaniatin inks inthe orret answer Sanit J Revirocal agreements make a oration dependent on ermptin ad eulatry Ses 'a_Hming an aerate processor in th same location resales the equipment prot but would nat ke tffecsne ifthe fale as eused by cevonncnal cantons (power dso (¢Theunavatapy of the central com ‘banking nctwork This could be caused by ane Having a depiste procowor in another lation tha, the bat saation he exgnization ad ase pvay, oppress alae wee ite Tote communion likesoe OMAN 4-INFORMATION SYSTENS OPERATIONS AMD BUSINESS RESILENCE AM67 Which ote flowing roids the BEST evens of onsets Str cory apy eines? AL Alastor covery pln (DRP) 1B Castomerroferens fr the aerate sit provider C.Proceses fr iting the DRP 1D. Rote ofteseand execs usta ‘AL Having a plan isin but a plan arma be censiered effective unl has been este Custer erence ay id in choosing an lente site provide but wll ot rsa the tffeiveness ofthe pan, © Acdster cooery pl mus be ep pte date hough regular muintceance ad review schedule; 1. Only tet and exories dompasrat the adequacy ofthe plane and provide resonable seeranes ofan organization’ aster reovery capably readies. ‘M68 An IS autor finds hat datase administrators (DIAS have acento he log lctin on he daa Server andthe sity to pore logs re th pte, What she BEST att commendation tense thst [DRA etsy ffecely nto? ‘AL Change permission fo reve DBAS rm prgng es. 12 Forma dtabine logo centralize log server wich th DBAs do ot have acces C.Reuite dha cita changes othe dabase we Fomally approve 1, Bich ap dita ops ope Bis the cerestamewer usta [An Chatging the datas adinistater (DBA) peisions to prevent DBAS rm pursing fags may ot be fale and doe ot adeqaly prtet he malay ad integrity of the aaa lo “To grove the avalability and leit ofthe database logs, ost feasible to forward the database log centralized log verve which the DIAS donot have access C. _Regiing that cial changes tothe datsbace at formally approve does not adoquatly protect he srahbiy ar itr of he database aps 1 Backing up ithaca to pe des mot detly poet the ava an inst ofthe Catto oes “isk Revi Guestors,Arewor & Explanaone Manul 12° Elon eaOMAN 4-.NFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE sto \White performing rsiow of ils pty aplication an 1S wuitlor would be MOST concsened wit eovering ‘nadoquat procures far ensuring ae 4stem poi. ‘nua operanal documentation fr the stem. C.avinadeuate aerate sevice provider listing 1. amimidaquitesotware escrow resment 8 ‘de the correct answer. Justia at ocedes to enue hat spans ate develope soa they can he ported 0 he ptr platforms wir nelp cour at he yom antl one anetionimg without acting the asines process nnn eprom docurttion era but would be ss giant shan the ik of tality of e oftware (c.Willvalrate srvce pris ould be we is vendor goes ou of usin, ving asses the Shure vd via software escrow apres sore impor. 1b, Thc incision ofa clusef he agreement that requires software code to be place in excrow Ialp te ensure hat the cistmer ca coatine use the sfiware andor obtain fechaical, fupport ia veutor were to goeut of business. Which the foowig activi SHOU the sinesconinty tnager perform PIRST afer the ‘place of hari at he primary afoanatien processing ail? ‘AL Verity compli with the hot te Th Renew the inplmentton por Perma walktiugh of the aster ooovery plan Update the Tats ventony Dish corret answer. ustetion eeepc alain how hardware wth henry sth basins conti ger shoul platting fl sap tl ase inl the busines conn plan 1h. Thetalomonaton sport wile ff ale fo thesis emi) anager eee the enigma as oon led c, ‘Thelunktrouh ofthe plan soul nly be done afer th ase incor hs ben uptat D.__AnTasets inventory she basic kaput forthe Busines continatyldsaster recovery plan, and fhe plan mast fe epated to reflect changes in he IF infeastretare, SRese DOMAIN 4-INFORMATION SYSTENS OPERATIONS AND BUSINESS RESILIENCE A471 Which of te following would an IS ator consider tote the MOST inpertan i review when combing ster recovery aut? A. Ao sie contact for and avilable as needed 1B. Abssiness comity mana is valble and crn Isurnce coverage i adequate and emis ae cre 1. _Datubckape are performed inely and ore fle ‘inthe correct answer. Insti ‘AA site importint, bt is of n se if here are no dts baka fr 1B A business contin manuals advsable bt no ros porta a disaster recovery aud Cures coverage sa ela coer it snot ae pra sie dat cho > er comipomeas ote Fecvery eur are i ain Een he covery efforts of any type mould wot be praca Wihpat dat a process. AM-72 Which oF te folloing shoo the IS autor evcw io case ha serra optimally configured 0 spon prcssing rues? ‘A. encase 8 Serer lope Dowie reports DL Serer ule da ete correct anewer Assia [An Henchak tests ate designed w compare syste performance using tape itera; however, bencinark esting does ot pene the et dts oer the opt coin of seer 18 sete conti data showing activites perform onthe server but doesnot anti he ization dat ened mare the inal centiguation a eves c._Rakivoine rot ete th elapsed tne when» computer nat operating correctly boca of Iroc lure bt it antl eters epial sore contigs Monitoring server ution identifies underutilized servers and monitors overall sever tltion Underutired server da wot provide the bsiness with optimal cost efetseness. By Imontoring server wage, IT management cen take appropriate measures to aie the wliaton Fatioand provide the mo effectve return on investment “Tish Review Goostom, Anewere& Explanations Manual 12> Edtion 8onan s-ronin ssTae onenarons omnes ReUnCE @=s= aun \Whish ofthe ftlowing i contmity pn Ls ta sinaleswsystem crash and uses ata eure to ost efetvely bain idence aout he plan's elven? Papo test Ponte C._Propiredness test D. Walesoush se parr tes isa val-trough ofthe pla, nvlving major players, who atempt to determine what ‘Aga happen i a paricule ype of service ruption inte pln exc. A pope est wally recedes te popes pM onticat satay tes phase and is comprised of group of actives such as reuring all aoe te Bick proper pls, disconnecting eine, returning personnel and deleting al Cerny data fom dept yen eduess st a Toalzed version of fall test, whersi resources are expended inthe iam ofa sstem erah. This tet perfoemed reglary on diferent aspects ofthe plan ean bea cosflectve way to radally oblate evidence aout the plan's effectiveness. the provides a means to innprave the pan in increments to. Rtlvugh a tet sling a simulated str station that tt the preparedness and traerstancing of wanagemen nsf ahr than the acl SOU White dsigning the fans comtnty pln (HCP) fr an aitine reservation system, the MOST propriate method of ote transfechackup aan offi fcation woul be shadow fie proesing. ‘ecto wanting unis zor. tt provision usta sarin sadow ie processing, exact duplicate of the Hex are maintained at the sume sit or at emotive Thetwo filer we procersed concurrently. This es suchas tiie booking stems. 1h. Flori vaulog electronically transit da ether to det acess storage an optical is 07 ore trae med vs eth sod by banks, Tina sully eal ine as mh as Stato fil sys (¢. Hartisk mtronng provides lunacy incase the primary hard disk ails A ansectons and ‘pcations cco tvo Had sks in the sate serve, 1b. het ste san iterate tray to ake oer business operations within of Hours of any business Intron ands moet or backing up da aa ‘DOMAIN 4—INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE if i e [AGS Which off followings the BEST method fer determining the etcalty of ech application sys inthe roducton environment |A. tet the apicaton programmer 1B Perfrm » gap ara {C. Review the most eset application audits 1. rfc a busines pac ni, usta [A Teteiens with he application programmers wll rovie lintel infomation related othe citesity ofthe systems BA gipanaieisrelrant ister devclpment an poet management bit doesnot determine sppreaton eel (6. ‘The nits may nt cota she reed informa shoa spat cr done recent 1. ‘Abasnenfopact analysis (BA) wl give the ‘concucted ith representatives of the bunnies Syst and Hs importance othe busines. ty or may nec have Been riety ofa ct ofthe los of each applica ccuraty describe [A416 Code emoncusly excaedfrom a preston rete wassbequetiy moved in the proton ‘vironment, bypasing nomal unge procedures Which ofthe fllaningchuce is of MOST concern to the 1S autor performing a pot plementation review? A. The soe was mise ding th initia implementation 1 Thestiange i ot hive change management approval (CThe ator was dscovered dary th postinplementtion eve 1. Thevclmse fea eal the ne change order name. utenti: [A Altnush missing component of lets inlcatv of proces dicey, tis of mae concem ta hess change as promod int he potion ex omeatwiliout anagem pyr ‘Change management approval of changes itigats the rik of anauthorized changes Del, Introduced (othe production environment. Unauthorized changes might resell in dlarwpion of systems or fraud i therefore, imperative to ensre that ech ‘sppropriate change tmamgement approval (6. Mor tlee/change contol eros ate discovered daring potinplmsstatin view Wis of gsr ‘concn that th change a pomted witht managuient approval ae was discover 1D. Unig the same change oder manber i ata relevant concor,‘DOMAIN 4-NFORMATION SYSTEMS OPERATIONS AMO BUSINESS RESILIENCE aun Meme ‘A ot site should be emote as a reaver sategy when te: A. ister downtime oerance i fo BB reconry point ici is igh {€._reenery time bjtive shih maximum oleate dowatine is ong Ate corect answer. ustication: ee pinster downtime tolerance the time gap daring whlch the Busnes can accept non- ilaiity of faites. It thi time gap slow, recovery strategies tat can be implemented inhi a short period of ime, such ar a tsi shouldbe used. Manteca pee cba (DO) ee erin pian net hic pie neuer th Ait high RPC means tat the process oak! result in greater loses dat. [Ath covery tne objestive means har adenal ime would be valabie forthe rcovery sate hae aking ote ocoery aeratves—sch s arm or cold stes-viable alterna, Ifthe minum lable dati og, thon warn old it is mote costfetiv slain, Ini ofthe allowing satin si MOST appeeriat toinplament dining ashe every Sty? AA. Disner tolerances igh The roonery time objective i ih CThe recovery pot objective is ow 1 Theresoery pot bjetive i high, (Chee correct aner Jostineaion:| stds iri ise data rconerytestigus and distr tolerance dross th llowabe ine for an outage ofthe Bustos 1. The rcmery tims obi (RTD) ean indicator of he distr tolerance Daa micoving adresses hia lose, tthe TO. © _Therecovery pant abjetive (RPO) indicates the latest pat teat whieh itis possible over te data Thi determines how often the data mst he backed up to mine data as [fhe RPO stow, then the organization dos not wart else much data and must use a process cha data mitrorig to prevent data loss. 1 trike RPO sign, then es expensive backup step cat be wc: ata morn sould nat be Implemented aetna ecovery Sealey. maoe DOMAIN 4—INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE A€79 Wile of be following satchollsis the MOST inp in ems even sins comity pla? A. Process owners The dard of scons DFT management Aiethe correct anewe. ustfeatn: ‘AL Prowes owners are ete niente evita busines fanction, recovery mes and reanareer needed. 15. busines conty plan (HCP) concees withthe comity of sie press, while appeations mayor may not sport erica busines process, c.Mheboaror arctan migncapgrove he plan, el cy ne psy ot OI 8 he dts Edtoa Ea‘DOMAIN 4~INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE 3s" Ato aon [An 1S autor find ouroFange dts in some tables of database Which uf the allowing contls sould the 1S adr recommen 0 avoid this station? A. Lop all tae up transactions 13 implement beineancaer erage reporting Une acing and was. 1 implement intgaty constants in the database D iethe correct answer, Justia eereging all able upto transstions ia detestiv antl hat woul at help avoid maid dat ety, Implementing blor-and-aer mage reporting ea Stet contra that would ma bal api the (6. Traing and taggng ar et test pliatin systems ae con and could not present au of range dat Implementing etepity constrains ‘checked againet predefined the database a preventive contol bees data are es or rales, preventing any undetined data fom being entered ‘An 1S alte discover ha some wers have isle perc Software on thei PS. Ths ne exity foroen bythe seer poliy. OF te following, the BEST angrach fo an IS autor sto recommend that te |A. {T dearinen aplsment com mecharsms to proven! unatoriza softre instalation, BB Seeunty policy be updated to tclade te specific mnguae ending unaatonzl saftvae {C Trdsparment pb the dovalod of wutoned sofware 1. Users aban sol fom an 1S manager before tli nonstandard sofware. isthe corret answer Sstieation: pean 8 waiters ligation 9 rport on observations noted and mae he est recommendation, ‘ahh (sto aes he ston trough ply. The depart cant plement onl a he hsence ofthe atbrty provided tre plc. 1, Lackofspecifclangeage aldreningunauthoraed software the acceptable se pie it sneaknes in adrnistrative contol The policy shoul he reviewed and updated 1 address the [sae—and provide author forthe IT department to implement technic! coma (c._Prevatingdowmtats of unauthorized sofware snot the complete soitn, Unauthorized sofas fan Be ao notacel through empact ses (CDs) and unveil stl las (USB) des 1. Reyurng appa fom the IS manag betore instalation of he aes soar an ‘ception hang conta M would tbe eectve ules «provemve cont t prohibit ser inslation of umhorized softwar nese et a ese ay Se OMAR 4-IMFORMATION SYSTEMS OPERATIONS AND BUSINES RESIUENCE A492. The pups of code signing ito provide assent ‘A. the sftvare fa not een sbssquenty modi the application cam sly nrtce with another god application, theater of the aplication ited 1. thepte key af he ner a ot osm compromised Is the correct answer Justia 'Ar Cade signing eases thatthe executable code came from a reputable source and has not heen mode aftr being signed. 1B. Thesiging of coe wll cnsate tha wil intograte with aber apaons. . Codestgning wil provide asa othe source Bu wl notes hat he source is Wasted. The ,__Thecompromic ofthe sonders private ey would vs nat oe of nt aes note purpose of designing A493 An IS audioranalyzing the uit og ofa aba anagem yam (DBMS) finds hat some transaction: wore partly exes ra elt of ner ad have not bon rolled back, Which of te fellowing Fanci processing fests has bac vite? AL Consseney © Daraiiy b. Atay Diath correct ananer. esta [A Conssteny ensues thatthe databae ina proper sate when the ana in aden nd that he anathema ltd try rule. 1 _eolafon mens that, while nan intrmeite tats, the traction data ae invites ‘pendions This prevent tanstetons rm trpting to access the same dt at the sae ane CC. Darailiy guaran scm trasction wil eri wad cant heen 1, ‘Moms gearnntes that either the ene transaction processed OF none OCs [A494 Resonsbity an erorting ras co lays be eablished when anding automated yes esas: A. dveied contol makes rrp icevant 1 Saaltonlly changes jos ith preter easency (Conn ship iifiut oextblish where resources re shared 1D hangs fq nthe ep development of tcaeon. (Cathe correct answer: Justice: ee Omnipotent somone bas esponsibility forte secure and prope operation of yen end he protection of ate 1. Thernoveren’ fst sot a ers as couse the responsibilty shouldbe inked wo aj seston ot iid « in Beene of the complex fad appliatlon sytem and many stems suppert more than oe business department 1b. Dats may change ity but tht dos ot abso the emanation having a dela owne ‘IGA Review Questions, Answers & Explanations Mancl 12° Editon 3DOMAIN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESLIENCE Qa A498 Which of the fellowing stinger snes impact analysis rom a ick assessment? A. Aninventory ofsitica seis BB _Aidentfiatin of volaerbiies Cling of iret 1D. A determination of acceptable downtime isthe correct usta see meni oferta scsi comple nbth sk ssssmen anda asbess input ani (BI). ‘8 An slnteaion of vulacrtlie i levant n both rik sexe anda BIA © Aisting of thet rloaet bth ina risk assent ab a BIA, [A496 When viewings hirwaremintenance progam, at IS air should aces whether: 1A. the shoe of unplanned maintenance is matin Bitten line with stro ends CC. ithae been apieved bythe teeing commit. 1. the program alia agains vende spesition, cation: ‘Unplnned macnance cane be sched Hardware maitaace programs 9 nt neessarily need be in ie wit isterc wend Maintenance scolues normally ena pyevel bythe srng caries Although matntuance requirements vary bused on complexity and performance workloads, a mardwaretainienance schedule shouldbe validated ayalas the venor-providedspeifiatios. AGT An tS autor shoul commend the ue ofibvary ctl sofware provide reasonable sane a ‘A. pram changes have boon authored 1 nly thoroughly sted programs are oes C.tnolfed programs ae automaticaly moved to poduction source and esctble code integrity x mimtino! Tiber controlsftnare shouldbe aed ta separate tt rom production bare in mi ander chen over nvroneti The man oectveo Mary {Svuraace that program changes have been suber. 18, _Libmy contol software enernc wi enor pop charges an cannot dtrine wheter ‘rowan have sc orghy ee cc. Prorms sold nt be naed stomatal ino postion without rope siz. 1. Lim enol software patrons ertce tht th yours col and enrol cde we Imac at th tne a sore code mod to produto, Assen contol willemane he agi of {hess bls mos spor bot of von cetol ofr fo tl ae authorized. a — ————see ‘DOMAN 4 INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE ‘A498 Which of he following woul ep to esas the portability of an aplcaion connected oda? |A. Veriton of cisbse import and expen roca: 8 Unge of Sivctured Query Langwage Amis stored procedarestnpers 1D. Symeoniation the ersty-catton model with he database physical hema sustain [An Neniication of import and expr proces ith rst ensues tr nefcing wither satus but docs not cont ole pty ofan application comeing o datas “Thouse of Structured Query Langungefaciiaes portability Beene it san indastry standard sec by many stems C._Knayaing stored proceduvateiggue eons properaoreperormants bu deo ontebte othe Perabo an anpicaton concn a» dtu, 1b. Reveswing the design ery-elaton mods wll be help bt does ot canta to he pray of ananplcaion sommecting to a tba, ‘M499 uses nts are concered abou the pTarmance of Hey implemented system Which of he folowing should an 5 ation recommend? A. Devdopa hula ad moniter system usage Bete aenate processing poceinee CP the maintenance manta 1. Impkmentthe changes wes have stgaestd ‘Ais he corre answer. [An An IS nudlor should recommend the development ofa performance baseline and monitor the system's performance spat the baseline to develop empirical data upon which decsens for modying the str cam be made 1B, _Aterateprocosing pocodores will ot alr aye’ poformance and no changes shoe be ‘mad othe reported se sheen examined mare ory, {€.imintenance mam ill et aher a sytem’ performance or alte the wer concerns 1 Inpkimontig changes without ledge a hs exurt) forthe paced por performance ay reskin 3 mee ice sytem At100 “The PRIVARY cbjevine of soniceevel management i |A.defive, apes on record apd manage the equi levels service: 1B cour tha ervors are managed oliver the bight achievable level of wily. © spthecats sociated with ny service a mininor onto an eer any legal oncompianos to business mangpomen, 8, Stic nt neces ene tht cvices re dlvered athe highest achievable level of ‘pail (redundancy and shaving). ARBodgh maxinizing vali might be necessary for am ental sefvicsitcarnat be applied 2 general rule of thumb. cc. SEM cannot eure tha cone fr all srices wil be hep at ow or minmu level Bees costs ascii witha service wil dey eet he estore’ requ 1, Maritrig nd teporing lel noncompliance snot a pray cbjclve of SLM. “TA Revow Quetins, Answers& Explanations Memuel Editon SSSSCSCS~«‘DOMAN 4-INFORMATION SYSTEMS OPERATIONS ANO BUSINESS RESILIENCE easy tse Which fhe fllowingshould be a MAJOR conse Foran 1 autor reviewing busines contin a? A. The plant approed by techie information oes. BB The len contact it ave ot bea upd (CTestasulis are net adequately documented 1D. The taming shofule for rsevery personae is ot inlet estieaton: eee ely ta boar of directors should aproe the plano ensure ascii but tsps to {iscutc appeal auton othe shel trmaton ofcer Pragmatic of dcerenting est 1B, _‘The-cntct at san important pata hs bsies oni plan (HCP; owen, thay ae ot important as docuntng the es sus. (C.._Thwectvencs ofa BEP can best he deteronined through et, resis of test are ocamented, thn there no bass for feedback, updates, te 1 tft eu ar canon neo fr waning wl eee al he BCP wil be upite, “Which ofthe flowing processes wil he MOSFeffetive ln eduing the isk that unauthorized sofware on backup serve is dint othe production server? A. Manly copy hes to accomplish epeton Review changes nthe solvate version conta system. (Cure tat develpers donot have acs othe Backup eve 1 Review the acres conta log of te backup Serer. estan: arittec it elicaton is be condacted namly with us castor tl emai ik 0 copying tinted sare fom one server t aot rctc for sfivare changes te be racked and controlled asing version control Should review report logs fram hs system olde the sofware {ats promote to productin, Only moving the versans onthe Version contra stem program wil prevent the trunser of development or earier versions. cc. Tamohoied ede nas itotace oo the tuck server by develops, contols on the prion fervor the ft veaon con system shoal iat hs ik 1 Review ofthe ass lon wil Ment sta acew othe operations perfrmed however, may no ‘provide enough infront detect te release of era sonar 6 Se a eines anahas InManiaain Ea‘An ovation has een nse security yc, which erase the production server. To mince the probally of this wecring gain at 1S stor shou |A. py the ptch according the puch release me 1 enue tha » good change management feces isin place. © thonsghly tthe patch hfe sending to produton approve the ptch air ding ink asnesenet Bethe correct anawer, Justia: [An ThelS auc shouldnt apy he pte. Tha ian adminstator responsi An auditor mst review the change management procs icuding patch management procures, ery tat te proce as eee canta and make geo acide 1D. ThelS auditor snot anrized a approve ptch. That a responsibly of ssrng commas During nitonance ofa eatin datas, sev ves ofthe frig hey ns trmsstion table fave ten orp. The consequence tt AA. the dil of mold tansctins may no longer be associ with mater dl, cating eros when thee traction ae proce there im way of recomerecting the ot information, expt hy deleting the dnging topless reemering the wansactions the ataase il nmdistely sop exctin an los more information the itatase wil a longer acep input dt, ‘Aiste correc none. ‘AL Wun te external key ofa ransaton is eorrupeo as the application Incase of direct attaching the maser data othe transaction data Normal ths wil case he ‘atom to andertak sequential warch and lem down the proce, the concerned sae, {his dowdown ll be unacceptable This a violation referent Integy. 1B. A sytem ean ocver he corrapted eter hey by resnig the abe , ‘Thesoraptin frien hy mill ot tp progam exci, D.Thesoraption of og hey wil at llc dasha inet teen Wl normaly be ‘Tien Review Questions, Arawers 8 Explanations Morwal Edin SSS‘DOMAN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE soc |AG105 —Inaslatonaldatabus with ofrential nei, the use of whieh ofthe following Keys would prover ‘Gletion of ow fo 2 eustomer tbe a Inga he estore numberof tat rw i sed with Wve ‘rds om the des ble? AL Forign hey 1 Pamary key Sevan key Do Pubtoksy Ate corect anser. integrity, the use of foregn keys would preves fate sac prety ry changes and ert inn evan pant Pera the database 1, Would noe be possible te dle row rm atom ble whan the citer numb (pity ep) that ow sore with ve orders onthe onder bl (he Frign Key tothe cso able). A rary key wok no tbl ot not so provider leona ery by Hl cc, Slsondary keys that ae not eet kye are not wjet to referent imei ck A pblic ey lated encryption abd ot ibe i ay way rele intgy [A106 The PRIMARY objeaiveofetng «busines conta pla tu A. famiorizeempless with he busines contin pan Benne that al esl risk is less. Cetera pose usastr sera Hii Kintaton ofthe busines contin pln Dis te carrct ans ‘Ar Famili enployoos wit the busines comity plan it atcondary beni of tes 1B Itienot ont five wo ses ald rk in abuses contin pln C. tia nt pasts oat al pombe dater soni 1. Testing the Der nes entity plan provider the est evidence of any Initatens tha may 0 — FT Seease DOMAR 4~IMFORMATION SYSTEMS OPERATIONS AND BUSRESS RESILIENCE ‘A107 An IS.ultor examining the seat congurton of an peratng system sho view the: A. teaeaston logs BL suhuznton bles. C_parancter seins DL outing blo Justa: A. Tramaction logs ae use tack an analyze trasations elie to an applission ost invert, bu th snot de primary sore of adit evidence non epaing system se 1 Atization ables ate se over implementation of lg aces conta ad wl ot be of !nuc hlp hon resienns oml feats of a aerating syste ‘svironments ad are important Shou be corraption af the data being processed, Toggig of stem snags. 1. Rout tables dys conan infemation about the operating sytem an ihrefne, vide no infortion tid the evalation af contol Daring a acer uit a Saute observes tha some purtstes in th tape managsmont sytem ate Seto bypas or anor pe header records Which ofthe allowing ts the MOST effecive compensating ‘ceil for fis weakest? ‘Stagig s jobstup Superior ovew oles Regular backup of pes Ost orgs of tapes Josten A Mes: accep ata compensating contol No reading header records may otherwise res the wrong ape and deleting or acessing data 08 te loaded tae 1 Supershory review oops a detective contol that would no prevent lading ofthe wrong apes. C_Repute tae backup ot elated obypasng tape heer record. 1. ofie trge of aps would nt reve: badg the wrong ie boca of bypassing header reco ing {SA Review doesn, Anemer 8 Explanations Mana! 12° EtonDOMAIN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE [A109 Whieeviewing the I infiastrctre an IS adior notes hat stage resources are contintusly Being srlod. The 1 aor shoul: |A. osommend house of disk nieoig BB feviow te adequacy of ofite store C_fovow the capty management process 1b. fecommend theme of compression slgortm tte correct aver. stato: ‘AL Adk mirring soltion wos! increase storage requirements This woul nt be advisable wail a ‘oer capt managernent plan place, 1B, Ofte storage & uncut wo the robe ¢ ig and monitoring of compete resources ensue that svable lectin. Ths wile capac rom trata vewpolt sa slow a pla fo forecast and purchase ational equipment ia panned mane. 1. Though dt conpeston may save dik pace could affect :tm performance Thi is not the fire choice the air should recommend more imvestigaton nto the erased demand fer worage ‘fire providing any recommenda sation AMA10 Which ofthe flowing isthe GREATEST sik ofan onganizaton wing reciprocal rem For disaster recovery betwoen twos unis? A. The documents sntin lp defiiencie, FR oth nti ar wulceable othe same cia © thsystems are rt denial 1D One pry fas ore equ! dsupons han theater ‘A Inada arene between wo bine nits sik, bt geeraly» Keser ome than ihe isk that both onanzaton wil gulf diater tthe sae tine "The ase of reciprocal disaster recover s based onthe probability that both organizations wi not suffer 4 dastr atthe same tne. ©. While nempatbe IT sstoms coul rae peoblams iti alse gna rik than both rpnization fering rom the sre dtr at he sre te 1B. While one parymay as he other escuer mor equ, his can be ares by contact onions so a major ke m= “GAEA Review Questions, Anowore & Explanations Maneal 12° Ballonaun aun “ISA Review Qunstions Answers # Explanations Naat 12" Eden = DOMAN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILENCE In determining the acceptable tine prod er the esmgtion of xia business process “only downtime cunts nec to be considered fremveryepsatons should be analyzed both die cont and resmery coats ned to be Cake inet downtne cont should be ignore. C inthe corre ansiver. ustifiaton anntomnntne cst amet be Joked a in islton. The sucker information asl a he restored and ‘pues processing resumes the ser he davai cots, However, the expenditure needed 0 Fave th esate reed rapid ecover information rescrees might be proline far nemstetl busines process Reeve operations lone dont determine the acetal ine peti eth esumpton of rea Taine pecessen an indict dwtine evs sul be conser in aie to the dct cash, ‘Boch sbwniione cons and recovery sons ned to Be evaluated in determining the ncecpable period befor the resompton of cial business processes. The eutcome of the business impact al shou bea recovery strategy that represents the optimal balance. Thence costo serious derpton normal basins acti (fs af easton and “iplic goodwill and fs of kat has my actly be mote iin than et cov oer ing, hu eaching the pin where buses ait is eatee “To verify hh eorcet veson ofa data il was ws fora potion ap an 18 audio shoul eve: |A. oper problem rept. erate work sees © gstmtogs. 1 cep baton repos. ive correct answer oscation entOperater peblem sports are we hy operator tla caput epeation probs, Bh Opetter work =chalsr msintinl to sist inhuman resouree planning C._ Shute tgs are automated reports which identify most othe activites performed onthe ‘Snputer Pragrams tht analy the system Tog have ben developed 10 report om speiicaly ‘Serine toms The IS autor com them carry ou tests fo ene that the corect Mle version was 1b. Oputdinebution prt ey al apsication reports generated and hi sibsonDOMAIN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE (ask eta ALIS The BEST audit prosidure to deurmine if unauthorized changes have been made to proton code i examin the change contol syst econ and race them frwa to objet code les 1 eview acces cena permissions operating wii the proton program Herat. Skane objct ode to Find stances of changs and ee them ck to change conol recon 1. evs change approved designations eased win the agp contol sem ite correct ans Jestiicton: [hr Checking the chang col ston will dec changes that vere pot adalat he cl sen Reviewing woes contol permisons wil ot ety imuuthorizel charges mad previo. C.‘The procedares examining object code Mes (establish instances of ade changes and tracing Aas back to etange contrl sytem records rubstantve text that desly addresses theta, fof unauthorized code changes. 1 Reviewing chugs approved degrtions wil not det nutorced chang AIL Whon performing dasbarereviow, an IS ator motes tha some ables in he datas ae nat onmalzed. The IS aabter should nxt ‘A. recommend thatthe datas be norma Th feview the cone data model (C._eviw the soe proceds, 1. reie the jastifeaton tient: ‘An The Saar soul nt recommen nocmatizing the dase uniter evestition takes pls Th Revising the ence data movel wil ot provide information bout nxn or the stint for eee! of normalization c, Reviewing the sor procelure il at rovide information abou ormaizaton, D. Inthe normalized, the IS auditor sould review the jostfiaton Deca, I some ‘eatons, denormaliaton ecommened fr performance reasons |AMAIS Which ft following woul be MOST importa fran 1 autor to verify wis condtng business comity aut A. Data backsps are perrmed oa a nay hati A recovery econ Toran aie as need, {C.Manan sy procsies are m pace. 1. Insrance cover is adequate ar preiums ar curet. ihe correc suse Jusieat [Ar erfrning databackips i ecssry fora business catnity plan, bul the IS ati wil nays Be mont conned ith umn sy 1B, A recovery sin impornt fr bans contin, but fe sft is shay the it pro. C.‘The most impotent lerent in any business continuity proces the proteton of uma Ie, ‘This takes prerdence overall ether aspect ofthe plat D. Insane coverage is porta a ie ty m ‘ISA Review Gestion, Anowers & Explanations Maal 1 Elon‘DOMAIN 4—-NFORMATION €YSTEMS OPERATIONS AND BUSINESS -MAA16—_‘Theappleaion systems of an opnzaon xing open soc fears have wo sgh cpa desler ‘rodeos, Which the along woukbe the MOST sss way ef ping ep sores sta? ‘A. Revie he ptches ad apply them, 1. Revew th code sn npeton of sale pcs. C. Dewi irhoess patches DL _Heify and test title patches before spying them. Dis te correct snmer Justia ‘A. Rewiing the pts and sping thn wal esl esac i to eit the pth [BL Cos review could be pose, but ets ned 0 be prkemed before ping the patches © Besa the astm as dovelope ouside the oration, he dart yt have the neces sila rsnrcs to develop pachen, 1. Suitable patches from the exsing developers shouldbe ected and ested before api hen ‘AGI17 During eat ofa dba: ere which a the flwing would be ens the GREATEST ssp? ‘A. ‘The asso on the adinsator acount des no expire Def plot scot setigs fr he dace rma michanged © Obl daha not Been purged 1B. Daou activi aly lpg Iesticatin ‘A. Anonepiing password ca sk and an expose bt ma os cigars asa weak passwon othe enna ane of daa tings, ‘8 Defanlt security stings forthe database could allow isos such as blank user passnors oF passnords that mere the Seine at the wseromne © Fathre to purge ld dat may present a perfrmanoe ise Ba snot an imme sewn concn 1B. Logaing all datas setivity pte rik bt ota serous inka deta stings /AGLIN An IS aadior discovers tht developers have open acest the command ne of a proton vironment opening syste. Whi ofthe flowing controls would BEST mgt the eka undetected ‘nd arate program changes to the aici envionment” [AL Commands type the command fine are kage 1B Hadiheys ar eakulted pei for roams abd matched tint hash kes aku forthe ‘most ecct aulerizd versions of the pograns {C. ‘Accsst the opcrating ste command Hine feral hough an aces ett ol wih rreepooved right ,__Softtare development tools and ceiler have bon remove em he prekion ertonment Bie he comet answer eset: [An Having gi not conta viewing the og» conta |B. Thentatehing of hah key over tne would low detection of changes to Fis, © Becase the acess wae seady grat a the command ine eel wl bo possible forthe developers to bypass the contro 1. Removing the fol om the rodutoncmironment wil ot mtg he sk of uethoried ‘GIGA Review Questions Anamers & Explanations Mancal 12°Ediion SSCSsens ‘DoNAR 4 INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESLIENCE esha now application hasbeen phased rom a Yendr ans abeut to be implemented. Which the fatlowing choices fakey consideration when mpkmening the apiction? ‘A. Preventing the emprmis ofthe source cose daring tho implementation process 'REnouring that vendor def secouns ni passwords have Boe abled CR the ot epic ofthe program fram ero to avoid contsion 1. Nerying tht dhe yondor i mecting aupprt abd mainonance greens iste correct, Jestieaton othe source codemay ot even be sable to he parsing eganzation, an itis th executable or ject ede tutus be preted ding plemeatticn 1B, Disabling vender defalt accounts and password is crite! part of implementing nw apis (c._Becate thse now application, hee sok no ey problem ah older srsons im esro 1. Thwst pouetoensre tho the vendors mowing supp ae malatcnane equemerts url he ssstem operate The MAIN creron fr determining tbe every level oa serie diston nti AL cos ofrecer BL peptve public pinion, .geoeaphicleaton. D. dowatine uaiction: pT cout ecrey sould be minimal, ot th service donate could sve a major npc 1B. Noeaive pubic pion «symptom ofan nin acorn determining pat Bk a the ‘now inporant we C.Gngripic Inton does not determine the every of he nde 1. ‘Thelonger the period of time a len cot be serviced, the greater the severity dimpaet) st ue incident. Doing which ofthe lowing during peak production hors could es in unexpected downto? A. Pesforing da migzation ape backup 1B Reforming preventive maintenance on electra ystems (C_romotingapletions fom development the sing environs . Recofiguing astndy cour in he dia enor Bis the correct anoer usc pefermingdtamigrtion may pct performance but would nt cae dowtine Preventive mainemance ative shouldbe scheduled for non-penk times ofthe day, and preferably durnga maintenance window time period A mishap oF iacent caused hy fiaintenance worker could result in unplanned downtime C_Promotngaplestions flo seaping evronment aa producto) shoul nt aft syst peat ay sinificant mann. 1b Reconiguinge sandy our shoud ot cause unexpected downtime caus the router ak bperatinal ny probes boul ot affect nce lie ‘CISA Review Questions, Answers & planation Manoa 72° Eaton Tena eeDOMAIN 4~INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE ‘A4-122 During Funan rescues HR) su, a 1S audio i frm tha there era aroement hebacon the und HR departments so the level fT servis expt Insti wha shou te TS ater do FIRST? ‘A. Postgone the aut vate agement is docu 1B Reporte existence of the undocumented aprecment to cher management C.Confim the centen ofthe agroement wih th darn, 1 Dyat a sevice level agrcment frie two depart Chane erret amen ‘A. Theis no reason to posipone an ait hecnae a srvice agreements no dcumentd anes tha all being ected, The apeement canbe decumented afer it haben ets that thers fn agreement in ae 18. Reporting wo seror management is not necessary a his tgs oe ai because this i not serio © An IS auditor should rst confirm aud understand the cerrent practice before making any recommendations Part of ths will be to ensure tha both partes agree mith the term of the areement Langa serve level agromen i nt th 1S autor’ responsibil AM23 A datos aministaor has detocted performance problem wih some ables, which ull be salvo ‘vous denoenaltaton. Tht station wll tease he a of [AL concen acces, C._trautize oozes 0 di, DLs tomot di ineasin, Dn the correct answer, ‘A. Denoliation wil have no effet on cncarent aces to dl in datas concurrent acess recled hroveh lokig 3B. Dealbeks area emt of lcking of recon Thi more to normalization (C._Aces to dat is corolled by dining wer nights information and emt alse by ‘enor alization 1D. Normalization isthe removal of redundant data clement from the database structure. Disabling rmlzation i eatonal dalaate wil event redundancy aid sof ‘onsen of data withthe comeyuent lw of dat intr. ‘GgA Review Questions Anawers & Explanations Manual (2°EationSSSSS*~«SDOMAIN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE onus avis Which te following process shuld an 1 aio ecammend oasis in the recording of alin or sofware releases! A. Change management BBackep and every C.Incdent managenent Configuration management D ithe correct ansnee sustieaton: [As Change masagencot i important o contol changes ot configuration, bu the basen isl fers toad or fiation 1 Backup an seve ofthe cntigaton ae yoru, but ot acl ree th bast, (Cnet manager wll determin howto pond oan adverse chen at 0 elated to roconing 1D. Theconfigerati management proces may include automated tol that will provide a tomate recording of sotvare release baselines. Should the new rlese fai the baci will, provides point which to rete, ‘An IS aio notes that pteo or the opting system sel by an eanizatin re deployed by he FT . Thersyoies fey psoralen or dg of he propre cwony lng dng ep eveyone. “GA Review Quaton, Answers © xplonations Manual 1 Ediien SSCS‘DOMAIN 4-INFORNATION SYSTENS OPERATIONS AND BUSINESS RESILIENCE epee [A129 Daring evow of snes contnity plan a 1S autor notice ht the point at which sivation i ‘Salar tobe wisi ns nat been define, The MAJOR eck associ wide at |A, sae ofthe station may be delayed Beaton ofthe Fanstor recovery pla could be nga C._potfication of tears might nt occu 1. pon ers cognition might he delayed ie the correct answer Insieation: ‘sr Problem and severity assessment woul provide infomation necessary in declaring a str, but the lack of ers elation pint wold not delay the sessment. 18, Execution of he Busnes continuity and disister recovery plans would be fnpacted ithe organization dvs not Know When fo declare a ers. (&_anora penta ecopzc, een rapier ss unagemen need De nei Delaying the dedration ofa dist woul impact or neg th let of having sponse cas, bat {his only one at ofthe er pac. 1. tential cri rcopsition isthe hs sep in ecounzing responding to « saster aad would cece ror tothe delat of a ster [AMA0 An onginizaton hs jt completed its emu eik sessment Regain the basins eatin pla, what ‘Should an (8 seer nsonmend the nex sep frtheorpaniatin? |A. Review and ene the buss comtnity plan for adequacy 1D) Pesto afl snlation ofthe business continty plan C.Trinand elustemplayees earn the hanes comet plan 1D, Notify rte cent he sis cmt pn ication: The business contnulty plan shouldbe reviewed every tne rsh assesment i complete for the organ. _Peifnmingastalton shold be completed ar he busines contin plan has bee deemed alsa for herniation (C.Tranng ofthe empleyocs should be performed after th busines contin plan has been demod ieee forthe ongniaton 1b, Thain no rome ona the business conta plan contacts this ime wa {BSA Reve Quan, Answers &Epleatins Mia lenParad DOMAIN 4~INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILENCE Which ofthe folowing database conto would ensice that their anasto ire nan online Wasco prcesing sysens dats? AL Ahentication conto 1B Dat normalization conta C_Resd write acces og cntals 1. Commitment and lack controls De the correct snwwer. Justitia: A. Auhentcationconts would ens that ely suthoried perenne can make changes but would ot esate the inte ofthe changes, 8. Dati normalization snot wot poet the inept of online tansctions © Lgpcontols area detective comet but wl not ens the neg of the dat in the dbase, 1. Commitment and rollack controls are deel eevant to Integy. Those corals ene ‘ha datas operate tt frm pa tranation fe for ome reason, 2 tansaction Updatetdleter ae rol database recurs tet pretranston sat). ‘MLI32__AnIS audios finds tht he data warehouse ucry pesormance dea sigan at ectin ine of the day. Which othe folowing cote wuld he MOST elvan forthe 18 ator o tv? A. emanent tablespace alstion Commitment nolo cnt (C.User spat and dataset ent DL Reade acess ng cons ‘Cs the correct ans, Tabl-spce allocation will ot aet performance dierent times othe dy 1. Commimen and lack wil nly apply 10 ers fares aa wll mt fect perormance a ddifzet tines of hed. User spoot mis restrict dhe space avaiable for running {ormed queries from consuming excessive system resources a eres. This prevent poorly Dulding evecively large table. whe ite ace to hlp Detfarmance by maintaining a butler between the atoal dats volun sored andthe physical, device capacity. Additionally it prevents users fom consuming excessive resources na hee lable bulls (s opposed tosh stat often cancun overnight ad are ‘optinized for performance purposes. In dats warehouse, becuse You are not running ating ‘ramactions, comaiment and rlback dacs nt have an impact on performance. 1. Rear cco lg conte ll ok aot perirmance a ete tines he day “ISA Review Questions, Anewers&Explanstians Manas! 1 Eonte at ate sand me @=x seins Ina small organization, developers may release emergency changes ditt to production. Which ofthe flowing wll BEST sontel the tik a his situation? |A. Approve ar document he change the nxt sins iy RL Limi developerarcen to proton to spi te Fame © Obtain second approval before resign prdcton, 1D. sable the comer option i the rodicton Michie tse correct: estiication: [A tay be appropriate to allow program ‘documented and approved afer the fact. 1, Resting reese tne rae may help somewhat; bonever, it woul ot ppl © emery canes and cannot revert unauterized lease ofthe progr. 1 Disaing he camper pon nthe production machine it rlvam i am cmesncy suse, to make emergeney changes a longa ey are (the flowing eratives the ‘ssc wether ST apposch to developing isater rosary sagy would eo [AL allthvots canbe completely rmved. Ba cosletve balm rsfence can be ipl CC. therwsoery time objstive canbe opined D. th os of roceey ean Be minimized, Bis the correct anawoe Juste Jo ese impossibew remove ll exiting and fae treats eis erica to italy Ment Infomation assets that can be made more resent a dastore (eas diverse rating, a problem always beter than la Cc. Theeptinizaton ofthe recovery tne objective ces later nthe development of the sate 1, fins mnie cot of every come Irn the develope! ofthe ser ney sy ‘ISA Review Questions, newer & Explanations Manual 12° Eaton Tica ation ane Ass ‘ISA Revien Gosclne Anewers# Explanations Mana! 1 Elion Somer DOMAIN 4~REORIAATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE ‘Am 1S stor determin that the FT manage eel changed the onder hate responsible or Pesforming nsinenance o etic compater spems to et costs While the ew vena lest expose, the now mienanceconiract specie cng nice resoation ine specie by the egal vera Which of ie following shuld be the GREATEST concer oe I ao? ‘A. Disaster ecovery plans my be vail nd esd Be revise 1B Transactional bine data may e lst in he eer of syste fale {C._The yew maintenance vendo nt amikar with he oganzation poles, 1D. Appction mer wre nome of the change D tte correct anever. stent: ‘A. Distr recovery plas (DPS) must spr! the ned ofthe busines, bt the grater ike at anylaion owner are not aeare ofthe change i resoation ine ‘8 Trasesonl busines ata fos is eerie by data Back reson a comequely the The er ust abide by the terms ofthe catast nd thes shoul ince compance with the privy policies of th ogrizaton, bt th ck aplication ower nl vement the mont Important concer The greatest risk of making change othe multenance of rita ystems stat the change ‘ould have am adverse lp om a ericl business proces. While there 1 Tes expensive maintenance vendor, the reilain the basinese Inthe even of data center disaster, which ofthe fllowing wold be the MOST appropriate strategy smb conplte covery of ai dita? AA. Daly dia backup to tape an trae at a ete site B.Rea-ime plication oa rem ste (©. Hard Sok moving ts loa sever .Reahine dats backup to the lol storage are network estifcatio: [Ar Day tpe taskap recovery could est ina tos a day’ wrk of dt, 1B. With eeattime repieton to remotes, data are update simaltancowsly in wo separate Iecativs; therefore, diaster in ane site would ot damage the Information lecated i ‘remot, Thi assumes hat hot ie were no affected y Te tsk mirroring tlc server thes place inthe sme dita center and could possibly Be sffetedy the same disaster. 1. Realime date backup fo th loc torage te stork takes plac nthe sae dt ene an could owsty be afetd bythe sme dase. ‘SkceAr as aevous +n SETS OPRATONS HO BLENES ERLE @e= aus Ifthe recovery time anjetve increases A. the ditertlemce increases BB the cot of ecorery nerees. Cdold secant be nse D, the data Backup fremeney ines Ate the correct ansver ication: "Yn anger the -ccovery ne objvtive (RTO the higher dase tlerance. The dinate aerance camo af tne the business can afford tobe dered before resuming ert operations 18 Thelonger the XO, the lover th reonery os CTeamer tenet hata cold site eiapropite; with longer RTO the we ofa co site may become feasible Riots meets othe gions of data backups that isla orcoery pom! oyetne ‘ust chung in I the disaster esoery plan of large organization fas ben hanged. What the PRIMARY risks now plan sot est? [AL Catairophie service intrusion 1 Hligh sorsumgion af esurces C._Tatal ost oft reovery may nt be mini DL Lassa recor eas mi face severe dices whan eivaing the plan ‘tat coreect ansver ustiet sania new dave recovery plan (DRE) st tested the possibility of catastrophic service \crrupion tat the organization canna recover rom ithe mot erica fa sk. 1y. ADRP hatha not boo est ay fad to a bigher consumption of roars than expected but at ‘eo the mostra ik c._‘Rnanested DRP maybe tis sl ea to exten costs, bat the most serosa he Fare feria services. 1. estes cs ad econ ets tht hey cn efetvely egeu the DRE, br he mest tcl ike re of core bsines Services ‘GRA Review Guess Answers & apna Manual 1 Eatones Se rst iver es orecrinne We oomere a sae ate ‘ISA Revi Goesions Answers & Explanations Manel 12° Eien ‘Seok ates ne ‘When deep dsr reson pln te eri fir dering the acceptable downtime od be the A. anal oss expect, Bo servze deters objective, C.quaiy of erphon da 1D, uxinun lesb oatags, Die the correct anwer, ostinato: ‘A. The seeptble downtime would mot be determined By the seul loss apstany (ALE, ALE relat sk management akalaions a dmaster covery. 1B. Theservce delivery objetiveielvan to mine contin, but itis na een by scceeable dovatine, i (C. The quamity of orphan dais elevant to basins comin, bat snot determined by sccefable downtime. re aeerminca nase om the septa wate in cae ofa disruption es the maximum olrable outage tat an orzaniaton conser oe sme foewing disaster Daring the review ofan enterprise's preventive maintenance proces fe yes in cen the 1S auditor has determine that adequate maintorance is being eter nal cal computing, power and ooingsyseme: Aion ite MOST important forthe Sauder oes hl he ergata A. as peformed background checks onal sie personne 1 sears service personnel at al ties when performing thei Work (C_perfoms maintenance rine noncrisl pcesing ies independ vers that mattenance bene perf, (Cte correct stoner. unica: ‘Ar Wii the uustwothiaess of he service pannel importan itis orm practise fr these invita tobe escorted and servis by the data eter sonnel al cxpete hl he servi provider would perfor this backround heck, a the atom: , _Encoringservss personel common and good pace, ut the preter Hiskin tis ase would be ‘wore were performed daring ete proosing is (C _Thetizget rato normal operations ate center would be if an incident or mishap were te happen during ciel peak processing tines; therefore, would he prudent Cease that no {ype e system maintenance be performed 2 these eral times. 1D, these that he sersice rover sperm ise matic thf his te med totes however, the br ke mtn ng peri at tea proces es.‘DOMAIN 4-NFORNATION 5YSTEUS OPERATIONS AND BUSNESS RESILIENCE sone ‘Which ofthe following bachup techniques she MOST appropiate how an organization requis tua 7 Seely prnulr dt etre pointe Seti i the every pin objective? 1A. Virwal ape ibarise BL Dhabas napots Cominaous dats backup D. Disetoape backup (Cite correct ansver. station: Jeeta ape varies woul eqie ine w complete dhe hukup, while continuous data askop happens oni el ie) 1 Diakhosd sss woul esi et compte the bckyp and woud Jose sme data betwen ‘fetes fhe Backup andthe faire while continous dats Bac happens einen rea ime). (¢._Hecovery pont bjective (RPO) i haved onthe acceptable data os nthe ease of disruption Imp seenarhy th orgaaion neede «short RPO and continuous data backup ithe best opto 1p. _Diskeo-ape bckup woul equi tine to complete the backup, while continuous data back apres onsale). G12 A loworsacovery time objective esti: A. higher disaster lene: Bish eon Cider itrreption windows 1B permiive data oss estiiation [A Dimtr tolerance alates the ang of ine that rial sins proces can be ntrapted A tigher enter rnc allows fora longer outage ad therefore leger covery time 1 Recovery tne jective (RTO) fe based onthe acceptable dwa ime In cae ofa disruption of ‘perations. Th lower the RTO, the higher the cox of recovery satis. ©The ower the der ooance, the rarower he nerrypton winons.Thentrption window i the lng ofthc outage of eral processes. 1. rmisive datas relies wo reevey pit abectv, not dat leraec a ‘ISA view Questions, Answers Explanations Manoa 72° aon "Sten i aneAet ‘DOMAIN 4~INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE. During an implemcnition review of recent spin deployment it was determined ha sever Ickes were sine inartect pints ane case oh, fo meet the sins erie fev sgreement(SLA), What tle GREATEST cence ‘A. ‘hesuppoe mode! was a prove by senior managment, 1. Theincidemt resolution tine peifi inthe SUA fs pot esti Thaw are inadequate escurcesto sapper he appicains B.Thesuppor model was nt property deep and implemented usta: ‘A. Whie senior management involvement i important the more eral isu is whether the sport mods wasnt propery developed and plemented. | Whi theincidee suo time spss sac el agree maya bay eatin, he maectical ise wheter te ppt made wast propery develope an implemented ‘6 _Whibquste suppor: esourees are importa, the mor nial tse whee te sapprt model tas ol properly developed and plemented. ‘The greatest concern forthe I afr Is tha he sepport mode was wot developed and Implemented correty to prevent or reat to potent outages. cents could cst the buiness| !sipiican amount of money and x support model shoul be implemented vith he prac, ‘Thisshowld bea sep within the system development life yee and procedures and, Hiei mised on one projet, may he symptom ofan overall breakdown in proces A144 What isthe BEST backup step fr lags database with ata supporting oie sls? ‘A. Weel fl back with dyin Bally ul ack © Chaser servers Mina and sks ‘NW fil backap ar ily neem taku is por hack satey ir ofne ransctions Beare this stem suport online mest canbe lft to ret lest Jt an th ston may resltin aoe of up to oe ays worth oda 1. fal hockup normaly requtes couple of hors, and here, can be impractical conduc fal cp every dy. C._Clastea servers provide a redundant poconing capability bt stem back, 1D. Mirrored hard dish will ensure that all data ate backed p to more than one dsk otha fae of ome disk wil ot rv in Tost of data ‘GA Revi Gosslne Anewars# Explanations Monal 1° Elon ae (Sache es aeDOMAIN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE essa Abas ‘an 1S aio notes dhring am uit hat an oranizatin's ines continuity len (BCP) doesnot ‘Slum adress iarmation confidentiality ring thereover proce The ado shold toscana tht de pan be modified to include |A.- the lvl ofnfrmation security requized when bsioss recovery poceduos ar aed 1 information eset ros aed responce nthe ess management srt CC. faformation scent resource rearemonts 1D. change managenet occlu fr nenuton uri ht bald af busines cbatiuity arama Ae the corect anser. special rues for access 1 confldental data during sess need to be Meni. Tung aime orcs uh Secury nets he nin ny eres este man as ‘ons sich as separation fds ane ising, Having ecu ales othe eins management plan ts imports, bu tat snot he best answer this scenario. C.tentyng the source reaiement for infrmation secant, x pt ofthe busines contnty plan {GCs mporan, tut more print et othe sci Teves dat woud be eure fr rotetd infomation Changs managenent predates cas help Keep BCP pf date but arena elvan to this eer, using dtr recoery tet an 1 aor observes that the perfomance ofthe distr ecvery it's servers slow. To fin he oot couse this the Sour sould FIRST review th vc cr lg ened a the dtr recovery site ‘hast resort plan ‘hater recor plan ‘onfiguaions an alignment ofthe priya destor ecvery tes isthe correct answer usin [Anite ue capo be arith 1S ator shoul the eiew the eve rl 1B Thess ccnery test pla would pot Mealy any issue relat system performance ules the tent wos poory lest and nici, bt hit wuld come afer checking te configuration C_Revowing th castor covery plan weal be uniely to provide my information about system Perfrince ses 1b, Because the eovfguration of the system i the most probable caus, that 418 auditor should review ‘CISA ReviewQuesins, Answers & aplanallons Manuel 12° Eon TCADA Mtge hoe@3 = [DONA 4—INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE Meu Which ofthe following the GRE TEST isk when soage growth in sit file servers not managed opel ‘A. Bacayp time woud seul eres 1B. Boceup operational cots woul senfcamly nee C_Stmge operat costs woul signal increase DL Serer ecovery werk my not meet the eee ie obscs, Dish correct ame. usta ‘AC Baceyp ime may increase, ut tha can be managed The most npn ise the ime taken | recover he dat Theta cost iss are not a sigifieat a at mestng the rsory tne abjotv RTO), ©. Thestorge cost eee ae mi x sipican at nt meting the RTO. Incase ofa crash, recovering serer with am extensive amount of data could reqlee@ ‘pcan amount oF we H the Feovery cant men he RTO, there wil bea dscrpancy in rstratepes ts important ensure that server restoration can mec the RYO. ‘An ongnization has basins pees with every ie objective el oe and eesovery point objective done ens minute, Thin pics hu dhe yes can oleate ‘cht oso upto ne mint, bt he processing nt be continous. ‘oreminute processing iertapion bt cama leat any dt as, ‘processing ntrrupion af ane mma c mor toh daa toss anes processing intraption longer tan one mint [AL Recwvery time objective (RYO) measuees a organizations tolerance fr downtine objective (PO) measures how much dats lose canbe accepted BA pmcessingimterapion of ne mite woul excel the er RIC st hy the ganization, ‘C.__-A cessing inrraon of ne mine or more would exces the continnous aaa reqarement of an RTO o eo. D._AWEPO of one mite woul only allow das ass oo ‘isa Revlon Qvation,Anaware &Enplonalions Manl 12° Elon eo Steen tee‘DOM 4—INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE some A149 Which ofthe fllowng issues shoul be the GREATEST concer othe 18 waltor when reviewing an IT Asai covey te [AL Duc tothe lied tt me window, oly the moet sent sya wor test. The otras ‘werent sparataly daring th st ofthe you 1h, Daring the tr ome ofthe backup sytoms were defitve or ot working casing the et of these syrtoms to al (¢, The prosediesto shat down and secre he ginal rdton site foe stating the backup site ‘qual fr me time than planed. , Every year, the same empleo perm the text, The rsoery pln dacumens arena we Baca vey sep wal Lown by al orticpans, Bis the correct answer ustiicaion itis sot a cosem Beate over te couse OF the ea Te aN Were 1. The purpose ote test is totes the backup pln, When the backup systems are not working then the plan cannot be counted on na eal laser. This the most serious problem ¢,Ineal dss there is ned Tora clea shutdown ofthe original prac ron ‘cae the spiny isto ring the ackup ste up. 1. Ader rea test should est the plan, process, people ad sens, Thee plan took ts acc sa aga cnt Ye vr. Disney shal a eyo bys reise "str an or when thy ae nota Howovr theft ht eet wk ke eon hn the ilo of the syans anise ht th ecvery pan count n. Ged practice Wet te ‘iat peopl toph hs essnd nsir tha the plan el llowed una |AGIS0 The fps uplting wich of te flowing kayo the oni eens of dtr esvery lan? A. Contac infomition okey personel B. Server twenty documentation CC Indviual lesundveponibiis 1 Procedes Tor celang a csster Ate te correct answer [Ar nthe event of disaster, tis important te have a current updated Ii of personel whoa {0 the operation ofthe pla 'B, _Aaast inventory mptan and shouldbe ink tothe change management proceso he ‘xgnization bathing asst key people may compensa for utd reser C.Infvidual oles nd responsible te portant but na aster many people cul il ifecet roles depending on heir experience. 1D. Theprocalures tur declaring dase are inportant case this can affect response, tome Perception and gino isms, ut no as mportan shaving he right people here when ned 200 ‘ISA view Questions, Anewers & Explanations Manual 72° aon(easy msc OMAR 4—INFORMATION SYSTEAS OPERATIONS AND BUSINESS RESILIENCE Atisi {18a Revi Gowstns, Anewer Eplanatons Marval 12° Eon ‘Ave test ofa mutual agreement fo ster recovery es ben car at, niin our test Iensive wags by the basins us The est has Ben Successful, but ies only part astarnce tht the |A. sytem andthe I operations ea can atsin operations in the emergency environ, 1B. excatcs andthe eminent cou usin he tanecton C._connevity to th aplication at the ema te meets respons tine queens. 1, work of actual Busnes operons can us th gency sytem incase ofa Se, have been operated intently, but the capability of the syst andthe FT cperstione team to sestin nd support this ensiconment (anilaryaperaion, atch eosin, rrr eorretions output asta 1B, case htt vole ntensve us the Bokyp wud cen to bese ane the econ (C._Bezase wets were ale eomect and use teste ess ne mt hans eet 1b. Theives ye amine aca tthe workon stems mowed come hanes 1 the ervionment eld pose arbi thefts, but ke working corey no Which oft fallow ing is the MOSI important consideration when defining eer pi bjs? A. Minirom opsning eqiements 5B Accpable datas CMeantime beter files DL Accopale time for reovery is the correct answer, etn: |A. Mininom operating requirements lp din eenar sis. 1B. Recorery po objectives are the level of dat osreworking am ngaszation ewig 0 ace. C__Meantimebetseen ites hee deine likehood of syste Ee, 1. Recoery ume jets ae the acceptable tine dln avalsblty of busines operationsDOMAIN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE soso To aes an ganizations disaster covery requitements,backap intra should not exceed the A. service level objtv B,_recinery tine abet C.__tecovery point objective DL maximum accopable outage ithe correct anew. Justification ee Oeanication wl yt st servis lve ebjestive to mest ctablichal axis targets, The rein time ortho serve level apreerent elas ocr of evo, trey of da 1. Recovery ime jective (TD) defines the tne peed ae he disaster which nema busines Functionality oa toe restore ‘©. Recovery point objective defines the pat in time to which dats must be restored after 3 isnter te resme processing transactions ackspe shouldbe pertormia a ay Ma 1 latest backup iso older than this makimum tne frame. If the backups are nt done frequently ‘enouph hen fo» many data are Hel 0 be st. 1b. Maximam aecosabe outage (MAO) ithe maximum amu of system downs tha i tolerable wean be sed ar synons for maximum ikl pid of disruption of maxima allowable thoatime Howes, he RTO denote an costings, wile the MAO costs vital weeny Foran ganization’ survival “The FIRST scp inte excation of problem munagemn! mechanism shoal be A. ise analyia exponen, ception porte tthe correct answer desta spe Anabsis and reshtion are perormed afer logging and rags hive boon permed 1h Faceptn kr can only be prfomed auc he exceptions have Been cpr {C.The reporting f operational sues Is norally he fis step in tacking problems. DL Rout eaume amiss peroemel ence th excesons hae been ieifed and not normaly he Fis prt of pot anagem AGASS Which ofthe loin; would BEST support 247 ability? A. Diy bake B Oftsestorte ©. Mirorne D. Resisting (Ch me correct anaver usc saenpaly backup impli tat tis sonable fr estruton to tke place within umber of hours ot medial B, Ofte sorage docs not, self support continous eal. (CL Mirroring of etal clement tol that facies mmeit (aor) recoverability. 1D Poot testing a systems dosent, tl, upper continous ili, 7 (CISA Review Questions, Answers & Explanations Manual 12° Edn Teton ag ener@s= coc enone eeencnMens asa |AIS6 ‘The PRIMARY puspot of implementing Redundant Array of Inexpensive Disks (RAID) kvl Tina file ‘AL sciove performance imprevenn ‘RL _ prvidenser suthentcaton C._Syse wai of dat, 1. ei he contin of ‘Cis the core answer Jesineation J RedndanAray of expensive Disks (RAID) level des aot improve prforranc.H write the dt temo separate disk ives RAID evel hav no clovanoe to auheticstion. C._RAIDlevel | provides ds mirroring, Dra weiten to ane disk are also writen o another dish Users nthe network aces d iat dk; disk one fai, the second ask takes oer. 1b. RAID vel dacs nothing fo roid fo data confident [AIST Which ofthe following i the MOST ingortan ron when selecting oato fra ft storage Fait for back es? The oft faity ast be: [A pfysily separate en the da centr aed wt sbjet othe same sk BB pene same lee of protection as that of he eomputr data cone. Cutout oa rib ied prt Deine with surveace capes Ate coreet answer. estan: Ais impertant that there fam offsite storage location for 18 es und that i a acon not subj to the same rsh st the primary d 1a, Thott location may be sar with fer companies an therefore have an even higher evel of proton dha he primary data center cei leston aye vn ya hid party ry the onpnization ise 1. Phyl protection sport bi ot ror nt bloga bythe sue rss MASS fa dauhase etre wing btaresmage dg, wheres th process gin fog an intraton? A. Aor the last aston BB After te ast warmaction AS thetist ranmacton ater he ates checkpoint 1. Asthelast ranseton bie the nest eheckpoin ‘su te correct answer estat: saan tare minges ar used the ls transaction i the dump ill ot have updated the database peor othe dump being taken tn, Theat worsen wl ot hve apt the database atl mst be recessed CC. Prognm checkpoints are esevant pth station. Checkpoint used in apteaton fares, DL repramcheskpins ee itlevant in hesitation. Checkpoints are sein pplication ars Se {isa Review Ooeitons Anewers & Explanations Maal 12° Eon 7 ‘Secu teen ee‘DONAN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESLIENCE tn ain he backp considerations fr al systems, which af the following is an important ‘omsideration in proving Backup fr elin stam? siting system softoare parameters Eau pias Gump of racing Epurng granite ero le hacks Maing portant ct at an offite locaton Bethe correc answer Sustifcaton AA Maing syst software parameters is important oral systems, ot just oie systems Enwaring pve dumps of ransacton lg teeny safe way of preserving ney sori ata caus online tems ont have» paper tal at can be we recreate dal, mating framcton logs srcally portant prevent dats las. Te volume of activity sual asoctated ‘nn an one system may make omer more ruin coo ack pra. (¢. Having generat of backups isa gos pracsice fr al systems, All tachups show conse oie slong aa bcaton thai aces but nt ily to be ated toy the same disse, ‘Which ofthe folowing stor reovery tein textnigs tthe MOST eliciat way to dele the ftetvenes ofthe pl? A. repurednestes Berets €.Fallopentional ets D. Actual service dauption Nis he corect answer este A Pes itndbep ibe tem to eter understand and prepare forthe acteal st sce 18. Papers in wll throwgh et the entire la, Bu toe fo slain a es i eared aso ioaiicol wo abi evidence tk th tea fs undersood thee plan C.fulloperatonates woud rxuireapproal rom management, rent cay or practic to etn os senate and iy iggers real sie Anata! ericedipton so eer! aes nk aque by egal or ply ‘CISA Review Questions, Answers & Explanations Manas 72> Eaton Teena ae eeeses ‘DOMAIN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE [M161 Gnline banking transactions ae bong posed the these when processing suddenly comes toa al The integrity of he eansactonprocesing fs BEST ensue by A. datbseinteprity checks. sion check. Cepurrenols drab coms a > 'A Dats ineriy check re portant cps dais consisney ad acy, Tho nt lation, onearncy and drat ert, Dut he mos inane tome eqaremen ‘rns cmp ene a ent or lack othe st Kom os poe 18 Validation cocks wil prevent noc of corap data bu wl ot aes sytem fe, (C—teputecrols are important oot the nee spt data! wil et aes stm fs 'b. utatuse comes enue hat the data are saved ater te ranean proces SOME Roloc ensures hat the processing that hasbeen partly complete appar ofthe transaction ineversed back and wot saved Ifthe etre transaction dacs not complete seco [AG162 Which fthefilowing sci moxuncs BEST nats the inept finan sac ind nacho? A. Valid ily backs Change management process © Dataitonary maintenance Dis the correct answer ostieaion: ‘A. Backs ass valli, oni. Vu bckps ns tat the backup wll work when ea BB Adogate change management procedres ps the dat warehouse an the systems with which he au Yaeouse erties fom nautrized changes bu ae ot sully eaneried wit he 6. Data itonry maintenance procedures provi forthe dein and srr of data fk put fo he daa wach, This wl ot afer! the inter of dialed soe. 1, Became most data na data warchoate are Msteric und donot need te be changed applying ‘eadenly restrictions prevents data manipelai AGG} Which of th ellowing ensures tho svat of wnsaetions inthe erent ofa sate? |A. Senha tapes contining tansetions offi, Send diy apes containing nections ote C._Caplu taaction to mulpl soaps devices. . Tans tanectons offs nal te Ds the correct anewer atin [AN Sond hourty tapos contiing transactions efit snot eal time ad here, woul possibly ‘lt nthe fons Foner orth of ttt at Senin daily apes cananing Vansactions ot sot in elie ap heer cook rein the ee of one ys wort of transitional dt, (€. —Captingwatsctions lo multiple sterage devices Jes not ensure availability at an ofite locaton, 1D. Th ouly way to ensure availablity of al transaction to perform real-time tannins 10 an offite fact {isk Revi Gonstane Anema &Explaaone Maal 12 Elion Ey ‘Sten tage tenscam remrannnsenii ii @== ns a 1 gunagement hs desided to installa eel 1 Redundant Ata af expensive Disks (RAID) ste in all ferret compensate forthe elimination of ffs buckups. The IS aur should recommen A. appa oa level 5 RAID. finerensng the faquency of onsite backaps. C.einsting he oft tacks, DL tstblishingw cod ste nascar lotion, (Cis the correct answer, Susteaton: ‘Ar Upraing ole! $ Redundant Array of Inexponsive Disks (RAID) will ot adres he problem of tas fire of ths dts center housing lhe dt 1 ncreming the frequen of ose backup aot eevant o RAID 1 becouse all at ae boing ‘nine lead Cc. A TEAID system, a ny level wit wt protect aga esate witht ofsite backups. 1b, Reali isanofiste recovery leaton bu will nt provide for data recovery bocase a cold site is ot wo to sore dat ster Me problem wil nat be fn. contnet wih ho, warm or col ste, comctual provisons should PRIMARILY cover which the following sorsidestis? AL Physical secuiy meses Toa umber of sbseibers C. _ Number of subscribes permite to we ite at oti D. References by ater ses Civ the correct anowe. Sustcation 1A ysl sour meatars arena lays pat of the contac, sihogh hey ate an important ‘onadeation han ehoosing stil pty le 18, Thevota mambo subuenbers fu consideration, bk more important is hee the greet Tit he numberof subsets ting o va spec ar Ms alo go oka if ter sebscrters ae emptor: ©. Thecontract sald spect the number of subscribers permite to se the site at any one ine ‘he contrat can be writen tive preference to certain subscribers. 1. Thereterences tat oer wes can prone area consideration taken Dlore signing the amt itis ‘ym cans prof te contact provisions ‘CISA Review Questions, Answer & Explanations Mancal 12° aonMae {isa even Gusstne, Anamer & Explaaone Maal 12 Eon DOMAIN 4~NFORMATION SYSTINS OPERATIONS AND BUSINESS RESILIENCE ‘Which ofthe following reports is the MOST appropriate sere of infrmation for a 1S autor wala that an nett servos provider ISP) has ecu complying wi an emis servic eel agreement er the allay ef ontsoatced lecommunicaton series? Downtime reports onthe ieleormaication eves generated bythe ISP ‘utili port of astra lover series goncrated by the enterprise ‘Aton tention report provided by he ISP ‘Dowatmerepors onthe tslercmmuncaon eves generated by the enterprise Dis the correct answer. Justia athe Inert service prover (ISP}aenerae dewatine reports are produce bythe same ety tat isbeing mitre. Ax ares il be necessry to review these report fr posible is ane errort tt ote dat 18, The mormon povided by these repos eines vince of the extent tha he backap level atest athe Tloersysters had bom te c_Uilation reports are wel o mci the wage of bandwith, nt apne D. The eterprse (really generated downtime reports monitor the service ovice by the ISP and, ax avaiable to compare with the reports provided bythe ISP. Integrating besines contin pl it FT poet management i A. tho fsing of he hun continity requirement BB thedoelapment of more empreensie se of requirements the development of asictenflowchar 1 rag the application mat the wer reds, este: 1a Tat ine tines ontinaty pos (BCP) sequen sno elt oT projet management 'Rnegatng the BCP nto the development process ensures complet coverage ofthe Fequitementsthrugh each phase af the project. c_Atmmacon fecha isin saying nappies cents bat cs ot fet bases contin 1. Ate wll nt costly adres he desl processing need of the wer See aoe eeDOMAIN 4-.NFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE Asi Gs) sa An enterprise wses oiled accounts to process configuration changes fr miseries plications ‘Which ofthe following would be the BEST and appropriate con it th isk soc situation? ‘A. are thu aus are accurate ad pif 1K Ensure that pion! have adequate ints. (C.__Enute hat perenne! background checks are prfonc for eal psronne Emu thatsaprvisory approval nd review are plone frei dang Jestifcation ‘AD Avi il ares detective contol and in may ats, ante ered by those wi privileged aces BB Sufpotciens is important and god traning may be omewtat oF deere but supervisory nprval andrew ithe best hoe (¢._Parforming backround check ss very bs conrad wil ot ctv prevent or dete errs review feria changes by the accountable managers in iret vol aid detect any unauthorized change. nation suthorzaio,sapervision enforces a separalon of duis and prevents an unauthorized tempt Dy any singe employee. ‘nS aur observed hat mle aplication ate host on the same server, Te every ime jestive (RTO) forte server wl be: tas on the aplication wit he oust TO. tal on the apliation with the shores RTO, tied on the me ofeach applications RTO. Independent of RTO and tse onthe citeality ofthe application te correct ans. seston: ‘Ann longest ecvery tine objective (RTO) wil be determined fer nonentcalapplisatane, which will st help in moet the objctine for ral sams 1B, When several applications ae hosted on xserver, the server's RTO mast be determine ‘aking he RCT of te mest ena aplication, whichis the sertest TO. (¢. The rican valu wil be bir tap the RTO fr rel appiston ‘Crt applisitons sual have te shores RTOs, The RTO of he server cant be independent of tae aplication FTO. ‘ISA Rovian Govsins, Answers & Explants Manual 1 Edinead ese DOMAIN ¢~NFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE [AG-170 Daring an splcton ait, he IS suitor Find several ples ltd to come tin the daa, ‘Which of following cometive contol ht the I aio sho scored? A. Defi the stands, an closely mritor hem for compliance 53. Ensue that only auc persene ean update tho database {C. _Fstabish ccrtts to hae conerrent acces problems 1. Procesd with estore procedures, Ds conret answer. Justia: {AW Enbishing standard i a preventive contol, sd monitoring fr compliance isa dette cat [Bang tht ony authorized personnel an ups theca fa preventive con C.__Estabishing conta to handle concert access prbloms is preventive conta 1D. Proceeding with restore procedures s+ corrective control Restore procedures cam be wed (0 ecorr databases lather lnt-keown archived version AGITL Whi ofthe fling sents proves the BEST distr ecovery ano plement frente ppt? |A. Day dnt ackap tare steed fie a he tat 140 hms a he in dt ete Dalya ackeps tha re ord ste in a rego ae {C._Reabme dit replicton betwen the min dla cae and the Bot site Iced SO meters fo the 1D, Day na acap tat are stredfte with am sit kt 70 Kita fen he in dla ener ns ectcation: [AL Of he given choles, this the mos stable answer The daster recovery 3 thai Ioeated eiinty away frm the mtn datacenter and wil allow recevey re ehentaf2 mao dsaster. Not having real-time backaps ouy bea prablem depending 90 recovery pet objective (RPO). 1s. Having data acta is aeessny, but not having replication se would be safc forthe ‘tea appiation. (C. _Daperngen the peo dsr ft se soul noma be cated martha 50 mete en the ain fil Hing real-mebackape my beh et pt chsh pening on he dt RPO. Am ite may ke days torent and therefore may not be a suas slon MGT2 Which of te follow isthe BEST intro th effectiveness of ackup and reer procedres while restoring daa afer ase? Merters of the ecovery cam were iil Resor ne objestives were met Invent of bakep ties was propery minained ‘Backup tps ere completely estred ata aller sits is the cont anamer, ‘An They of key person! dos tee hat hcp al sare proces wll wk ef B.Theetecivenes of backup and restore procedures is best ensured by recovery time objectives (210s) hela met because these ae the requirement that are critaly defined during the ‘nue impact analy stags, with te pats and involvement fal Busnes proces owners (¢,‘Thefrventory ofthe backup tape only one element ofthe sues recone 1. Therestton of backup tess xe suse, but only they were able be estore within she ue anes sey the RO. “Gita Revaw Gucstane Anenars & Explnatona Monal ERs SSSSSS*C«S ‘Sten At tomeDDOWAIN 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE =< sens (cish sensi {Which ofthe following woul be the MOST appropriate reovery satay fora sensitive system with a ‘igh recovery time efectve(RTO}? A. Warm sit Be Mesie © Colds D._ Mobile rive sie (Cathe coreetansver. eile a warm ste maybe a pod solo, it wou ot be the mst appropiate boca itis more expensive ha eal st 1, hort sal ods pts csi as eel ht ne ow eee ine abt (RTO), 1b, Ramat recovery ste would not be a ost soave 5 4 old site nd would ol be appropri for ‘Systems with igh RTs ‘Which he flowing shoul an cident respons tam alress FIRST aes mor incident in an information processing acy? A. Reston atte fity BDocamention othe ity © Conainmcat athe fil . Moniring of te fly (Cite corvect anne. Justi A Restoration enaes thatthe feted systems or services ae rest to a condition spesifed in the ‘estore point abjstve. This action wl be posible nl afer conamet ofthe damage. 1B. Documeniton the faci should he prepared to infer manageren of he incon honever, duage mist contd Fst ‘Thetis priority afer addressing fe sey) she containment of the nent a he Fey so ‘ha spread of fe damage is minimize. The incdent eum mast gan control of the stuaton. 1. _ Maniring fe ati is nperan, anus containment mast ake roy to wei spend of {An IS aio icone tht some atd dios disposed af by a enterprise werent sanitized in « manner that woul emanalyenar the data could tbe recovered In ato, the enterprise does mt have ‘rien policy on dats. The IS autor sould FIRST A draft an aut ding and discuss it with he ator in hag determine the eit ofthe foumation on the hae es, (Ciscss withthe manager good practices in dt dispost 1. evelop an aprepit data pes policy forthe eterpis Bis the cores anser usta A” Daafing finding without a quanti vik woul be premature. Eventhough a policy enat availabe, the IS aor should determine the nature of the lnformation onthe hard drives to quantify, as muchas pesibl, the risk. (© vould be premature to dscuss woe paces with he IT maager ul the extent of the inckeat has been quad 1b. An Sauce stout ot deen polices, = ‘ISA Review Questions, Anower & Explanations Manual 12 alosear “iGA Review Question Answers &Explnatins Manoel 12° Eien oo ‘DOMAIN 4 FORMATION SYSTENS OPERATIONS AND BUSINESS RESIUENCE ‘An IS audio is assessing services provided by an etre sevice provider (ISP) daring an 1 compiance ‘uit ofa rtonse comporation tt opts a goverment program. Which ofthe following MOST injeran’? A. Revi the request for propos Review mnhly perfomance reports generate by the IP. C. _Revign th orice lve! aproement D.Ressach oer shone of the IP Cathe coret answer, usta [Ar Recaro the request far ropsa i nt the orice green ii moe relevant fo review the termsothe SUA herpes tom the nero Srvee prvi (ISP) inde evidence that may require farther tevin ta ens accuse a empleo 1c. service level agreement provger he bass fran adequate Asfesment OF tHE degre to which {he provider meeting the level of apreed-on ses 1, Thersrices provided to oer clon ofthe ISP re eleant tothe IS ai Daring a sat of sal energie, the 1S aor noted ht the 1 decor has saperserpiilege aces Ahatallowsthedrectrt prone equ fr changes tthe pion aces roles (ces fypes), Which ‘ofthe flloving shoal the 1 autor vsommond? ‘A. Implant propery documenta proces fo aplization role change requests BH additonal fo provide a segregation of dates fr appation role changes {C.__Implament an atomated process fr changing application rks. 1D. Docaent the cutrent poder in det snd ake enable othe energie intranet As the correct answer estan: [A The'S auclvor should recommend implementation of processes that could preventer detect Imprrper changes trom being made tthe major applieaton reese application roe change ecu process sould start and be approved bythe busines owner; then the 1S director ea ke the changes to the application, 18. While iis petted dua sic segregation of dates be auee to ad that atonal si be recrtel his pracice fa ays pnb a seal enerprine. The I aio ust ok a ‘Scommenel allerative proves. C.Amautomated proces for managing application roles may aot be racial te prevent igroper thane being mods by the 1S doctor, who aso has the most piviegod acess othe epiation 1D. Making the existing process nslableom the enter inane woud not provide any vl oprotst the system‘DOMARN 4—NFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE (oak ss [AIT While observing fl simulation ofthe business comity pln, a Sar mois hat the naifcation yates within the orpnizational Fis coud be severly pact by infasrutre damage. The BEST ‘eommendation the B air can prove to the organization io ensre: |A. te aha ea is tuned we the nifistion sytem the mieution ester provides forthe covery of the backup, {C.__redandancic as bul nto the notion syste. thea ystems sre stored ina val ‘Ci the correct ansver. estiiaton: [A Thesaage team would not beable tase a severely damaged nation system, ven hy re trained to we 18, Therecovery athe cups has no caring on he noifcaton system, C._Iftaenotcaton yrtom hasbeen severely impacted #9 the damage, reduneaney would e 1 st contrel Storing the noi eation stm in vault would be fie val ithe bain is damaged |AG179 Toes srt dase recovery is MOST iapomae that the busines continuity pn sr aster recovery plana ‘A. sored a at aon location Bcommunicated wall wn Cet ely updated clay. Cte correct aver estat ‘Anon the buses continuity plan (HCP) at an tomate loeation x wil inthe cae of complee titontags; however the BCP swf during sas without agua test Irene CY le tested relat, the BCP and diaper recovery pla team adequatay aware of ‘he process and that hes in structured disaster recovery. 10. Even ite pins upd ely oF esse du an acta serif isnt ages A180. The PRIMARY pus of business impact onli is A. define recovery strategie Monty he senate improve resven tering. cake th arial os expec. ‘Atte corect answer ustifeation {AO the primary outcomes of esinss impact analysis (BIA) he recovery time abjetive ‘andthe recovery pont abjectv, which help defning the recovery strategies. 18 A'BIA. it wil ot help in eight Tht deter aig the rexonery statey pase the proce C_A'BIA st wil not help improve recovery testing. Ta is done daring the implementation and stn phase ofthe prj. 1. The anal Iurenpectany of eal busines acts ad procewos i dcr ring risk ‘scent an wil bo Yevieed inthe BIA, bat his iso he primary avenaps ee ‘ISA Review Questions, Anowers & Explanations Manual 12> Eon Sica aie= OMAR 4-INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILENCE AGIBL Which of te fllowing BEST hugs define dna recovery tatgies? [AL Anma oss expctney al expose itor 8. Maximum clembleJovatine and ata os C_Enitng server and network runes, Duta bickap and oie storage requirements Bic the corectanower ostiicatien: ‘A Annual los expectancy and expose fcr ae ne tlt to isk oneal 1. Oneaf the key oncomes af the busines pact ‘and recovery point jective (RPO)—maimum Delp tenting the recovery strtepex (C.__Exisng server and network redundancies re god o know, but the RTO al RPO ae nee 6 sie hi ery tees ». shy ane roe oie et an prin anpet of a AMES CEU pa, toe sae val nt he dlg be Sse gis AGIBD Afra distor delaration the medi ration date wan ery sie sed on hs 1 racony time objet sstve deivery objective misma tolenble oa Asa correct answer. estat: [Av The recovery point objective (RPO) is determined based on the acceptable data os in case ofa

You might also like

• The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life

  

  From Everand

  The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life

  Mark Manson

  Rating: 4 out of 5 stars

  4/5 (5808)
• The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are

  

  From Everand

  The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are

  Brené Brown

  Rating: 4 out of 5 stars

  4/5 (1092)
• Never Split the Difference: Negotiating As If Your Life Depended On It

  

  From Everand

  Never Split the Difference: Negotiating As If Your Life Depended On It

  Chris Voss

  Rating: 4.5 out of 5 stars

  4.5/5 (843)
• • Magazines
  • Podcasts
  • Sheet music
• Principles: Life and Work

  

  From Everand

  Principles: Life and Work

  Ray Dalio

  Rating: 4 out of 5 stars

  4/5 (608)
• The Glass Castle: A Memoir

  

  From Everand

  The Glass Castle: A Memoir

  Jeannette Walls

  Rating: 4.5 out of 5 stars

  4.5/5 (1716)
• Grit: The Power of Passion and Perseverance

  

  From Everand

  Grit: The Power of Passion and Perseverance

  Angela Duckworth

  Rating: 4 out of 5 stars

  4/5 (590)
• Sing, Unburied, Sing: A Novel

  

  From Everand

  Sing, Unburied, Sing: A Novel

  Jesmyn Ward

  Rating: 4 out of 5 stars

  4/5 (1104)
• Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race

  

  From Everand

  Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race

  Margot Lee Shetterly

  Rating: 4 out of 5 stars

  4/5 (897)
• Shoe Dog: A Memoir by the Creator of Nike

  

  From Everand

  Shoe Dog: A Memoir by the Creator of Nike

  Phil Knight

  Rating: 4.5 out of 5 stars

  4.5/5 (540)
• The Perks of Being a Wallflower

  

  From Everand

  The Perks of Being a Wallflower

  Stephen Chbosky

  Rating: 4.5 out of 5 stars

  4.5/5 (2104)
• The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

  

  From Everand

  The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

  Ben Horowitz

  Rating: 4.5 out of 5 stars

  4.5/5 (346)
• Bad Feminist: Essays

  

  From Everand

  Bad Feminist: Essays

  Roxane Gay

  Rating: 4 out of 5 stars

  4/5 (1018)
• Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future

  

  From Everand

  Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future

  Ashlee Vance

  Rating: 4.5 out of 5 stars

  4.5/5 (474)
• Her Body and Other Parties: Stories

  

  From Everand

  Her Body and Other Parties: Stories

  Carmen Maria Machado

  Rating: 4 out of 5 stars

  4/5 (821)
• The Outsider: A Novel

  

  From Everand

  The Outsider: A Novel

  Stephen King

  Rating: 4 out of 5 stars

  4/5 (1850)
• The Emperor of All Maladies: A Biography of Cancer

  

  From Everand

  The Emperor of All Maladies: A Biography of Cancer

  Siddhartha Mukherjee

  Rating: 4.5 out of 5 stars

  4.5/5 (271)
• The Sympathizer: A Novel (Pulitzer Prize for Fiction)

  

  From Everand

  The Sympathizer: A Novel (Pulitzer Prize for Fiction)

  Viet Thanh Nguyen

  Rating: 4.5 out of 5 stars

  4.5/5 (122)
• Angela's Ashes: A Memoir

  

  From Everand

  Angela's Ashes: A Memoir

  Frank McCourt

  Rating: 4.5 out of 5 stars

  4.5/5 (440)
• Brooklyn: A Novel

  

  From Everand

  Brooklyn: A Novel

  Colm Toibin

  Rating: 3.5 out of 5 stars

  3.5/5 (1946)
• The Little Book of Hygge: Danish Secrets to Happy Living

  

  From Everand

  The Little Book of Hygge: Danish Secrets to Happy Living

  Meik Wiking

  Rating: 3.5 out of 5 stars

  3.5/5 (401)
• The World Is Flat 3.0: A Brief History of the Twenty-first Century

  

  From Everand

  The World Is Flat 3.0: A Brief History of the Twenty-first Century

  Thomas L. Friedman

  Rating: 3.5 out of 5 stars

  3.5/5 (2259)
• A Man Called Ove: A Novel

  

  From Everand

  A Man Called Ove: A Novel

  Fredrik Backman

  Rating: 4.5 out of 5 stars

  4.5/5 (4610)
• The Art of Racing in the Rain: A Novel

  

  From Everand

  The Art of Racing in the Rain: A Novel

  Garth Stein

  Rating: 4 out of 5 stars

  4/5 (4203)
• A Tree Grows in Brooklyn

  

  From Everand

  A Tree Grows in Brooklyn

  Betty Smith

  Rating: 4.5 out of 5 stars

  4.5/5 (1929)
• Steve Jobs

  

  From Everand

  Steve Jobs

  Walter Isaacson

  Rating: 4.5 out of 5 stars

  4.5/5 (806)
• The Yellow House: A Memoir (2019 National Book Award Winner)

  

  From Everand

  The Yellow House: A Memoir (2019 National Book Award Winner)

  Sarah M. Broom

  Rating: 4 out of 5 stars

  4/5 (98)
• Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America

  

  From Everand

  Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America

  Gilbert King

  Rating: 4.5 out of 5 stars

  4.5/5 (266)
• The Woman in Cabin 10

  

  From Everand

  The Woman in Cabin 10

  Ruth Ware

  Rating: 3.5 out of 5 stars

  3.5/5 (2521)
• Yes Please

  

  From Everand

  Yes Please

  Amy Poehler

  Rating: 4 out of 5 stars

  4/5 (1898)
• A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story

  

  From Everand

  A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story

  Dave Eggers

  Rating: 3.5 out of 5 stars

  3.5/5 (231)
• Team of Rivals: The Political Genius of Abraham Lincoln

  

  From Everand

  Team of Rivals: The Political Genius of Abraham Lincoln

  Doris Kearns Goodwin

  Rating: 4.5 out of 5 stars

  4.5/5 (234)
• Fear: Trump in the White House

  

  From Everand

  Fear: Trump in the White House

  Bob Woodward

  Rating: 3.5 out of 5 stars

  3.5/5 (738)
• Wolf Hall: A Novel

  

  From Everand

  Wolf Hall: A Novel

  Hilary Mantel

  Rating: 4 out of 5 stars

  4/5 (3811)
• John Adams

  

  From Everand

  John Adams

  David McCullough

  Rating: 4.5 out of 5 stars

  4.5/5 (2409)
• On Fire: The (Burning) Case for a Green New Deal

  

  From Everand

  On Fire: The (Burning) Case for a Green New Deal

  Naomi Klein

  Rating: 4 out of 5 stars

  4/5 (74)
• The Light Between Oceans: A Novel

  

  From Everand

  The Light Between Oceans: A Novel

  M.L. Stedman

  Rating: 4.5 out of 5 stars

  4.5/5 (789)
• Assignment #2 PER

  

  Document5 pages

  Assignment #2 PER

  xjammer

  No ratings yet
• The Unwinding: An Inner History of the New America

  

  From Everand

  The Unwinding: An Inner History of the New America

  George Packer

  Rating: 4 out of 5 stars

  4/5 (45)
• Manhattan Beach: A Novel

  

  From Everand

  Manhattan Beach: A Novel

  Jennifer Egan

  Rating: 3.5 out of 5 stars

  3.5/5 (792)
• The Constant Gardener: A Novel

  

  From Everand

  The Constant Gardener: A Novel

  John le Carré

  Rating: 3.5 out of 5 stars

  3.5/5 (104)
• FAR - PRACTICE SET 5 PROPERTY PLANT AND EQUIPMENT Unprotected

  

  Document9 pages

  FAR - PRACTICE SET 5 PROPERTY PLANT AND EQUIPMENT Unprotected

  xjammer

  No ratings yet
• Fs 21354165

  

  Document21 pages

  Fs 21354165

  xjammer

  100% (1)
• Rise of ISIS: A Threat We Can't Ignore

  

  From Everand

  Rise of ISIS: A Threat We Can't Ignore

  Jay Sekulow

  Rating: 3.5 out of 5 stars

  3.5/5 (137)
• Little Women

  

  From Everand

  Little Women

  Louisa May Alcott

  Rating: 4 out of 5 stars

  4/5 (104)
• Butcherap

  

  Document99 pages

  Butcherap

  xjammer

  No ratings yet
• Cash and Cash Equivalents: Acceptable by The Banks For Deposit and Immediate Credit. Divided in 3 Categories Cash On

  

  Document5 pages

  Cash and Cash Equivalents: Acceptable by The Banks For Deposit and Immediate Credit. Divided in 3 Categories Cash On

  xjammer

  No ratings yet
• Si Nagph: Ar R I Bas, Di Az, Mama, Sant Osmar183

  

  Document85 pages

  Si Nagph: Ar R I Bas, Di Az, Mama, Sant Osmar183

  xjammer

  No ratings yet
• Production and Operation Management: Mentored By: Elzeber Murallos

  

  Document4 pages

  Production and Operation Management: Mentored By: Elzeber Murallos

  xjammer

  No ratings yet
• Sweven Co

  

  Document98 pages

  Sweven Co

  xjammer

  No ratings yet
• 1212121

  

  Document103 pages

  1212121

  xjammer

  No ratings yet
• A-Flour Co.: Acero, Crisha S. Galos, Eron G. Isaga, Sofia Pearl P. Pengson, Donna Lysa A. Reyes, Grant Dave R

  

  Document94 pages

  A-Flour Co.: Acero, Crisha S. Galos, Eron G. Isaga, Sofia Pearl P. Pengson, Donna Lysa A. Reyes, Grant Dave R

  xjammer

  No ratings yet
• Operating Lease Vs Finance Lease

  

  Document5 pages

  Operating Lease Vs Finance Lease

  xjammer

  No ratings yet
• Answer KEY PPE

  

  Document6 pages

  Answer KEY PPE

  xjammer

  No ratings yet
• JOB ORDER-Rework Spoilage and Entries

  

  Document17 pages

  JOB ORDER-Rework Spoilage and Entries

  xjammer

  No ratings yet
• PARTNERSHIP Zulueta

  

  Document35 pages

  PARTNERSHIP Zulueta

  xjammer

  No ratings yet
• Joint Cost Quizzer

  

  Document5 pages

  Joint Cost Quizzer

  xjammer

  No ratings yet
• Q 029 We 4 U

  

  Document11 pages

  Q 029 We 4 U

  xjammer

  No ratings yet
• Aud Rev - Accounts Receivable

  

  Document4 pages

  Aud Rev - Accounts Receivable

  xjammer

  No ratings yet
• PEPEPEPPEPE

  

  Document1 page

  PEPEPEPPEPE

  xjammer

  No ratings yet
• SHE Limheya

  

  Document12 pages

  SHE Limheya

  xjammer

  No ratings yet
• PER-Quiz #1

  

  Document8 pages

  PER-Quiz #1

  xjammer

  No ratings yet
• 123123

  

  Document3 pages

  123123

  xjammer

  No ratings yet
• Accounting Problem B Abeleda (AutoRecovered)

  

  Document14 pages

  Accounting Problem B Abeleda (AutoRecovered)

  xjammer

  100% (2)
• Ar Problems Handouts

  

  Document18 pages

  Ar Problems Handouts

  xjammer

  100% (1)
• 428

  

  Document17 pages

  428

  xjammer

  No ratings yet
• IT Audit

  

  Document9 pages

  IT Audit

  xjammer

  No ratings yet
• Q 029 We 4 U

  

  Document4 pages

  Q 029 We 4 U

  xjammer

  No ratings yet
• 123123

  

  Document3 pages

  123123

  xjammer

  No ratings yet
• 1203847102847

  

  Document6 pages

  1203847102847

  xjammer

  No ratings yet