CISA Exam Prep Course | Post Session Activities

Session 2 Activities

Domain 3

Task 3.1
ABC Corporation has several competing IT initiatives that have been identified for 2016;
however, several past projects have not delivered the desired value, while critical infrastructure
changes have not been started. What would be the best method to outline critical infrastructure
needed to meet ABC’s goals?

Task 3.2
You have been asked to evaluate IT supplier selection and contract management processes prior to ABC
Corporation’s migration to cloud service providers, Infrastructure as a Service (IaaS). What are the most
important criteria to be considered during the selection?

Task 3.3
ABC Corporation is preparing for a major ERP upgrade and related customized code development. You
have been selected to perform an IS audit focused on program, project and software development
processes. What is the most important element in evaluating the project management framework?

Task 3.4
The last ERP upgrade encountered significant delays and cost over runs, and the CIO and CFO have
requested you to perform an audit of the upcoming ERP upgrade, paying special attention to the
integration of the code between enterprises. What is the development approach designed to achieve
easier and more effective integration of code modules within and between enterprises?

1
 CISA Exam Prep Course | Post Session Activities

Task 3.5
You will provide interim reports and other documentation during critical phases within the project life
cycle to allow the project team to respond to any significant findings that could pose a risk to the
project’s success. What is documented in specifications and drawings describing the reference
infrastructure that will be used by all projects downstream?

Task 3.6
The time has arrived for you to make a recommendation to management on whether the system is
ready to go into live production. You will rely heavily on testing results to help you make your
recommendation. What type of hardware or software test evaluates the connection of two or more
components that pass information from one area to another?

Task 3.7
The audit has been challenging, but now the ERP upgrade project is completed. The new system is
stabilized in production. It is time for you to complete the post implementation review. What is the most
important task to address during the post implementation review?

Domain 4

Task 4.1
The audit committee has directed the internal audit team to determine if IT services are being managed
to optimize value to the company. Your company is considering integration of IT service management
(ITSM) for the management of IT services (people, process and information technology) to meet
business needs. What features of ITSM could benefit the organization?

2
 CISA Exam Prep Course | Post Session Activities

Task 4.2
During your audit, you have learned that the system architect is looking for recommendations related to
EA implementation for fundamental underlying design of the IT components of the business, the
relationships among them and the manner in which they support the enterprise’s objectives. What
would a road map for an EA often be represented as?

Task 4.3
Recent failures in application and database backups have led to loss of business continuity system fail-
over during system outages. During your audit, you have identified that changes were made to systems
supporting the backup processes. Further investigations of the backup issues disclose that backup job
scheduling conflicted with other running operations. What would be the BEST choice of controls to
address this deficiency?

Task 4.4
During your IS audit you have found that critical patches are not being applied due to recent outages
experienced from the automated patching processes. What is the most important aspect of patching
that leads to system outages?

Task 4.5
While performing an IS audit of the ERP database and related data warehouse, you have identified the
following findings:
o Duplication of data between data sets in the database and the warehouse.
o Insecure data transfers (FTP) were used in many instances.
What would BEST address the data duplication issues?

What is the most likely cause of the use of insecure data transfer?

3
 CISA Exam Prep Course | Post Session Activities

Task 4.6
As you were evaluating the company’s ERP and interconnected systems, you identified that data is not
available to support mission critical operations. Which phase of Data Management would address the
availability issue?

Task 4.7
During the review of company audit logs, the IS auditor identified the following findings:
o Excel database ODBC functionality was being used to back-door the MS SQL databases.
o On-going Metasploit attacks that were targeting external firewalls have not been
escalated for response.
What is the best way to address Metasploit attacks?

Task 4.8
The ERP upgrades went very well; however, the subsequent bug fix and software patching has caused
on-going system outages and data corruption. You have been asked to perform a management request
audit to determine the root causes of the failures. As you begin the audit, where would be the best place
to focus your attention?

Task 4.9
Your audit of the software development activities has identified that several end-user computing
solutions interface with the ERP. These end-user computing applications are normally being saved to
local hard drives and frequently are used for extended periods off-line from corporate networks. What
policy for use of end-user computing should the IS auditor ensure is in place?

4
 CISA Exam Prep Course | Post Session Activities

Task 4.10
Following the recent flooding events in surrounding states, ABC Corporation has requested an audit of
its BCP/DRP plans and processes. What two elements should the DRP identify and seek to match up in
the event of an incident or disaster?