Free Access to ISACA.CISA.v2023-04-24.q308 with Valid Practice Test (Page 2)

Question 1

An organization has recently moved to an agile model for deploying custom code to its in-house accounting software system. When reviewing the procedures in place for production code deployment, which of the following is the MOST significant security concern to address?

A.Current DevSecOps processes have not been independently verified.
B.Production code deployment is not automated.
C.Software vulnerability scanning is done on an ad hoc basis.
D.Change control does not include testing and approval from quality assurance (QA).

Question 2

A post-implementation review was conducted by issuing a survey to users. Which of the following should be of GREATEST concern to an IS auditor?

A.The survey was issued to employees a month after implementation.
B.The survey form template did not allow additional feedback to be provided.
C.The survey questions did not address the scope of the business case.
D.The survey results were not presented in detail lo management.

Question 3

The PRIMARY benefit of automating application testing is to:

A.provide more flexibility.
B.reduce the time to review code.
C.replace all manual test processes.
D.provide test consistency.

Question 4

Which of the following audit procedures would be MOST conclusive in evaluating the effectiveness of an e-commerce application system's edit routine?

A.Use of test transactions
B.Interviews with knowledgeable users
C.Review of source code
D.Review of program documentation

Question 5

Management receives information indicating a high level of risk associated with potential flooding near the organization's data center within the next few years. As a result, a decision has been made to move data center operations to another facility on higher ground. Which approach has been adopted?

A.Risk reduction
B.Risk transfer
C.Risk avoidance
D.Risk acceptance

Question 1

Question 2

Question 3

Question 4

Question 5

Download PDF File