Which of the following findings should an IS auditor be MOST concerned about when performing an audit of backup and recovery and the offsite storage vault?
Correct Answer: C
Section: Protection of Information Assets Explanation: Choice A is incorrect because more than one person would typically need to have a key to the vault to ensure that individuals responsible for the offsite vault can take vacations and rotate duties. Choice B is not correct because an IS auditor would not be concerned with whether paper documents are stored in the offsite vault. In fact, paper documents, such as procedural documents and a copy of the contingency plan, would most likely be stored in the offsite vault, and the location of the vault is important, but not as important as the files being synchronized.
Question 212
An IS auditor is reviewing a project that is using an Agile software development approach. Which of the following should the IS auditor expect to find?
Correct Answer: D
Explanation/Reference: Explanation: A key tenet of the Agile approach to software project management is team learning and the use of team learning to refine project management and software development processes as the project progresses. One of the best ways to achieve this is that, at the end of each iteration, the team considers and documents what worked well and what could have worked better, and identifies improvements to be implemented in subsequent iterations. CMM and Agile really sit at opposite poles. CMM places heavy emphasis on predefined formal processes and formal project management and software development deliverables. Agile projects, by contrast, rely on refinement of process as dictated by the particular needs of the project and team dynamics. Additionally, less importance is placed on formal paper- based deliverables, with the preference being effective informal communication within the team and with key outside contributors. Agile projects produce releasable software in short iterations, typically ranging from 4 to 8 weeks. This, in itself, instills considerable performance discipline within the team. This, combined with short daily meetings to agree on what the team is doing and the identification of any impediments, renders task-level tracking against a schedule redundant. Agile projects do make use of suitable development tools; however, tools are not seen as the primary means of achieving productivity. Team harmony, effective communications and collective ability to solve challenges are of greater importance.
Question 213
Which of the following statement is NOT true about smoke detector?
Correct Answer: D
Explanation/Reference: The word NOT is the keyword used in the question. You need to find out a statement which is not applicable to smoke detector. Smoke detector should supplement, not replace, fire suppression system. For CISA exam you should know below information about smoke detector. The Smoke detectors should be above and below the ceiling tiles throughout the facilities and below the raised computer room floor. The smoke detector should produce an audible alarm when activated be linked to a monitored station The location of the smoke detector should be marked on the tiling for easy identification and access. Smoke detector should supplement, not replace, fire suppression system The following were incorrect answers: The other presented options are valid statement about smoke detector. Following reference(s) were/was used to create this question: CISA review manual 2014 Page number373
Question 214
The BEST way to preserve data integrity through all phases of application containerization is to ensure which of the following?
Correct Answer: C
Question 215
An organization's audit charter should:
Correct Answer: B
Section: Information System Acquisition, Development and Implementation
