An organization has begun using social media to communicate with current and potential clients. Which of the following should be of PRIMARY concern to the auditor?
Correct Answer: A
Question 2
Which of the following a recent internal data breach, an IS auditor was asked to evaluate information security practices within the organization. Which of the following findings would be MOST important to report to senior management?
Correct Answer: D
Question 3
Users are complaining that a newly released enterprise resource planning (ERP) system is functioning too slowly. Which of the following tests during the quality assurance (QA) phase would have identified this concern?
Correct Answer: A
Comprehensive and Detailed Step-by-Step Explanation: Astress testevaluates system performance under extreme conditions, such as high user loads, to determine how the system behaves under peak traffic or resource exhaustion. * Stress Testing (Correct Answer - A) * Identifies performance bottlenecks in software applications. * Helps ensure the ERP system can handle expected workloads. * Example:Simulating thousands of concurrent users accessing the ERP system to test response times and server load capacity. * Parallel Testing (Incorrect - B) * Compares a new system with an old one but does not test system performance under load. * Regression Testing (Incorrect - C) * Tests whether recent code changes have affected existing functionality but does not focus on performance. * Interface Testing (Incorrect - D) * Checks interactions between system components but does not measure performance. References: * ISACA CISA Review Manual * COBIT 2019: Performance and Capacity Planning * NIST 800-37 (Risk Management Framework)
Question 4
An IS auditor is reviewing the process followed in identifying and prioritizing the critical business processes. This process is part of the:
Correct Answer: C
Section: The process of Auditing Information System
Question 5
Which of the following BEST enables an IS auditor to combine and compare access control lists from various applications and devices?
Correct Answer: C
Data analytics is the process of analyzing large and complex data sets to discover patterns, trends, and insights that can support decision making and problem solving. Data analytics can enable an IS auditor to combine and compare access control lists from various applications and devices by using techniques such as data extraction, transformation, loading, cleansing, integration, aggregation, visualization, and reporting. Data analytics can help an IS auditor to identify and assess the risks and controls related to access management, such as unauthorized or excessive access, segregation of duties violations, access policy compliance, access activity monitoring, and access review and remediation. The other options are not as effective or relevant as data analytics for combining and comparing access control lists from various applications and devices. Integrated test facility (ITF) is a technique for testing the validity and accuracy of application processing by inserting fictitious transactions into the system and verifying the results. ITF does not directly involve the analysis of access control lists. Snapshots are records of selected information at a specific point in time that can be used to monitor system activity or performance. Snapshots can provide some information about access control lists, but they are not sufficient to combine and compare them across different sources. Audit hooks are software routines embedded in an application that can trigger an alert or a report when certain conditions are met. Audit hooks can help to detect anomalies or exceptions in access control lists, but they do not provide a comprehensive or integrated view of them. References: * ISACA, CISA Review Manual, 27th Edition, 2019, p. 2361 * ISACA, ITAF: A Professional Practices Framework for IS Audit/Assurance, 3rd Edition, 2014, p. 882 * Data Analytics for Auditing Access Control3
