Isaca CISA Quiz 200 Topic 3 Questions 996-1000

Question: 1

The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open-source software?

ARewrite the patches and apply them

BCode review and application of available patches

CDevelop in-house patches

Didentify and test suitable patches before applying them

Show Answer

Question: 2

An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls wou Id BEST mitigate the risk of undetected and unauthorized program changes to the production environment?

ACommands typed on the command line are logged

BHash keys are calculated periodically for programs and matched against hash keys calculated for the most recent authorized versions of the programs

CAccess to the operating system command line is granted through an access restriction tool with preapproved rights

DSoftware development tools and compilers have been removed from the production environment

Show Answer

Question: 3

Which of the following processes should an IS auditor recommend to assist in the

recording of baselines for software releases?

AChange management

BBackup and recovery

Cincident management

DConfiguration management

Show Answer

Question: 4

An IS au itor notes that patches for the operating system used by an organization are

deployed by the IT department as advised by the vendor. The MOST significant concern an IS auditor should have with this practice is the nonconsideration bylT of:

Athe training needs for users after applying the patch.

Bany beneficial impact of the patch on the operational systems.

Cdelaying deployment until testing the impact of the patch.

Dthe necessity of advising end users of new patches.

Show Answer

Question: 5

In a small organization, developers may release emergency changes directly to production. Which of the following will BEST control the risk in this situation?

AApprove and document the change the next business day

BLimit developer access to production to a specific timeframe

CObtain secondary approval before releasing to production

DDisable the compiler option in the production machine

Show Answer

Isaca CISA Quiz:200 Topic:3 Questions:996-1000