Isaca CISA Quiz 83 Topic 4 Questions 411-415

Question: 1

Which of the following is the GREATEST risk associated with vulnerability scanning tools used to identify security weaknesses?

AFalse positives

BOutdated signatures for detection

CUse of open source tools

DFalse negatives

Show Answer

Question: 2

Which of the following should be of GREATEST concern to an IS auditor reviewing a system software development project based on agile practices?

ALack of change management documentation

BLack of secure coding practices

CLack of weekly production releases

DLack of user acceptance testing (UAT) sign off

Show Answer

Question: 3

During a software acquisition review, an IS auditor should recommend that there be a software escrow agreement when:

AThere is no service level agreement (SLA)

BThe product is new in the market

CThe estimated life for the product is less than 3 years

DThe deliverables do not include the source code

Show Answer

Question: 4

An emergency power-off switch should:

Anot be identified.

Bbe illuminated.

Cbe protected

Dnot be in the computer room

Show Answer

Question: 5

Which of the following is MOST important for an IS auditor to confirm when conducting a review of an active-active application cluster configuration?

AThe IT operations team maintains a version history of the cluster software.

BResults from recent user satisfaction surveys meet operational targets.

CThe cluster switches between active-active and active-passive configurations.

DThe cluster configuration includes adequate network bandwidth.

Show Answer

Isaca CISA Quiz:83 Topic:4 Questions:411-415