Free ISACA CISA Übungsprüfungen - Seite 46 von 55

Question #451

Which of the following should be an IS auditor’s GREATEST concern when reviewing an organization’s security controls for policy compliance?

A . Security policies are not applicable across all business units
B . End users are not required to acknowledge security policy training
C . The security policy has not been reviewed within the past year
D . Security policy documents are available on a public domain website

Lösung einblenden Lösung ausblenden

Question #452

To ensure confidentiality through the use of asymmetric encryption, a message is encrypted with which of the following?

A . Recipient’s public key
B . Sender’s private key
C . Sender’s public key
D . Recipient’s private key

Lösung einblenden Lösung ausblenden

Question #453

Which of the following is the BEST indicator that a third-party vendor adheres to the controls required by the organization?

A . Review of monthly performance reports submitted by the vendor
B . Certifications maintained by the vendor
C . Regular independent assessment of the vendor
D . Substantive log file review of the vendor’s system

Lösung einblenden Lösung ausblenden

Question #454

Which of the following is MOST helpful for understanding an organization’s key driver to modernize application platforms?

A . Vendor software inventories
B . Network architecture diagrams
C . System-wide incident reports
D . Inventory of end-of-life software

Lösung einblenden Lösung ausblenden

Question #455

An organization has developed mature risk management practices that are followed across all departments.

What is the MOST effective way for the audit team to leverage this risk management maturity?

A . Implementing risk responses on management’s behalf
B . Integrating the risk register for audit planning purposes
C . Providing assurances to management regarding risk
D . Facilitating audit risk identification and evaluation workshops

Lösung einblenden Lösung ausblenden

Question #456

Which of the following should an IS auditor consider the MOST significant risk associated with a new health records system that replaces a legacy system?

A . Staff were not involved in the procurement process, creating user resistance to the new system.
B . Data is not converted correctly, resulting in inaccurate patient records.
C . The deployment project experienced significant overruns, exceeding budget projections.
D . The new system has capacity issues, leading to slow response times for users.

Lösung einblenden Lösung ausblenden

Question #457

Which of the following poses the GREATEST risk to the use of active RFID tags?

A . Session hijacking
B . Eavesdropping
C . Piggybacking
D . Phishing attacks

Lösung einblenden Lösung ausblenden

Question #458

Which of the following is MOST important for an IS auditor to review when determining whether IT investments are providing value to tie business?

A . Return on investment (ROI)
B . Business strategy
C . Business cases
D . Total cost of ownership (TCO)

Lösung einblenden Lösung ausblenden

Richtige Antwort: B
B

Explanation:

The answer B is correct because the most important thing for an IS auditor to review when determining whether IT investments are providing value to the business is the business strategy. The business strategy is the plan or direction that guides the organization’s decisions and actions to achieve its goals and objectives. The business strategy defines the organization’s vision, mission, values, competitive advantage, target market, value proposition, and key performance indicators (KPIs).

IT investments are the expenditures or costs incurred by the organization to acquire, develop, maintain, or improve its IT assets, such as hardware, software, network, data, or services. IT investments can help the organization to support its business processes, operations, functions, and capabilities. IT investments can also help the organization to create or enhance its products, services, or solutions for its customers or stakeholders.

To determine whether IT investments are providing value to the business, an IS auditor needs to review how well the IT investments align with and contribute to the business strategy. Alignment means that the IT investments are consistent and compatible with the business strategy, and that they support and enable the achievement of the strategic goals and objectives. Contribution means that the IT investments are effective and efficient in delivering the expected outcomes and benefits for the business, and that they generate a positive return on investment (ROI) or value for money.

An IS auditor can use various methods or frameworks to review the alignment and contribution of IT investments to the business strategy, such as:

Balanced scorecard: A balanced scorecard is a tool that measures and monitors the performance of an organization across four perspectives: financial, customer, internal process, and learning and growth. A balanced scorecard can help an IS auditor to evaluate how well the IT investments support and improve each perspective of the organization’s performance, and how they link to the organization’s vision and strategy.

Value chain analysis: A value chain analysis is a tool that identifies and analyzes the primary and support activities that add value to an organization’s products or services. A value chain analysis can help an IS auditor to assess how well the IT investments enhance or optimize each activity of the value chain, and how they create or sustain a competitive advantage for the organization.

Business case analysis: A business case analysis is a tool that evaluates the feasibility, viability, and desirability of a proposed project or initiative. A business case analysis can help an IS auditor to examine how well the IT investments address a business problem or opportunity, how they deliver the expected benefits and outcomes for the stakeholders, and how they compare with alternative options or solutions.

The other options are not as important as option B. Return on investment (ROI) (option A) is a metric that measures the profitability or efficiency of an investment by comparing its benefits or returns with its costs or expenses. ROI can help an IS auditor to quantify the value of IT investments for the business, but it does not capture all aspects of value, such as quality, satisfaction, or impact. ROI also depends on how well the IT investments align with the business strategy in the first place. Business cases (option C) are documents that justify and support a proposed project or initiative by describing its objectives, scope, benefits, costs, risks, and alternatives. Business cases can help an IS auditor to understand the rationale and expectations for IT investments, but they do not guarantee that the IT investments will actually deliver the desired value for the business. Business cases also need to be aligned with the business strategy to ensure their relevance and validity. Total cost of ownership (TCO) (option D) is a metric that measures the total costs incurred by an organization to acquire, operate, maintain, and dispose of an IT asset over its life cycle. TCO can help an IS auditor to estimate the financial impact of IT investments for the business, but it does not reflect the benefits or outcomes of IT investments, nor does it indicate how well the IT investments support or enable the business strategy.

References:

IT Strategy: Aligning IT & Business Strategy

How To Measure The Value Of Your Technology Investments

IT Investment Management: A Framework for Assessing … – GAO

How To Align Your Technology Investments With Your Business Strategy

Question #459

Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?

A . Write access to production program libraries
B . Write access to development data libraries
C . Execute access to production program libraries
D . Execute access to development program libraries

Lösung einblenden Lösung ausblenden

Question #460

Which of the following should be the PRIMARY role of an internal audit function in the management of identified business risks?

A . Establishing a risk appetite
B . Establishing a risk management framework
C . Validating enterprise risk management (ERM)
D . Operating the risk management framework

Lösung einblenden Lösung ausblenden