- (Topic 4)
Which of the following is MOST effective for controlling visitor access to a data center?
Correct Answer:
A
The most effective way for controlling visitor access to a data center is to ensure that visitors are escorted by an authorized employee, as this prevents unauthorized or malicious actions by the visitors and provides accountability and supervision. Pre- approval of entry requests, visitors signing in at the front desk upon arrival, and closed- circuit television (CCTV) are also useful measures, but they are not as effective as escorting visitors, as they do not prevent or detect unauthorized or malicious actions by the visitors in real time. References: CISA Review Manual (Digital Version), Chapter 5: Protection of Information Assets, Section 5.1: Physical Access Controls1
- (Topic 1)
Which of the following should an IS auditor recommend as a PRIMARY area of focus when an organization decides to outsource technical support for its external customers?
Correct Answer:
A
The primary area of focus when an organization decides to outsource technical support for its external customers is to align service level agreements (SLAs) with current needs. SLAs are contracts that define the scope, quality, and expectations of the services provided by the vendor, as well as the remedies or penalties for non-compliance. SLAs are essential for ensuring that the outsourced technical support meets the customer’s requirements and satisfaction, as well as the organization’s objectives and standards. By aligning SLAs with current needs, the organization can specify the key performance indicators (KPIs), metrics, and targets that reflect the desired outcomes and value of the technical support. This can also help to monitor and evaluate the vendor’s performance, identify gaps or issues, and implement corrective actions or improvements.
References:
✑ Service Level Agreement (SLA) Examples and Template
✑ What is an SLA? Best practices for service-level agreements
- (Topic 3)
Which of the following is MOST important for an IS auditor to look for in a project feasibility study?
Correct Answer:
C
The most important thing for an IS auditor to look for in a project feasibility study is an assessment of whether the expected benefits can be achieved. A project feasibility study is a preliminary analysis that evaluates the viability and suitability of a proposed project based on various criteria, such as technical, economic, legal, operational, and social factors. The expected benefits are the positive outcomes and value that the project aims to deliver to the organization and its stakeholders. The IS auditor should verify whether the project feasibility study has clearly defined and quantified the expected benefits, and whether it has assessed the likelihood and feasibility of achieving them within the project scope, budget, schedule, and quality parameters. The other options are also important for an IS auditor to look for in a project feasibility study, but not as important as an assessment of whether the expected benefits can be achieved, because they either focus on specific aspects of the project rather than the overall value proposition, or they assume that the project will be implemented rather than evaluating its viability. References:
CISA Review Manual (Digital Version)1, Chapter 4, Section 4.2.1
- (Topic 4)
An IS auditor is evaluating the progress of a web-based customer service application development project. Which of the following would be MOST helpful for this evaluation?
Correct Answer:
A
A backlog consumption report is a report that shows the amount of work that has been completed and the amount of work that remains to be done in a project. It is a useful tool for measuring the progress and performance of a web-based customer service application development project, as it can indicate whether the project is on track, ahead or behind schedule, and how much effort is required to finish the project. A backlog consumption report can also help identify any issues or risks that may affect the project delivery. Critical path analysis reports, developer status reports and change management logs are also helpful for evaluating a project, but they are not as helpful as a backlog consumption report, as they do not provide a clear picture of the overall project status and completion rate. References:
✑ : [Backlog Consumption Report Definition]
✑ : Backlog Consumption Report | ISACA
- (Topic 4)
Which of the following is MOST important for an IS auditor to verify when evaluating an organization's data conversion and infrastructure migration plan?
Correct Answer:
B
The most important thing for an IS auditor to verify when evaluating an organization’s data conversion and infrastructure migration plan is that a rollback plan is included. A rollback plan is a contingency plan that describes the steps and actions to be taken in case the data conversion or infrastructure migration fails or causes unacceptable problems or risks. A rollback plan can help to restore the original data and infrastructure, minimize the impact on the business operations and functions, and ensure the continuity and availability of the IT services. The IS auditor should verify that the rollback plan is feasible, tested, documented, and approved, and that it covers all the possible scenarios and outcomes of the data conversion or infrastructure migration. The other options are not as important as verifying the rollback plan, because they either do not address the potential failure or disruption of the data conversion or infrastructure migration, or they are part of the normal planning and execution process rather than a contingency plan. References: CISA Review Manual (Digital Version)1, Chapter 4, Section 4.2.3