Home / Isaca / CISA

Question list

List of questions

Question 1

(0)

What would be an IS auditor's BEST recommendation upon finding that a third-party IT service provider hosts the organization's human resources (HR) system in a foreign country?

Question 2

(0)

Which of the following is the BEST way to enforce the principle of least privilege on a server containing data with different security classifications?

Question 3

(0)

The PRIMARY benefit of automating application testing is to:

Question 4

(0)

Which of the following BEST addresses the availability of an online store?

Question 5

(0)

Which of the following is the BEST way to prevent social engineering incidents?

Question 6

(0)

The PRIMARY purpose of a configuration management system is to:

Question 7

(0)

Which of the following is the MOST important consideration when evaluating the data retention policy for a global organization with regional offices in multiple countries?

Question 8

(0)

Which of the following BEST enables alignment of IT with business objectives?

Question 9

(0)

Which of the following are used in a firewall to protect the entity's internal resources?

Question 10

(0)

Which of the following would be MOST impacted if an IS auditor were to assist with the implementation of recommended control enhancements?

Question 1154 - CISA discussion

In a review of the organization standards and guidelines for IT management, which of the following should be included in an IS development methodology?

Value-added activity analysis

Risk management techniques

Access control rules

Incident management techniques

Suggested answer: B

Explanation:

Risk management techniques should be included in an IS development methodology. An IS development methodology is a set of guidelines, standards, and procedures that provide a structured and consistent approach to developing information systems.A good IS development methodology should cover all the phases of the system development life cycle (SDLC), from planning and analysis to design, implementation, testing, and maintenance1.

Risk management techniques are an essential part of an IS development methodology, as they help to identify, assess, prioritize, mitigate, monitor, and communicate the risks that may affect the success of the system development project.Risk management techniques can also help to ensure that the system meets the requirements and expectations of the stakeholders, complies with the relevant laws and regulations, and delivers value to the organization2.

The other options are not as relevant or appropriate as risk management techniques for an IS development methodology.Value-added activity analysis is a technique for evaluating the efficiency and effectiveness of business processes, but it is not specific to IS development3.Access control rules are policies and mechanisms for restricting or granting access to information systems and resources, but they are more related to security management than IS development4.Incident management techniques are methods for handling and resolving incidents that disrupt the normal operation of information systems and services, but they are more related to service management than IS development5.

ISACA, CISA Review Manual, 27th Edition, 2019, p.1911

ISACA, CISA Review Manual, 27th Edition, 2019, p.1942

Value-Added Activity Analysis3

Access Control Rules4

Incident Management Techniques5

Show Answer

asked 18/09/2024

Julio Callegaro

38 questions

Your answer: A B C D

0 comments

Sorted by