Free ISACA CISA Übungsprüfungen - Seite 9 von 55

Question #81

Which of the following is the MOST effective method of destroying sensitive data stored on electronic media?

A . Degaussing
B . Random character overwrite
C . Physical destruction
D . Low-level formatting

Question #82

The use of which of the following would BEST enhance a process improvement program?

A . Model-based design notations
B . Balanced scorecard
C . Capability maturity models
D . Project management methodologies

Richtige Antwort: C
C

Explanation:

Capability maturity models (CMMs) are frameworks that help organizations assess and improve their processes in various domains, such as software development, project management, service delivery, and cybersecurity1. CMMs define different levels of process maturity, from initial to optimized, and describe the characteristics and best practices of each level. By using CMMs, organizations can benchmark their current processes against a common standard, identify gaps and weaknesses, and implement improvement actions to achieve higher levels of process maturity2. CMMs can also help organizations align their processes with their strategic goals, measure their performance, and increase their efficiency, quality, and customer satisfaction3.

Therefore, the use of CMMs would best enhance a process improvement program, as they provide a systematic and structured approach to evaluate and improve processes based on proven principles and practices.

Option C is the correct answer.

Option A is not correct because model-based design notations are graphical or textual languages that help designers specify, visualize, and document the structure and behavior of systems4. While they can be useful for designing and communicating complex systems, they do not directly address the process improvement aspect of a program.

Option B is not correct because balanced scorecard is a strategic management tool that helps organizations translate their vision and mission into measurable objectives and indicators. While it can be useful for monitoring and evaluating the performance of a program, it does not provide specific guidance on how to improve processes.

Option D is not correct because project management methodologies are sets of principles and practices that help organizations plan, execute, and control projects. While they can be useful for managing the scope, schedule, cost, quality, and risk of a program, they do not focus on the process improvement aspect of a program.

References:

Guide to Process Maturity Models2

What is CMMI? A model for optimizing development processes1

Capability Maturity Model (CMM): A Definitive Guide3

Model-Based Design Notations4

Balanced Scorecard

Project Management Methodologies

Question #83

An organization has recently implemented a Voice-over IP (VoIP) communication system.

Which of the following should be the IS auditor’s PRIMARY concern?

A . A single point of failure for both voice and data communications
B . Inability to use virtual private networks (VPNs) for internal traffic
C . Lack of integration of voice and data communications
D . Voice quality degradation due to packet toss

Lösung einblenden Lösung ausblenden

Question #84

When auditing an organization’s software acquisition process the BEST way for an IS auditor to understand the software benefits to the organization would be to review the

A . feasibility study
B . business case
C . request for proposal (RFP)
D . alignment with IT strategy

Lösung einblenden Lösung ausblenden

Question #85

An IS auditor discovers a box of hard drives in a secured location that are overdue for physical destruction. The vendor responsible for this task was never made aware of these hard drives.

Which of the following is the BEST course of action to address this issue?

A . Examine the workflow to identify gaps in asset-handling responsibilities.
B . Escalate the finding to the asset owner for remediation.
C . Recommend the drives be sent to the vendor for destruction.
D . Evaluate the corporate asset-handling policy for potential gaps.

Lösung einblenden Lösung ausblenden

Question #86

When reviewing whether IT investments are meeting business objectives, which of the following evaluations would be MOST useful?

A . A break-even analysis
B . Realized return on investment (ROI) versus projected ROI
C . Budgeted spend versus actual spend
D . Actual return on investment (ROI) versus industry average ROI

Lösung einblenden Lösung ausblenden

Question #87

To develop meaningful recommendations ‚or findings, which of the following is MOST important ‚or an IS auditor to determine and understand?

A . Root cause
B . Responsible party
C . impact
D . Criteria

Lösung einblenden Lösung ausblenden

Question #88

Which of the following would be of GREATEST concern to an IS auditor reviewing the feasibility study for a new application system?

A . Security requirements have not been defined.
B . Conditions under which the system will operate are unclear.
C . The business case does not include well-defined strategic benefits.
D . System requirements and expectations have not been clarified.

Lösung einblenden Lösung ausblenden

Question #89

Which of the following should be used as the PRIMARY basis for prioritizing IT projects and initiatives?

A . Estimated cost and time
B . Level of risk reduction
C . Expected business value
D . Available resources

Lösung einblenden Lösung ausblenden

Question #90

Which of the following BEST indicates to an IS auditor that an organization handles emergency changes appropriately and transparently?

A . The application operations manual contains procedures to ensure emergency fixes do not compromise system integrity.
B . Special logon IDs are used to grant programmers permanent access to the production environment.
C . Change management controls are retroactively applied.
D . Emergency changes are applied to production libraries immediately.

Lösung einblenden Lösung ausblenden