QUESTION: 249

Which of the following MUST be completed as part of the annual audit planning process?

Fieldwork
Risk control matrix
Risk assessment
Business impact analysis (BIA)

Answer(s): C

Code changes are compiled and placed in a change folder by the developer. An implementation team migrates changes to production from the change folder.
Which of the following BEST indicates separation of duties is in place during the migration process?

A second individual performs code review before the change is released to production.
The implementation team does not have access to change the source code.
The implementation team does not have experience writing code.
The developer approves changes prior to moving them to the change folder.

Answer(s): B

Show Answer Next Question

QUESTION: 251

Management has decided to include a compliance manager in the approval process for a new business that may require changes to the IT infrastructure. Which of the following is the GREATEST benefit of this approach?

Process accountabilities to external stakeholders are improved.
Security breach incidents can be identified in early stages.
Regulatory risk exposures can be identified before they materialize.
Fewer reviews are needed when updating the IT compliance process.

Answer(s): C

Show Answer Next Question

QUESTION: 252

Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?

Ensure corrected program code is compiled in a dedicated server.
Ensure change management reports are independently reviewed.
Ensure programmers cannot access code after the completion of program edits.
Ensure the business signs off on end-to-end user acceptance test (UAT) results.

Answer(s): B

Show Answer Next Question

Free ISACA CISA Exam Braindumps (page: 64)

QUESTION: 249

QUESTION: 250

QUESTION: 251

QUESTION: 252

CISA Exam Discussions & Posts