CISA Exam Prep Course | Post Session Activities

Session 2 Activities

Domain 3

Task 3.1 ABC Corporation has several competing IT initiatives that have been identified for 2016; however, several past projects have not delivered the desired value, while critical infrastructure changes have not been started. What would be the best method to outline critical infrastructure needed to meet ABC’s goals?

Task 3.2 You have been asked to evaluate IT supplier selection and contract management processes prior to ABC Corporation’s migration to cloud service providers, Infrastructure as a Service (IaaS). What are the most important criteria to be considered during the selection?

Task 3.3 ABC Corporation is preparing for a major ERP upgrade and related customized code development. You have been selected to perform an IS audit focused on program, project and software development processes. What is the most important element in evaluating the project management framework?

Task 3.4 The last ERP upgrade encountered significant delays and cost over runs, and the CIO and CFO have requested you to perform an audit of the upcoming ERP upgrade, paying special attention to the integration of the code between enterprises. What is the development approach designed to achieve easier and more effective integration of code modules within and between enterprises?

1

CISA Exam Prep Course | Post Session Activities

Task 3.5 You will provide interim reports and other documentation during critical phases within the project life cycle to allow the project team to respond to any significant findings that could pose a risk to the project’s success. What is documented in specifications and drawings describing the reference infrastructure that will be used by all projects downstream?

Task 3.6 The time has arrived for you to make a recommendation to management on whether the system is ready to go into live production. You will rely heavily on testing results to help you make your recommendation. What type of hardware or software test evaluates the connection of two or more components that pass information from one area to another?

Task 3.7 The audit has been challenging, but now the ERP upgrade project is completed. The new system is stabilized in production. It is time for you to complete the post implementation review. What is the most important task to address during the post implementation review?

Domain 4

Task 4.1 The audit committee has directed the internal audit team to determine if IT services are being managed to optimize value to the company. Your company is considering integration of IT service management (ITSM) for the management of IT services (people, process and information technology) to meet business needs. What features of ITSM could benefit the organization?

2

CISA Exam Prep Course | Post Session Activities

Task 4.2 During your audit, you have learned that the system architect is looking for recommendations related to EA implementation for fundamental underlying design of the IT components of the business, the relationships among them and the manner in which they support the enterprise’s objectives. What would a road map for an EA often be represented as?

Task 4.3 Recent failures in application and database backups have led to loss of business continuity system fail-over during system outages. During your audit, you have identified that changes were made to systems supporting the backup processes. Further investigations of the backup issues disclose that backup job scheduling conflicted with other running operations. What would be the BEST choice of controls to address this deficiency?

Task 4.4 During your IS audit you have found that critical patches are not being applied due to recent outages experienced from the automated patching processes. What is the most important aspect of patching that leads to system outages?

Task 4.5 While performing an IS audit of the ERP database and related data warehouse, you have identified the following findings:

o Duplication of data between data sets in the database and the warehouse. o Insecure data transfers (FTP) were used in many instances.

What would BEST address the data duplication issues? What is the most likely cause of the use of insecure data transfer?

3

CISA Exam Prep Course | Post Session Activities

Task 4.6 As you were evaluating the company’s ERP and interconnected systems, you identified that data is not available to support mission critical operations. Which phase of Data Management would address the availability issue?

Task 4.7 During the review of company audit logs, the IS auditor identified the following findings:

o Excel database ODBC functionality was being used to back-door the MS SQL databases. o On-going Metasploit attacks that were targeting external firewalls have not been

escalated for response. What is the best way to address Metasploit attacks?

Task 4.8 The ERP upgrades went very well; however, the subsequent bug fix and software patching has caused on-going system outages and data corruption. You have been asked to perform a management request audit to determine the root causes of the failures. As you begin the audit, where would be the best place to focus your attention?

Task 4.9 Your audit of the software development activities has identified that several end-user computing solutions interface with the ERP. These end-user computing applications are normally being saved to local hard drives and frequently are used for extended periods off-line from corporate networks. What policy for use of end-user computing should the IS auditor ensure is in place?

4

CISA Exam Prep Course | Post Session Activities

Task 4.10 Following the recent flooding events in surrounding states, ABC Corporation has requested an audit of its BCP/DRP plans and processes. What two elements should the DRP identify and seek to match up in the event of an incident or disaster?

5