CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 252
1. The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open-source software?
A) Rewrite the patches and apply them
B) Code review and application of available patches
C) Develop in-house patches
D) identify and test suitable patches before applying them
2. Which of the following processes should an IS auditor recommend to assist in the recording of baselines for software releases?
A) Change management
B) Backup and recovery
C) incident management
D) Configuration management
3. An IS auditor notes that patches for the operating system used by an organization are deployed by the IT department as advised by the vendor. The MOST significant concern an IS auditor should have with this practice is the nonconsideration by lT of:
A) the training needs for users after applying the patch.
B) any beneficial impact of the patch on the operational systems.
C) delaying deployment until testing the impact of the patch.
D) the necessity of advising end users of new patches.
4. In a small organization, developers may release emergency changes directly to production. Which of the following will BEST control the risk in this situation?
A) Approve and document the change the next business day
B) Limit developer access to production to a specific timeframe
C) Obtain secondary approval before releasing to production
D) Disable the compiler option in the production machine
5. Time constraints and expanded needs have been found by an IS auditor to be the root causes for recent violations of corporate data definition standards in a new business intelligence project.Which of the following is the MOST appropriate suggestion for an auditor to make?
A) Achieve standards alignment through an increase of resources devoted to the project
B) Align the data definition standards after completion of the project
C) Delay the project until compliance with standards can be achieved
D) Enforce standard compliance by adopting punitive measures against violators
A) Rewrite the patches and apply them
B) Code review and application of available patches
C) Develop in-house patches
D) identify and test suitable patches before applying them
2. Which of the following processes should an IS auditor recommend to assist in the recording of baselines for software releases?
A) Change management
B) Backup and recovery
C) incident management
D) Configuration management
3. An IS auditor notes that patches for the operating system used by an organization are deployed by the IT department as advised by the vendor. The MOST significant concern an IS auditor should have with this practice is the nonconsideration by lT of:
A) the training needs for users after applying the patch.
B) any beneficial impact of the patch on the operational systems.
C) delaying deployment until testing the impact of the patch.
D) the necessity of advising end users of new patches.
4. In a small organization, developers may release emergency changes directly to production. Which of the following will BEST control the risk in this situation?
A) Approve and document the change the next business day
B) Limit developer access to production to a specific timeframe
C) Obtain secondary approval before releasing to production
D) Disable the compiler option in the production machine
5. Time constraints and expanded needs have been found by an IS auditor to be the root causes for recent violations of corporate data definition standards in a new business intelligence project.Which of the following is the MOST appropriate suggestion for an auditor to make?
A) Achieve standards alignment through an increase of resources devoted to the project
B) Align the data definition standards after completion of the project
C) Delay the project until compliance with standards can be achieved
D) Enforce standard compliance by adopting punitive measures against violators
1. Right Answer: D
Explanation: Suitable patches from the existing developers should be selected and tested before applying them. Rewriting the patches and applying them is not a correct answer because it would require skilled resources and time to rewrite the patches. Code review could be possible but tests need to be performed before applying the patches. Since the system was developed outside the organization, the IT department may not have the necessary skills and resources to develop patches.
2. Right Answer: D
Explanation: The configuration management process may include automated tools that will provide an automated recording of software release baselines. Should the new release fail, the baseline will provide a point to which to return. The other choices do not provide the processes necessary for establishing software release baselines and are not related to software release baselines.
3. Right Answer: C
Explanation: Deploying patches without testing exposes an organization to the risk of system disruption or failure. Normally, there is no need for training or advising users when a new operating system patch has been installed. Any beneficial impact is less important than the risk of unavailability that could be avoided with proper testing.
4. Right Answer: A
Explanation: It may be appropriate to allow programmers to make emergency changes as long as they are documented and approved after the fact. Restricting release time frame may help somewhat; however, it would not apply to emergency changes and cannot prevent unauthorized release of the programs. Choices C and D are not relevant in an emergency situation.
5. Right Answer: A
Explanation: Provided that data architecture, technical, and operational requirements are sufficiently documented, the alignment to standards could be treated as a specific work package assigned to new project resources. The usage of nonstandard data definitions would lower the efficiency of the new development, and increase the risk of errors in critical business decisions. To change data definition standards after project conclusion (choice B) is risky and is not a viable solution. On the other hand, punishing the violators (choice D) or delaying the project (choice C) would be an inappropriate suggestion because of the likely damage to the entire project profitability.
Explanation: Suitable patches from the existing developers should be selected and tested before applying them. Rewriting the patches and applying them is not a correct answer because it would require skilled resources and time to rewrite the patches. Code review could be possible but tests need to be performed before applying the patches. Since the system was developed outside the organization, the IT department may not have the necessary skills and resources to develop patches.
2. Right Answer: D
Explanation: The configuration management process may include automated tools that will provide an automated recording of software release baselines. Should the new release fail, the baseline will provide a point to which to return. The other choices do not provide the processes necessary for establishing software release baselines and are not related to software release baselines.
3. Right Answer: C
Explanation: Deploying patches without testing exposes an organization to the risk of system disruption or failure. Normally, there is no need for training or advising users when a new operating system patch has been installed. Any beneficial impact is less important than the risk of unavailability that could be avoided with proper testing.
4. Right Answer: A
Explanation: It may be appropriate to allow programmers to make emergency changes as long as they are documented and approved after the fact. Restricting release time frame may help somewhat; however, it would not apply to emergency changes and cannot prevent unauthorized release of the programs. Choices C and D are not relevant in an emergency situation.
5. Right Answer: A
Explanation: Provided that data architecture, technical, and operational requirements are sufficiently documented, the alignment to standards could be treated as a specific work package assigned to new project resources. The usage of nonstandard data definitions would lower the efficiency of the new development, and increase the risk of errors in critical business decisions. To change data definition standards after project conclusion (choice B) is risky and is not a viable solution. On the other hand, punishing the violators (choice D) or delaying the project (choice C) would be an inappropriate suggestion because of the likely damage to the entire project profitability.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment