Certified Information Systems Auditor Certification CISA Training Materials 2022

Eleanor2022-10-21T03:21:34+00:00

While studying for your Certified Information Systems Auditor (CISA) exam, you can have the CISA training materials of ITPrepare. Get the Certified Information Systems Auditor CISA exam dumps and start preparation. The CISA training materials of ITPrepare contain real dumps questions and answers from the syllabus of the Certified Information Systems Auditor (CISA) exam. These CISA exam questions and answers cover all the topics of the Certified Information Systems Auditor to help you understand the CISA exam with ease. If you learn all these ISACA CISA exam questions and answers, then you do not have to worry about your success in the CISA exam.

If want to check the CISA training materials, then you can read CISA free demo below:

Page 1 of 10

1. An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner.

Which of the following is the auditor's BEST recommendation?

Increase the capacity of existing systems.

Upgrade hardware to newer technology.

Hire temporary contract workers for the IT function.

Build a virtual environment.

2. During the discussion of a draft audit report. IT management provided suitable evidence fiat a process has been implemented for a control that had been concluded by the IS auditor as Ineffective.

Which of the following is the auditor's BEST action?

Explain to IT management that the new control will be evaluated during follow-up

Re-perform the audit before changing the conclusion.

Change the conclusion based on evidence provided by IT management.

Add comments about the action taken by IT management in the report.

3. During a follow-up audit, an IS auditor learns that some key management personnel have been replaced since the original audit, and current management has decided not to implement some previously accepted recommendations.

What is the auditor's BEST course of action?

Notify the chair of the audit committee.

Notify the audit manager.

Retest the control.

Close the audit finding.

4. Which of the following is MOST important to ensure when developing an effective security awareness program?

Training personnel are information security professionals.

Phishing exercises are conducted post-training.

Security threat scenarios are included in the program content.

Outcome metrics for the program are established.

5. During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:

Future compatibility of the application.

Proposed functionality of the application.

Controls incorporated into the system specifications.

Development methodology employed.

6. Which of the following should an IS auditor recommend as a PRIMARY area of focus when an organization decides to outsource technical support for its external customers?

Align service level agreements (SLAs) with current needs.

Monitor customer satisfaction with the change.

Minimize costs related to the third-party agreement.

Ensure right to audit is included within the contract.

7. Which of the following would BEST facilitate the successful implementation of an IT-related framework?

Aligning the framework to industry best practices

Establishing committees to support and oversee framework activities

Involving appropriate business representation within the framework

Documenting IT-related policies and procedures

8. Which of the following is the MOST important prerequisite for the protection of physical information assets in a data center?

Segregation of duties between staff ordering and staff receiving information assets

Complete and accurate list of information assets that have been deployed

Availability and testing of onsite backup generators

Knowledge of the IT staff regarding data protection requirements

9. During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:

allocation of resources during an emergency.

frequency of system testing.

differences in IS policies and procedures.

maintenance of hardware and software compatibility.

10. Which of the following is the BEST way to address segregation of duties issues in an organization with budget constraints?

Rotate job duties periodically.

Perform an independent audit.

Hire temporary staff.

Implement compensating controls.

Page 2 of 10

11. An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider.

Which of the following would be the BEST way to prevent accepting bad data?

Obtain error codes indicating failed data feeds.

Appoint data quality champions across the organization.

Purchase data cleansing tools from a reputable vendor.

Implement business rules to reject invalid data.

12. An IT balanced scorecard is the MOST effective means of monitoring:

governance of enterprise I

control effectiveness.

return on investment (ROI).

change management effectiveness.

13. IS management has recently disabled certain referential integrity controls in the database management system (DBMS) software to provide users increased query performance.

Which of the following controls will MOST effectively compensate for the lack of referential integrity?

More frequent data backups

Periodic table link checks

Concurrent access controls

Performance monitoring tools

14. An IS auditor who was instrumental in designing an application is called upon to review the application. The auditor should:

refuse the assignment to avoid conflict of interest.

use the knowledge of the application to carry out the audit.

inform audit management of the earlier involvement.

modify the scope of the audit.

15. Which of the following should an IS auditor be MOST concerned with during a post-implementation review?

The system does not have a maintenance plan.

The system contains several minor defects.

The system deployment was delayed by three weeks.

The system was over budget by 15%.

16. Which of the following BEST guards against the risk of attack by hackers?

Tunneling

Encryption

Message validation

Firewalls

17. Which of the following is MOST useful for determining whether the goals of IT are aligned with the organization's goals?

Balanced scorecard

Enterprise dashboard

Enterprise architecture (EA)

Key performance indicators (KPIs)

18. Which of the following MOST effectively minimizes downtime during system conversions?

Phased approach

Direct cutover

Pilot study

Parallel run

19. Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization's information security policy?

Alignment with the IT tactical plan

IT steering committee minutes

Compliance with industry best practice

Business objectives

20. The PRIMARY advantage of object-oriented technology is enhanced:

efficiency due to the re-use of elements of logic.

management of sequential program execution for data access.

grouping of objects into methods for data access.

management of a restricted variety of data types for a data object.

Page 3 of 10

21. Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?

File level encryption

File Transfer Protocol (FTP)

Instant messaging policy

Application level firewalls

22. Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?

Walk-through reviews

Substantive testing

Compliance testing

Design documentation reviews

23. A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization.

Which of the following is MOST effective in detecting such an intrusion?

Periodically reviewing log files

Configuring the router as a firewall

Using smart cards with one-time passwords

Installing biometrics-based authentication

24. In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to never expire.

Which of the following recommendations would BEST address the risk with minimal disruption to the business?

Modify applications to no longer require direct access to the database.

Introduce database access monitoring into the environment

Modify the access management policy to make allowances for application accounts.

Schedule downtime to implement password changes.

25. Which of the following is the BEST method to safeguard data on an organization's laptop computers?

Disabled USB ports

Full disk encryption

Biometric access control

Two-factor authentication

26. To confirm integrity for a hashed message, the receiver should use:

the same hashing algorithm as the sender's to create a binary image of the file.

a different hashing algorithm from the sender's to create a binary image of the file.

the same hashing algorithm as the sender's to create a numerical representation of the file.

a different hashing algorithm from the sender's to create a numerical representation of the file.

27. During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period.

Which of the following is the auditor's MOST important course of action?

Document the finding and present it to management.

Determine if a root cause analysis was conducted.

Confirm the resolution time of the incidents.

Validate whether all incidents have been actioned.

28. From an IS auditor's perspective, which of the following would be the GREATEST risk associated with an incomplete inventory of deployed software in an organization?

Inability to close unused ports on critical servers

Inability to identify unused licenses within the organization

Inability to deploy updated security patches

Inability to determine the cost of deployed software

29. When an intrusion into an organization network is deleted, which of the following should be done FIRST?

Block all compromised network nodes.

Contact law enforcement.

Notify senior management.

Identity nodes that have been compromised.

30. 1.Which of the following fire suppression systems needs to be combined with an automatic switch to shut down the electricity supply in the event of activation?

Carbon dioxide

FM-200

Dry pipe

Halon

Page 4 of 10

31. An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes.

Which of the following recommendations would BEST help to reduce the risk of data leakage?

Requiring policy acknowledgment and nondisclosure agreements (NDAs) signed by employees

Establishing strong access controls on confidential data

Providing education and guidelines to employees on use of social networking sites

Monitoring employees' social networking usage

32. Which of the following tests would provide the BEST assurance that a health care organization is handling patient data appropriately?

Compliance with action plans resulting from recent audits

Compliance with local laws and regulations

Compliance with industry standards and best practice

Compliance with the organization's policies and procedures

33. Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:

business impact analysis (BIA).

threat and risk assessment.

business continuity plan (BCP).

disaster recovery plan (DRP).

34. Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?

Frequent testing of backups

Annual walk-through testing

Periodic risk assessment

Full operational test

35. Which of the following is a social engineering attack method?

An unauthorized person attempts to gam access to secure premises by following an authonzed person through a secure door.

An employee is induced to reveal confidential IP addresses and passwords by answering questions over the phone.

A hacker walks around an office building using scanning tools to search for a wireless network to gain access.

An intruder eavesdrops and collects sensitive information flowing through the network and sells it to third parties.

36. An organization conducted an exercise to test the security awareness level of users by sending an email offering a cash reward 10 those who click on a link embedded in the body of the email.

Which of the following metrics BEST indicates the effectiveness of awareness training?

The number of users deleting the email without reporting because it is a phishing email

The number of users clicking on the link to learn more about the sender of the email

The number of users forwarding the email to their business unit managers

The number of users reporting receipt of the email to the information security team

37. When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:

the Internet.

the demilitarized zone (DMZ).

the organization's web server.

the organization's network.

38. Management is concerned about sensitive information being intentionally or unintentionally emailed as attachments outside the organization by employees.

What is the MOST important task before implementing any associated email controls?

Require all employees to sign nondisclosure agreements (NDAs).

Develop an acceptable use policy for end-user computing (EUC).

Develop an information classification scheme.

Provide notification to employees about possible email monitoring.

39. Which audit approach is MOST helpful in optimizing the use of IS audit resources?

Agile auditing

Continuous auditing

Outsourced auditing

Risk-based auditing

40. In a small IT web development company where developers must have write access to production, the BEST recommendation of an IS auditor would be to:

hire another person to perform migration to production.

implement continuous monitoring controls.

remove production access from the developers.

perform a user access review for the development team

Page 5 of 10

41. Which of the following data would be used when performing a business impact analysis (BIA)?

Projected impact of current business on future business

Cost-benefit analysis of running the current business

Cost of regulatory compliance

Expected costs for recovering the business

42. During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST

perform a business impact analysis (BIA).

issue an intermediate report to management.

evaluate the impact on current disaster recovery capability.

conduct additional compliance testing.

43. What should be the PRIMARY basis for selecting which IS audits to perform in the coming year?

Senior management's request

Prior year's audit findings

Organizational risk assessment

Previous audit coverage and scope

44. Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?

Write access to production program libraries

Write access to development data libraries

Execute access to production program libraries

Execute access to development program libraries

45. Which of the following is MOST important with regard to an application development acceptance test?

The programming team is involved in the testing process.

All data files are tested for valid information before conversion.

User management approves the test design before the test is started.

The quality assurance (QA) team is in charge of the testing process.

46. Which of the following would be to MOST concern when determine if information assets are adequately safequately safeguarded during transport and disposal?

Lack of appropriate labelling

Lack of recent awareness training.

Lack of password protection

Lack of appropriate data classification

47. While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function.

In order to resolve the situation, the IS auditor's BEST course of action would be to:

re-prioritize the original issue as high risk and escalate to senior management.

schedule a follow-up audit in the next audit cycle.

postpone follow-up activities and escalate the alternative controls to senior audit management.

determine whether the alternative controls sufficiently mitigate the risk.

48. An organization's enterprise architecture (EA) department decides to change a legacy system's components while maintaining its original functionality.

Which of the following is MOST important for an IS auditor to understand when reviewing this decision?

The current business capabilities delivered by the legacy system

The proposed network topology to be used by the redesigned system

The data flows between the components to be used by the redesigned system

The database entity relationships within the legacy system

49. Which of the following is the BEST source of information for assessing the effectiveness of IT process monitoring?

Real-time audit software

Performance data

Quality assurance (QA) reviews

Participative management techniques

50. During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization.

Which of the following should be recommended as the PRIMARY factor to determine system criticality?

Key performance indicators (KPIs)

Maximum allowable downtime (MAD)

Recovery point objective (RPO)

Mean time to restore (MTTR)

Page 6 of 10

51. Which of the following BEST indicates the effectiveness of an organization's risk management program?

Inherent risk is eliminated.

Residual risk is minimized.

Control risk is minimized.

Overall risk is quantified.

52. Which of the following is the BEST data integrity check?

Counting the transactions processed per day

Performing a sequence check

Tracing data back to the point of origin

Preparing and running test data

53. An IS auditor will be testing accounts payable controls by performing data analytics on the entire population of transactions.

Which of the following is MOST important for the auditor to confirm when sourcing the population data?

The data is taken directly from the system.

There is no privacy information in the data.

The data can be obtained in a timely manner.

The data analysis tools have been recently updated.

54. Which of the following is the BEST way to determine whether a test of a disaster recovery plan (DRP) was successful?

Analyze whether predetermined test objectives were met.

Perform testing at the backup data center.

Evaluate participation by key personnel.

Test offsite backup files.

55. An IS auditor notes the transaction processing times in an order processing system have significantly increased after a major release.

Which of the following should the IS auditor review FIRST?

Capacity management plan

Training plans

Database conversion results

Stress testing results

56. Which of the following would be an IS auditor's GREATEST concern when reviewing the early stages of a software development project?

The lack of technical documentation to support the program code

The lack of completion of all requirements at the end of each sprint

The lack of acceptance criteria behind user requirements.

The lack of a detailed unit and system test plan

57. Which of the following should be done FIRST when planning a penetration test?

Execute nondisclosure agreements (NDAs).

Determine reporting requirements for vulnerabilities.

Define the testing scope.

Obtain management consent for the testing.

58. An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available.

What should the auditor recommend be done FIRST?

Implement a new system that can be patched.

Implement additional firewalls to protect the system.

Decommission the server.

Evaluate the associated risk.

59. An online retailer is receiving customer complaints about receiving different items from what they ordered on the organization's website. The root cause has been traced to poor data quality. Despite efforts to clean erroneous data from the system, multiple data quality issues continue to occur.

Which of the following recommendations would be the BEST way to reduce the likelihood of future occurrences?

Assign responsibility for improving data quality.

Invest in additional employee training for data entry.

Outsource data cleansing activities to reliable third parties.

Implement business rules to validate employee data entry.

60. The implementation of an IT governance framework requires that the board of directors of an organization:

Address technical IT issues.

Be informed of all IT initiatives.

Have an IT strategy committee.

Approve the IT strategy.

Page 7 of 10

61. When determining whether a project in the design phase will meet organizational objectives, what is BEST to compare against the business case?

Implementation plan

Project budget provisions

Requirements analysis

Project plan

62. When auditing the security architecture of an online application, an IS auditor should FIRST review the:

firewall standards.

configuration of the firewall

firmware version of the firewall

location of the firewall within the network

63. Which of the following documents would be MOST useful in detecting a weakness in segregation of duties?

System flowchart

Data flow diagram

Process flowchart

Entity-relationship diagram

64. Which of the following is the MOST effective control to mitigate unintentional misuse of authorized access?

Annual sign-off of acceptable use policy

Regular monitoring of user access logs

Security awareness training

Formalized disciplinary action

65. Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?

Assurance that the new system meets functional requirements

More time for users to complete training for the new system

Significant cost savings over other system implemental or approaches

Assurance that the new system meets performance requirements

66. During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures.

The auditor's NEXT step should be to:

note the noncompliance in the audit working papers.

issue an audit memorandum identifying the noncompliance.

include the noncompliance in the audit report.

determine why the procedures were not followed.

67. An IS auditor is reviewing an organization's information asset management process.

Which of the following would be of GREATEST concern to the auditor?

The process does not require specifying the physical locations of assets.

Process ownership has not been established.

The process does not include asset review.

Identification of asset value is not included in the process.

68. An IS auditor notes that several employees are spending an excessive amount of time using social media sites for personal reasons.

Which of the following should the auditor recommend be performed FIRST?

Implement a process to actively monitor postings on social networking sites.

Adjust budget for network usage to include social media usage.

Use data loss prevention (DLP) tools on endpoints.

implement policies addressing acceptable usage of social media during working hours.

69. One benefit of return on investment (ROI) analysts in IT decision making is that it provides the:

basis for allocating indirect costs.

cost of replacing equipment.

estimated cost of ownership.

basis for allocating financial resources.

70. Which of the following demonstrates the use of data analytics for a loan origination process?

Evaluating whether loan records are included in the batch file and are validated by the servicing system

Comparing a population of loans input in the origination system to loans booked on the servicing system

Validating whether reconciliations between the two systems are performed and discrepancies are investigated

Reviewing error handling controls to notify appropriate personnel in the event of a transmission failure

Page 8 of 10

71. Prior to a follow-up engagement, an IS auditor learns that management has decided to accept a level of residual risk related to an audit finding without remediation. The IS auditor is concerned about management's decision.

Which of the following should be the IS auditor's NEXT course of action?

Accept management's decision and continue the follow-up.

Report the issue to IS audit management.

Report the disagreement to the board.

Present the issue to executive management.

72. An IS auditor is examining a front-end subledger and a main ledger.

Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?

Double-posting of a single journal entry

Inability to support new business transactions

Unauthorized alteration of account attributes

Inaccuracy of financial reporting

73. Which of the following strategies BEST optimizes data storage without compromising data retention practices?

Limiting the size of file attachments being sent via email

Automatically deleting emails older than one year

Moving emails to a virtual email vault after 30 days

Allowing employees to store large emails on flash drives

74. Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported.

Which of the following is the IS auditor's BEST recommendation?

Ensure corrected program code is compiled in a dedicated server.

Ensure change management reports are independently reviewed.

Ensure programmers cannot access code after the completion of program edits.

Ensure the business signs off on end-to-end user acceptance test (UAT) results.

75. Which of the following is the PRIMARY reason for an IS auditor to conduct post-implementation reviews?

To determine whether project objectives in the business case have been achieved

To ensure key stakeholder sign-off has been obtained

To align project objectives with business needs

To document lessons learned to improve future project delivery

76. A proper audit trail of changes to server start-up procedures would include evidence of:

subsystem structure.

program execution.

security control options.

operator overrides.

77. Which of the following should be the PRIMARY basis for prioritizing follow-up audits?

Audit cycle defined in the audit plan

Complexity of management's action plans

Recommendation from executive management

Residual risk from the findings of previous audits

78. Cross-site scripting (XSS) attacks are BEST prevented through:

application firewall policy settings.

a three-tier web architecture.

secure coding practices.

use of common industry frameworks.

79. Which of the following attack techniques will succeed because of an inherent security weakness in an Internet firewall?

Phishing

Using a dictionary attack of encrypted passwords

Intercepting packets and viewing passwords

Flooding the site with an excessive number of packets

80. Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?

Assignment of responsibility for each project to an IT team member

Adherence to best practice and industry approved methodologies

Controls to minimize risk and maximize value for the IT portfolio

Frequency of meetings where the business discusses the IT portfolio

Page 9 of 10

81. What is the BEST control to address SQL injection vulnerabilities?

Unicode translation

Secure Sockets Layer (SSL) encryption

Input validation

Digital signatures

82. Which of the following is the BEST way to mitigate the impact of ransomware attacks?

Invoking the disaster recovery plan (DRP)

Backing up data frequently

Paying the ransom

Requiring password changes for administrative accounts

83. Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?

Portfolio management

Business plans

Business processes

IT strategic plans

84. Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?

Business interruption due to remediation

IT budgeting constraints

Availability of responsible IT personnel

Risk rating of original findings

85. Which of the following is MOST important for an effective control self-assessment (CSA) program?

Determining the scope of the assessment

Performing detailed test procedures

Evaluating changes to the risk environment

Understanding the business process

86. When evaluating the design of controls related to network monitoring, which of the following is MOST important for an IS auditor to review?

Incident monitoring togs

The ISP service level agreement

Reports of network traffic analysis

Network topology diagrams

87. Which of the following is the PRIMARY concern when negotiating a contract for a hot site?

Availability of the site in the event of multiple disaster declarations

Coordination with the site staff in the event of multiple disaster declarations

Reciprocal agreements with other organizations

Complete testing of the recovery plan

88. An IS auditor discovers that validation controls m a web application have been moved from the server side into the browser to boost performance.

This would MOST likely increase the risk of a successful attack by.

phishing.

denial of service (DoS)

structured query language (SQL) injection

buffer overflow

89. Which of the following is MOST important to ensure when planning a black box penetration test?

The management of the client organization is aware of the testing.

The test results will be documented and communicated to management.

The environment and penetration test scope have been determined.

Diagrams of the organization's network architecture are available.

90. An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format.

Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?

Data masking

Data tokenization

Data encryption

Data abstraction

Page 10 of 10

91. During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?

Rollback strategy

Test cases

Post-implementation review objectives

Business case

92. Which of the following is the BEST detective control for a job scheduling process involving data transmission?

Metrics denoting the volume of monthly job failures are reported and reviewed by senior management.

Jobs are scheduled to be completed daily and data is transmitted using a Secure File Transfer Protocol (SFTP).

Jobs are scheduled and a log of this activity is retained for subsequent review.

Job failure alerts are automatically generated and routed to support personnel.

93. Which of the following will be the MOST effective method to verify that a service vendor keeps control levels as required by the client?

Conduct periodic on-site assessments using agreed-upon criteria.

Periodically review the service level agreement (SLA) with the vendor.

Conduct an unannounced vulnerability assessment of vendor's IT systems.

Obtain evidence of the vendor's control self-assessment (CSA).

94. Which of the following is MOST important for an IS auditor to examine when reviewing an organization's privacy policy?

Whether there is explicit permission from regulators to collect personal data

The organization's legitimate purpose for collecting personal data

Whether sharing of personal information with third-party service providers is prohibited

The encryption mechanism selected by the organization for protecting personal data

95. An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system. End users indicated concerns with the accuracy of critical automatic calculations made by the system.

The auditor's FIRST course of action should be to:

review recent changes to the system.

verify completeness of user acceptance testing (UAT).

verify results to determine validity of user concerns.

review initial business requirements.

96. An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged.

The IS auditor's FIRST action should be to:

recommend that the option to directly modify the database be removed immediately.

recommend that the system require two persons to be involved in modifying the database.

determine whether the log of changes to the tables is backed up.

determine whether the audit trail is secured and reviewed.

97. Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?

The IS auditor provided consulting advice concerning application system best practices.

The IS auditor participated as a member of the application system project team, but did not have operational responsibilities.

The IS auditor designed an embedded audit module exclusively for auditing the application system.

The IS auditor implemented a specific control during the development of the application system.

98. Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?

Encryption of the spreadsheet

Version history

Formulas within macros

Reconciliation of key calculations

99. A system development project is experiencing delays due to ongoing staff shortages.

Which of the following strategies would provide the GREATEST assurance of system quality at implementation?

Implement overtime pay and bonuses for all development staff.

Utilize new system development tools to improve productivity.

Recruit IS staff to expedite system development.

Deliver only the core functionality on the initial target date.

100. The PRIMARY benefit lo using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:

is more effective at suppressing flames.

allows more time to abort release of the suppressant.

has a decreased risk of leakage.

disperses dry chemical suppressants exclusively.

Certified Information Systems Auditor Certification CISA Training Materials 2022