Explanation
Understanding the specific agile methodology that will be followed is the first step that an IS auditor should do to ensure the effectiveness of the project audit. An IS auditor should familiarize themselves with the agile approach, principles, practices, and tools that will be used by the project team, as well as the roles and responsibilities of the project stakeholders. This will help the IS auditor to identify and assess the relevant risks and controls for the project audit. The other options are not the first steps that an IS auditor should do, but rather possible subsequent actions that may depend on the specific agile methodology. References:
CISA Review Manual (Digital Version), Chapter 4, Section 4.3.21
CISA Review Questions, Answers & Explanations Database, Question ID 211

Section: Governance and Management of IT

An IS auditor must identify the assets, look for vulnerabilities, and then identify the threats and the likelihood of occurrence. Choices A, B and D should be discussed with the CIO, and a report should be delivered to the CEO. The report should include the findings along with priorities and costs.

Section: Protection of Information Assets
Explanation:
ISPs can use access control lists to implement inbound traffic filtering as a control to identify IP packets
transmitted from unauthorized sources.