Free Access ISACA.CISA.v2026-02-11.q999 Practice Test (Page 87)

Question 426

Which of the following should be of GREATEST concern to an |$ auditor reviewing data conversion and migration during the implementation of a new application system?

A.The change management process was not formally documented

B.Backups of the old system and data are not available online

C.Unauthorized data modifications occurred during conversion,

D.Data conversion was performed using manual processes

Question 427

Which of the following is the BEST indication to an IS auditor that management's post- implementation review was effective?

A.Business and IT stakeholders participated in the post-implementation review.

B.Post-implementation review is a formal phase in the system development life cycle (SDLC).

C.Internal audit follow-up was completed without any findings.

D.Lessons learned were documented and applied.

Question 428

If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, what should the auditor do? Choose the BEST answer.

A.Lack of IT documentation is not usually material to the controls tested in an IT audit.

B.The auditor should at least document the informal standards and policies. Furthermore, the IS auditor should create formal documented policies to be implemented.

C.The auditor should at least document the informal standards and policies, and test for compliance. Furthermore, the IS auditor should recommend to management that formal documented policies be developed and implemented.

D.The auditor should at least document the informal standards and policies, and test for compliance. Furthermore, the IS auditor should create formal documented policies to be implemented.

Question 429

Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?

A.User management coordination does not exist.

B.Specific user accountability cannot be established.

C.Unauthorized users may have access to originate, modify or delete data.

D.Audit recommendations may not be implemented.

Question 430

A manager identifies active privileged accounts belonging to staff who have left the organization. Which of the following is the threat actor In this scenario?

A.Deleted log data

B.Unauthorized access

C.Terminated staff

D.Hacktivists

Other Version: 6307ISACA.CISA.v2026-01-26.q999; 9878ISACA.CISA.v2025-05-24.q773; 3498ISACA.CISA.v2024-10-22.q310; 7980ISACA.CISA.v2023-10-02.q715; 4908ISACA.CISA.v2023-03-29.q119; 3761ISACA.CISA.v2023-02-09.q181; 2325ISACA.CISA.v2023-02-06.q107; 3854ISACA.CISA.v2022-08-28.q129; 5318ISACA.CISA.v2022-02-25.q148; 130ISACA.Actualtestpdf.CISA.v2021-11-13.by.sarah.721q.pdf; 6996ISACA.CISA.v2021-11-11.q194; 10503ISACA.CISA.v2021-10-08.q198; 11567ISACA.CISA.v2021-09-28.q199; 13811ISACA.CISA.v2021-09-11.q201

Latest Upload: 289PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 425Nokia.4A0-113.v2026-05-01.q69; 453EC-COUNCIL.312-49v11.v2026-04-30.q214; 427Microsoft.MB-820.v2026-04-30.q101; 287Salesforce.MC-202.v2026-04-30.q57; 337BICSI.INSTC_V8.v2026-04-29.q53; 473NMLS.MLO.v2026-04-28.q82; 304NCARB.Project-Management.v2026-04-28.q27; 565EMC.D-AV-DY-23.v2026-04-27.q184; 1428ServiceNow.CSA.v2026-04-27.q483

Question 426

Question 427

Question 428

Question 429

Question 430

Download PDF File