exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam

Exam CISA topic 1 question 1310 discussion

Actual exam question from Isaca's CISA
Question #: 1310
Topic #: 1
[All CISA Questions]

An IS auditor noted a recent production incident in which a teller transaction system incorrectly charged fees to customers due to a defect from a recent release. Which of the following should be the auditor's NEXT step?

  • A. Evaluate developer training.
  • B. Evaluate secure code practices.
  • C. Evaluate the incident management process.
  • D. Evaluate the change management process.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
52cb16c
2 months, 1 week ago
Selected Answer: D
"Recently Featured Product" → Means there is a change in the system "Incident of incorrectly charging a fee" → Error occurs after the change, i.e. the change does not work as required
upvoted 1 times
...
Ehiso
5 months, 1 week ago
Selected Answer: D
Since the defect in the teller transaction system was caused by a recent release, it is likely tied to a change made in the system. The auditor should assess the change management process to determine if proper procedures were followed, such as: Were the changes thoroughly tested before being deployed to production? Did the change management process include adequate reviews, approvals, and documentation? Were the necessary rollback or mitigation procedures in place in case of an issue? By evaluating the change management process, the auditor can determine if weaknesses in th
upvoted 1 times
...
PurpleParrot
10 months, 3 weeks ago
Selected Answer: D
The defect originated from a recent release, suggesting that the issue is likely related to the change management process. Evaluating change management will help determine whether proper procedures were followed during the release and if the defect was introduced due to issues in planning, testing, or implementing the change.
upvoted 2 times
...
Sibsankar
1 year, 2 months ago
C is perfect
upvoted 2 times
...
Eruza89
1 year, 2 months ago
D for me. The auditor should review the change mgmt process to determine how this release was approved. It is likely that testing procedures were insufficient
upvoted 2 times
...
a84n
1 year, 2 months ago
Selected Answer: C
Answer: C evaluating the incident management process, is typically the more immediate and pressing concern following a production incident.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...