CISA Online Practice Questions

Explanation:
Due professional care is the obligation of an IS auditor to exercise the appropriate level of skill, competence, and diligence in performing an audit. It also requires the IS auditor to comply with the relevant standards, guidelines, and ethical principles of the profession. Completing an engagement by email only may compromise due professional care, as it may limit the IS auditor’s ability to obtain sufficient and appropriate evidence, to communicate effectively with the auditee and other stakeholders, and to perform adequate quality assurance and review procedures. The other options are not as relevant as due professional care, as they relate to specific aspects of an audit, such as proficiency (the knowledge and skills of the IS auditor), sufficient evidence (the quantity and quality of the audit evidence), and reporting (the presentation and communication of the audit results).
References: CISA Review Manual (Digital Version), Domain 1: The Process of Auditing Information Systems, Section 1.2 ISACA IT Audit and Assurance Standards

Explanation:
A SQL injection attack is a type of attack that targets security vulnerabilities in web applications to gain access to data sets. A SQL injection attack exploits a flaw in the web application code that allows an attacker to inject malicious SQL statements into the input fields or parameters of the web application. These SQL statements can then execute on the underlying database server and manipulate or retrieve sensitive data from the database. A SQL injection attack can result in data theft, data corruption, unauthorized access, denial of service or even complete takeover of the database server. A denial of service (DOS) attack is a type of attack that aims to disrupt the availability or functionality of a web application or a network service by overwhelming it with excessive requests or traffic. A phishing attack is a type of attack that uses deceptive emails or websites to trick users into revealing their personal or financial information or credentials. A rootkit is a type of malware that hides itself from detection and grants unauthorized access or control over a compromised system.
References: IS Audit and Assurance Tools and Techniques, CISA Certification | Certified Information Systems Auditor | ISACA

Explanation:
This is because audit trails are records of system activity and user actions that can provide evidence of the validity and integrity of transactions and data in a financial application system. Audit trails can help to ensure compliance with laws, regulations, policies, and standards, as well as to detect and prevent fraud, errors, or misuse of information. Audit trails can also facilitate auditing, monitoring, and evaluation of the financial application system’s performance and controls1.
The application should meet the organization’s requirements (A) is not the best answer, because it is a general and obvious criterion that applies to any application system acquisition, not a specific and important recommendation for a financial application system. The organization’s requirements should be clearly defined and documented in the RFP, but they may not necessarily include audit trails as a design feature.
Potential suppliers should have experience in the relevant area © is not the best answer, because it is a factor that affects the selection of the supplier, not the design of the financial application system. The experience and reputation of potential suppliers should be evaluated and verified during the RFP process, but they may not guarantee that the supplier will include audit trails in the design.
Vendor employee background checks should be conducted regularly (D) is not the best answer, because it is a measure that affects the security and trustworthiness of the vendor, not the design of the financial application system. Vendor employee background checks should be performed as part of the vendor management and due diligence process, but they may not ensure that the vendor will include audit trails in the design.