CISA Royal Pack Testengine pdf
100% Actual & Verified — 100% PASS
Unlimited access to the world's largest Dumps library! Try it Free Today!https://www.exambible.com/CISA-exam/
Exam Number/Code: CISA
Exam name: Isaca CISA
n questions with full explanations
Certification: Isaca Certification
Last updated on Global synchronizing
Exam Code: CISA (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Isaca CISA
Certification Provider: Isaca
Free Today! Guaranteed Training- Pass CISA Exam.
Q241. - (Topic 2)
Which of the following is an advantage of an integrated test facility (ITF)?
A. It uses actual master files or dummies and the IS auditor does not have to review the source of the transaction.
B. Periodic testing does not require separate test processes.
C. It validates application systems and tests the ongoing operation of the system.
D. The need to prepare test data is eliminated.
An integrated test facility creates a fictitious entity in the database to process test transactions simultaneously with live input. Its advantage is that periodic testing does not require separate test processes. However, careful planning is necessary, and test data must be isolated from production data.
Q242. - (Topic 4)
Functionality is a characteristic associated with evaluating the quality of software products throughout their life cycle, and is BEST described as the set of attributes that bear on the:
A. existence of a set of functions and their specified properties.
B. ability of the software to be transferred from one environment to another.
C. capability of software to maintain its level of performance under stated conditions.
D. relationship between the performance of the software and the amount of resources used.
Functionality is the set of attributes that bears on the existence of a set of functions and their specified properties. The functions are those that satisfy stated or implied needs. Choice B refers to portability, choice C refers to reliability andchoice D refers to efficiency.
Q243. - (Topic 1)
What often results in project scope creep when functional requirements are not defined as well as they could be?
A. Inadequate software baselining
B. Insufficient strategic planning
C. Inaccurate resource allocation
D. Project delays
Explanation: Inadequate software baselining often results in project scope creep because functional requirements are not defined as well as they could be.
Q244. - (Topic 1)
Which of the following is a data validation edit and control?
A. Hash totals
B. Reasonableness checks
C. Online access controls
D. Before and after image reporting
A reasonableness check is a data validation edit and control, used to ensure that data conforms to predetermined criteriA.
Q245. - (Topic 2)
An IS auditor is assigned to perform a postimplementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor:
A. implemented a specific control during the development of the application system.
B. designed an embedded audit module exclusively for auditing the application system.
C. participated as a member of the application system project team, but did not have operational responsibilities.
D. provided consulting advice concerning application system best practices.
Independence may be impaired if an IS auditor is, or has been, actively involved in the development, acquisition and implementation of the application system. Choices B and C are situations that do not impair an IS auditor's independence. Choice D isincorrect because an IS auditor's independence is not impaired by providing advice on known best practices.
Q246. - (Topic 4)
Which of the following is a dynamic analysis tool for the purpose of testing software modules?
A. Black box test
B. Desk checking
C. Structured walkthrough
D. Design and code
A black box test is a dynamic analysis tool for testing software modules. During the testing of software modules a black box test works first in a cohesive manner as a single unit/entity consisting of numerous modules, and second with the user data that flows across software modules, in some cases, this even drives the software behavior. In choices B, C and D, the software (design or code) remains static and someone closely examines it by applying their mind, without actually activating the software. Therefore, these cannot be referred to as dynamic analysis tools.
Q247. - (Topic 3)
With respect to the outsourcing of IT services, which of the following conditions should be of GREATEST concern to an IS auditor?
A. Outsourced activities are core and provide a differentiated advantage to the organization.
B. Periodic renegotiation is specified in the outsourcing contract.
C. The outsourcing contract fails to cover every action required by the arrangement.
D. Similar activities are outsourced to more than one vendor.
An organization's core activities generally should not be outsourced, because they are what the organization does best; an IS auditor observing that should be concerned. An IS auditor should not be concerned about the other conditions because specification of periodic renegotiation in the outsourcing contract is a best practice. Outsourcing contracts cannot be expected to cover every action and detail expected of the parties involved, while multisourcing is an acceptable way to reduce risk.
Q248. - (Topic 2)
When preparing an audit report the IS auditor should ensure that the results are supported by:
A. statements from IS management.
B. workpapers of other auditors.
C. an organizational control self-assessment.
D. sufficient and appropriate audit evidence.
ISACA's standard on 'reporting' requires the IS auditor have sufficient and appropriate audit evidence to support the reported results. Statements from IS management provide a basis for obtaining concurrence on matters that cannot be verified with empirical evidence. The report should be based on evidence collected during the course of the review even though the auditor may have access to the work papers of other auditors. The results of an organizational control self-assessment (CSA) could supplement the audit findings. Choices A, B and C might be referenced during an audit but, of themselves, would not be considered a sufficient basis for issuing a report.
Q249. - (Topic 1)
________________ (fill in the blank) is/are are ultimately accountable for the functionality, reliability, and security within IT governance. Choose the BEST answer.
A. Data custodians
B. The board of directors and executive officers
C. IT security administration
D. Business unit managers
Explanation: The board of directors and executive officers are ultimately accountable for the functionality, reliability, and security within IT governance.
Q250. - (Topic 1)
Key verification is one of the best controls for ensuring that:
A. Data is entered correctly
B. Only authorized cryptographic keys are used
C. Input is authorized
D. Database indexing is performed properly
Explanation: Key verification is one of the best controls for ensuring that data is entered correctly.