Your success in is our sole target and we develop all our in a way that facilitates the attainment of this target. Not only is our material the best you can find, it is also the most detailed and the most updated. for Isaca CISA are written to the highest standards of technical accuracy.
Online CISA free questions and answers of New Version:
NEW QUESTION 1
Which of the following would be the MOST significant audit finding when reviewing a
point-of-sale (POS) system?
- A. invoices recorded on the POS system are manually entered into an accounting application
- B. An optical scanner is not used to read bar codes for the generation of sales invoices
- C. Frequent power outages occur, resulting in the manual preparation of invoices
- D. Customer credit card information is stored unencrypted on the local POS system
It is important for the IS auditor to determine if any credit card information is stored on the local point-of-sale (POS) system. Any such information, if stored, should be encrypted or protected by other means to avoid the possibility of unauthorized disclosure. Manually inputting sale invoices into the accounting application is an operational issue, if the POS system were to be interfaced with the financial accounting application, the overall efficiency could be improved. The nonavailability of optical scanners to read bar codes of the products and power outages are operational issues.
NEW QUESTION 2
The MAIN criterion for determining the severity level of a service disruption incident is:
- A. cost of recover
- B. negative public opinio
- C. geographic locatio
- D. downtim
The longer the period of time a client cannot be serviced, the greater the severity of the incident. The cost of recovery could be minimal yet the service downtime could have a major impact. Negative public opinion is a symptom of an incident. Geographic location does not determine the severity of the incident.
NEW QUESTION 3
Which of the following ensures confidentiality of information sent over the internet?
- A. Digital signature
- B. Digital certificate
- C. Online Certificate Status Protocol
- D. Private key cryptosystem
Confidentiality is assured by a private key cryptosystem. Digital signatures assure data integrity, authentication and nonrepudiation, but not confidentially. A digital certificate is a certificate that uses a digital signature to bind together a public key with an identity; therefore, it does not address confidentiality. Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of a digital certificate.
NEW QUESTION 4
How is the time required for transaction processing review usually affected by properly implemented Electronic Data Interface (EDI)?
- A. EDI usually decreases the time necessary for revie
- B. EDI usually increases the time necessary for revie
- C. Cannot be determine
- D. EDI does not affect the time necessary for revie
Explanation: Electronic data interface (EDI) supports intervendor communication while decreasing the time necessary for review because it is usually configured to readily identify errors requiring follow-up.
NEW QUESTION 5
An organization is disposing of a number of laptop computers. Which of the following data destruction methods would be the MOST effective?
- A. Run a low-level data wipe utility on all hard drives
- B. Erase all data file directories
- C. Format all hard drives
- D. Physical destruction of the hard drive
The most effective method is physical destruction. Running a low-level data wipe utility may leave some residual data that could be recovered; erasing data directories and formatting hard drives are easily reversed, exposing all data on the drive to unauthorized individuals.
NEW QUESTION 6
When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next:
- A. recommend that the database be normalize
- B. review the conceptual data mode
- C. review the stored procedure
- D. review the justificatio
If the database is not normalized, the IS auditor should review the justification since, in some situations, denormalization is recommended for performance reasons. The IS auditor should not recommend normalizing the database until further investigation takes place. Reviewing the conceptual data model or the stored procedures will not provide information about normalization.
NEW QUESTION 7
Which of the following would MOST likely indicate that a customer data warehouse should remain in-house rather than be outsourced to an offshore operation?
- A. Time zone differences could impede communications between IT team
- B. Telecommunications cost could be much higher in the first yea
- C. Privacy laws could prevent cross-border flow of informatio
- D. Software development may require more detailed specification
Privacy laws prohibiting the cross-border flow of personally identifiable information would make it impossible to locate a data warehouse containing customer information in another country. Time zone differences and higher telecommunications costs are more manageable. Software development typically requires more detailed specifications when dealing with offshore operations.
NEW QUESTION 8
An IS auditor is reviewing an IT security risk management program. Measures of security risk should:
- A. address all of the network risk
- B. be tracked over time against the IT strategic pla
- C. take into account the entire IT environmen
- D. result in the identification of vulnerability tolerance
When assessing IT security risk, it is important to take into account the entire IT environment. Measures of security risk should focus on those areas with the highest criticality so as to achieve maximum risk reduction at the lowest possible cost. IT strategic plans are not granular enough to provide appropriate measures. Objective metrics must be tracked over time against measurable goals, thus the management of risk is enhanced by comparing today's results against last week, last month, last quarter. Risk measures will profile assets on a network to objectively measure vulnerability risk. They do not identify tolerances.
NEW QUESTION 9
The PRIMARY objective of implementing corporate governance by an organization's management is to:
- A. provide strategic directio
- B. control business operation
- C. align IT with busines
- D. implement best practice
Corporate governance is a set of management practices to provide strategic direction, thereby ensuring that goals are achievable, risks are properly addressed and organizational resources are properly utilized. Hence, the primary objective of corporate governance is to provide strategic direction. Based on the strategic direction, business operations are directed and controlled.
NEW QUESTION 10
A hacker could obtain passwords without the use of computer tools or programs through the technique of:
- A. social engineerin
- B. sniffer
- C. back door
- D. Trojan horse
Social engineering is based on the divulgence of private information through dialogues, interviews, inquiries, etc., in which a user may be indiscreet regarding their or someone else's personal datA. A sniffer is a computer tool to monitor the traffic in networks. Back doors are computer programs left by hackers to exploit vulnerabilities. Trojan horses are computer programs that pretend to supplant a real program; thus, the functionality of the program is not authorized and is usually maliciousin nature.
NEW QUESTION 11
When reviewing system parameters, an IS auditor's PRIMARY concern should be that:
- A. they are set to meet security and performance requirement
- B. changes are recorded in an audit trail and periodically reviewe
- C. changes are authorized and supported by appropriate document
- D. access to parameters in the system is restricte
The primary concern is to find the balance between security and performance. Recording changes in an audit trail and periodically reviewing them is a detective control; however, if parameters are not set according to business rules, monitoring of changes may not be an effective control. Reviewing changes to ensure they are supported by appropriate documents is also a detective control, if parameters are set incorrectly, the related documentation and the fact that these are authorized does not reduce the impact. Restriction of access to parameters ensures that only authorized staff can access the parameters; however, if the parameters are set incorrectly, restricting access will still have an adverse impact.
NEW QUESTION 12
The ultimate purpose of IT governance is to:
- A. encourage optimal use of I
- B. reduce IT cost
- C. decentralize IT resources across the organizatio
- D. centralize control of I
IT governance is intended to specify the combination of decision rights and accountability that is best for the enterprise. It is different for every enterprise. Reducing IT costs may not be the best IT governance outcome for an enterprise. Decentralizing IT resources across the organization is not always desired, although it may be desired in a decentralized environment. Centralizing control of IT is not always desired. An example of where it might be desired is an enterprise desiring a single point of customer contact.
NEW QUESTION 13
Change management procedures are established by IS management to:
- A. control the movement of applications from the test environment to the production environmen
- B. control the interruption of business operations from lack of attention to unresolved problem
- C. ensure the uninterrupted operation of the business in the event of a disaste
- D. verify that system changes are properly documente
Change management procedures are established by IS management to control the movement of applications from the test environment to the production environment. Problem escalation procedures control the interruption of business operations from lack of attention to unresolved problems, and quality assurance procedures verify that system changes are authorized and tested.
NEW QUESTION 14
In a client-server system, which of the following control techniques is used to inspect activity from known or unknown users?
- A. Diskless workstations
- B. Data encryption techniques
- C. Network monitoring devices
- D. Authentication systems
Network monitoring devices may be used to inspect activities from known or unknown users and can identify client addresses, which may assist in finding evidence of unauthorized access. This serves as a detective control. Diskless workstations preventaccess control software from being bypassed. Data encryption techniques can help protect sensitive or propriety data from unauthorized access, thereby serving as a preventive control. Authentication systems may provide environmentwide, logical facilities that can differentiate among users, before providing access to systems.
NEW QUESTION 15
Which of the following processes are performed during the design phase of the systemsdevelopment life cycle (SDLC) model?
- A. Develop test plan
- B. Baseline procedures to prevent scope cree
- C. Define the need that requires resolution, and map to the major requirements of the solutio
- D. Program and test the new syste
- E. The tests verify and validate what has been develope
Explanation: Procedures to prevent scope creep are baselined in the design phase of the systems-development life cycle (SDLC) model.
NEW QUESTION 16
Any changes in systems assets, such as replacement of hardware, should be immediately recorded within the assets inventory of which of the following? Choose the BEST answer.
- A. IT strategic plan
- B. Business continuity plan
- C. Business impact analysis
- D. Incident response plan
Explanation: Any changes in systems assets, such as replacement of hardware, should be immediately recorded within the assets inventory of a business continuity plan.
NEW QUESTION 17
An IS auditor finds that client requests were processed multiple times when received
from different independent departmental databases, which are synchronized weekly. What would be the BEST recommendation?
- A. increase the frequency for data replication between the different department systems to ensure timely update
- B. Centralize all request processing in one department to avoid parallel processing of the same reques
- C. Change the application architecture so that common data are held in just one shared database for all department
- D. implement reconciliation controls to detect duplicates before orders are processed in the system
Keeping the data in one place is the best way to ensure that data are stored without redundancy and that all users have the same data on their systems. Although increasing the frequency may help to minimize the problem, the risk of duplication cannotbe eliminated completely because parallel data entry is still possible. Business requirements will most likely dictate where data processing activities are performed. Changing the business structure to solve an IT problem is not practical or politically feasible. Detective controls do not solve the problem of duplicate processing, and would require that an
additional process be implemented to handle the discovered duplicates.
NEW QUESTION 18
The quality of the metadata produced from a data warehouse is _______________ in the warehouse's design. Choose the BEST answer.
- A. Often hard to determine because the data is derived from a heterogeneous data environment
- B. The most important consideration
- C. Independent of the quality of the warehoused databases
- D. Of secondary importance to data warehouse content
Explanation: The quality of the metadata produced from a data warehouse is the most important consideration in the warehouse's design.
100% Valid and Newest Version CISA Questions & Answers shared by 2passeasy, Get Full Dumps HERE: https://www.2passeasy.com/dumps/CISA/ (New 1177 Q&As)