Your success in Isaca CISA is our sole target and we develop all our CISA braindumps in a way that facilitates the attainment of this target. Not only is our CISA study material the best you can find, it is also the most detailed and the most updated. CISA Practice Exams for Isaca CISA are written to the highest standards of technical accuracy.
Q106. CORRECT TEXT - (Topic 2)
The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. Which would be the BEST audit technique to use in this situation?
A. Test data
B. Generalized audit software
C. Integrated test facility
D. Embedded audit module
Q107. - (Topic 1)
Which of the following are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem? Choose the BEST answer.
A. Expert systems
B. Neural networks
C. Integrated synchronized systems
D. Multitasking applications
Explanation: Neural networks are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem.
Q108. - (Topic 4)
When implementing an application software package, which of the following presents the GREATEST risk?
A. Uncontrolled multiple software versions
B. Source programs that are not synchronized with object code
C. incorrectly set parameters
D. Programming errors.
Parameters that are not set correctly would be the greatest concern when implementing an application software package. The other choices, though important, are a concern of the provider, not the organization that is implementing the software itself.
Q109. - (Topic 4)
Which of the following is MOST critical when creating data for testing the logic in a new or modified application system?
A. A sufficient quantity of data for each test case
B. Data representing conditions that are expected in actual processing
C. Completing the test on schedule
D. A random sample of actual data
Selecting the right kind of data is key in testing a computer system. The data should not only include valid and invalid data but should be representative of actual processing; quality is more important than quantity. It is more important to have adequate test data than to complete the testing on schedule. It is unlikely that a random sample of actual data would cover all test conditions and provide a reasonable representation of actual data.
Q110. - (Topic 2)
During a change control audit of a production system, an IS auditor finds that the change management process is not formally documented and that some migration procedures failed. What should the IS auditor do next?
A. Recommend redesigning the change management process.
B. Gain more assurance on the findings through root cause analysis.
C. Recommend that program migration be stopped until the change process is documented.
D. Document the finding and present it to management.
A change management process is critical to IT production systems. Before recommending that the organization take any other action (e.g., stopping migrations, redesigning the change management process), the IS auditor should gain assurance that the incidents reported are related to deficiencies in the change management process and not caused by some process other than change management.
Q111. - (Topic 3)
A local area network (LAN) administrator normally would be restricted from:
A. having end-user responsibilities.
B. reporting to the end-user manager.
C. having programming responsibilities.
D. being responsible for LAN security administration.
A LAN administrator should not have programming responsibilities but may have end-user responsibilities. The LAN administrator may report to the director of the IPF or, in a decentralized operation, to the end-user manager. In small organizations, the LAN administrator may also be responsible for security administration over the LAN.
Q112. - (Topic 1)
The directory system of a database-management system describes:
A. The access method to the data
B. The location of data AND the access method
C. The location of data
D. Neither the location of data NOR the access method
Explanation: The directory system of a database-management system describes the location of data and the access method.
Q113. - (Topic 1)
Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?
A. Check digit
B. Existence check
C. Completeness check
D. Reasonableness check
A completeness check is used to determine if a field contains data and not zeros or blanks.
Q114. - (Topic 4)
Change control for business application systems being developed using prototyping could be complicated by the:
A. iterative nature of prototyping.
B. rapid pace of modifications in requirements and design.
C. emphasis on reports and screens.
D. lack of integrated tools.
Changes in requirements and design happen so quickly that they are seldom documented or approved. Choices A, C and D are characteristics of prototyping, but they do not have an adverse effect on change control.
Q115. - (Topic 1)
Proper segregation of duties prevents a computer operator (user) from performing security administration duties. True or false?
Explanation: Proper segregation of duties prevents a computer operator (user) from performing security administration duties.
Q116. - (Topic 3)
Which of the following is the PRIMARY objective of an IT performance measurement process?
A. Minimize errors
B. Gather performance data
C. Establish performance baselines
D. Optimize performance
An IT performance measurement process can be used to optimize performance, measure and manage products/services, assure accountability and make budget decisions. Minimizing errors is an aspect of performance, but not the primary objective of performance management. Gathering performance data is a phase of IT measurement process and would be used to evaluate the performance against previously established performance baselines.
Q117. - (Topic 1)
Which of the following typically focuses on making alternative processes and resources available for transaction processing?
A. Cold-site facilities
B. Disaster recovery for networks
C. Diverse processing
D. Disaster recovery for systems
Explanation: Disaster recovery for systems typically focuses on making alternative processes and resources available for transaction processing.
Q118. - (Topic 2)
The PRIMARY purpose for meeting with auditees prior to formally closing a review is to:
A. confirm that the auditors did not overlook any important issues.
B. gain agreement on the findings.
C. receive feedback on the adequacy of the audit procedures.
D. test the structure of the final presentation.
The primary purpose for meeting with auditees prior to formally closing a review is to gain agreement on the findings. The other choices, though related to the formal closure of an audit, are of secondary importance.
Q119. - (Topic 1)
The initial step in establishing an information security program is the:
A. development and implementation of an information security standards manual.
B. performance of a comprehensive security control review by the IS auditor.
C. adoption of a corporate information security policy statement.
D. purchase of security access control software.
A policy statement reflects the intent and support provided by executive management for proper security and establishes a starting point for developing the security program.
Q120. - (Topic 1)
Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital?
C. Protocol converter
A modem is a device that translates data from digital to analog and back to digital.