Your success in Isaca CISA is our sole target and we develop all our CISA braindumps in a way that facilitates the attainment of this target. Not only is our CISA study material the best you can find, it is also the most detailed and the most updated. CISA Practice Exams for Isaca CISA are written to the highest standards of technical accuracy.

Q1. - (Topic 1) 

What is a callback system? 

A. It is a remote-access system whereby the remote-access server immediately calls the user back at a predetermined number if the dial-in connection fails. 

B. It is a remote-access system whereby the user's application automatically redials the remoteaccess server if the initial connection attempt fails. 

C. It is a remote-access control whereby the user initially connects to the network systems via dial-up access, only to have the initial connection terminated by the server, which then subsequently dials the user back at a predetermined number stored in the server's configuration database. 

D. It is a remote-access control whereby the user initially connects to the network systems via dial-up access, only to have the initial connection terminated by the server, which then subsequently allows the user to call back at an approved number for a limited period of time. 

Answer:

Explanation: A callback system is a remote-access control whereby the user initially connects to the network systems via dial-up access, only to have the initial connection terminated by the server, which then subsequently dials the user back at a predetermined number stored in the server's configuration database. 


Q2. - (Topic 1) 

What should regression testing use to obtain accurate conclusions regarding the effects of changes or corrections to a program, and ensuring that those changes and corrections have not introduced new errors? 

A. Contrived data 

B. Independently created data 

C. Live data 

D. Data from previous tests 

Answer:

Explanation: Regression testing should use data from previous tests to obtain accurate conclusions regarding the effects of changes or corrections to a program, and ensuring that those changes and corrections have not introduced new errors. 


Q3. - (Topic 1) 

Batch control reconciliation is a _____________________ (fill in the blank) control for mitigating risk of inadequate segregation of duties. 

A. Detective 

B. Corrective 

C. Preventative 

D. Compensatory 

Answer:

Explanation: Batch control reconciliations is a compensatory control for mitigating risk of inadequate segregation of duties. 


Q4. - (Topic 1) 

To properly evaluate the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of which of the following? Choose the BEST answer. 

A. The business objectives of the organization 

B. The effect of segregation of duties on internal controls 

C. The point at which controls are exercised as data flows through the system 

D. Organizational control policies 

Answer:

Explanation: When evaluating the collective effect of preventive, detective, or corrective controls within a process, an IS auditor should be aware of the point at which controls are exercised as data flows through the system. 


Q5. - (Topic 1) 

Of the three major types of off-site processing facilities, what type is often an acceptable solution for preparing for recovery of noncritical systems and data? 

A. Cold site 

B. Hot site 

C. Alternate site 

D. Warm site 

Answer:

Explanation: A cold site is often an acceptable solution for preparing for recovery of noncritical systems and datA. 


Q6. - (Topic 2) 

A substantive test to verify that tape library inventory records are accurate is: 

A. determining whether bar code readers are installed. 

B. determining whether the movement of tapes is authorized. 

C. conducting a physical count of the tape inventory. 

D. checking if receipts and issues of tapes are accurately recorded. 

Answer:

Explanation: 

A substantive test includes gathering evidence to evaluate the integrity of individual transactions, data or other information. Conducting a physical count of the tape inventory is a substantive test. Choices A, B and D are compliance tests. 


Q7. - (Topic 1) 

Off-site data backup and storage should be geographically separated so as to ________________ (fill in the blank) the risk of a widespread physical disaster such as a hurricane or earthquake. 

A. Accept 

B. Eliminate 

C. Transfer 

D. Mitigate 

Answer:

Explanation: Off-site data backup and storage should be geographically separated, to mitigate the risk of a widespread physical disaster such as a hurricane or an earthquake. 


Q8. - (Topic 4) 

A proposed transaction processing application will have many data capture sources and outputs in paper and electronic form. To ensure that transactions are not lost during processing, an IS auditor should recommend the inclusion of: 

A. validation controls. 

B. internal credibility checks. 

C. clerical control procedures. 

D. automated systems balancing. 

Answer:

Explanation: 

Automated systems balancing would be the best way to ensure that no transactions are lost as any imbalance between total inputs and total outputs would be reported for investigation and correction. Validation controls and internal credibility checksare certainly valid controls, but will not detect and report lost transactions. In addition, although a clerical procedure could be used to summarize and compare inputs and outputs, an automated process is less susceptible to error. 


Q9. - (Topic 1) 

What are used as the framework for developing logical access controls? 

A. Information systems security policies 

B. Organizational security policies 

C. Access Control Lists (ACL) 

D. Organizational charts for identifying roles and responsibilities 

Answer:

Explanation: Information systems security policies are used as the framework for developing logical access controls. 


Q10. - (Topic 4) 

Which of the following is a dynamic analysis tool for the purpose of testing software modules? 

A. Black box test 

B. Desk checking 

C. Structured walkthrough 

D. Design and code 

Answer:

Explanation: 

A black box test is a dynamic analysis tool for testing software modules. During the testing of software modules a black box test works first in a cohesive manner as a single unit/entity consisting of numerous modules, and second with the user data that flows across software modules, in some cases, this even drives the software behavior. In choices B, C and D, the software (design or code) remains static and someone closely examines it by applying their mind, without actually activating the software. Therefore, these cannot be referred to as dynamic analysis tools. 


Q11. - (Topic 1) 

Which of the following is MOST is critical during the business impact assessment phase of business continuity planning? 

A. End-user involvement 

B. Senior management involvement 

C. Security administration involvement 

D. IS auditing involvement 

Answer:

Explanation: End-user involvement is critical during the business impact assessment phase of business continuity planning. 


Q12. - (Topic 1) 

What supports data transmission through split cable facilities or duplicate cable facilities? 

A. Diverse routing 

B. Dual routing 

C. Alternate routing 

D. Redundant routing 

Answer:

Explanation: Diverse routing supports data transmission through split cable facilities, or duplicate cable facilities. 


Q13. - (Topic 1) 

How do modems (modulation/demodulation) function to facilitate analog transmissions to enter a digital network? 

A. Modems convert analog transmissions to digital, and digital transmission to analog. 

B. Modems encapsulate analog transmissions within digital, and digital transmissions within analog. 

C. Modems convert digital transmissions to analog, and analog transmissions to digital. 

D. Modems encapsulate digital transmissions within analog, and analog transmissions within digital. 

Answer:

Explanation: Modems (modulation/demodulation) convert analog transmissions to digital, and digital transmissions to analog, and are required for analog transmissions to enter a digital network. 


Q14. - (Topic 1) 

Who assumes ownership of a systems-development project and the resulting system? 

A. User management 

B. Project steering committee 

C. IT management 

D. Systems developers 

Answer:

Explanation: User management assumes ownership of a systems-development project and the resulting system. 


Q15. - (Topic 4) 

The GREATEST benefit in implementing an expert system is the: 

A. capturing of the knowledge and experience of individuals in an organization. 

B. sharing of knowledge in a central repository. 

C. enhancement of personnel productivity and performance. 

D. reduction of employee turnover in key departments. 

Answer:

Explanation: 

The basis for an expert system is the capture and recording of the knowledge and experience of individuals in an organization. Coding and entering the knowledge in a central repository, shareable within the enterprise, is a means of facilitating the expert system. Enhancing personnel productivity and performance is a benefit; however, it is not as important as capturing the knowledge and experience. Employee turnover is not necessarily affected by an expert system.