CISA Exam-Test 18 /30 189 Sorry, Your time is over. CISA EXAM-TEST 18 1 / 30 1. A decision support system (DSS) is used to help high-level management: combine the use of decision models with predetermined criteria. support only structured decision-making tasks. solve highly structured problems. make decisions based on data analysis and interactive models. A DSS emphasizes flexibility in the decision-making approach of management through data analysis and the use of interactive models, not fixed criteria. 2 / 30 2. The GREATEST advantage of rapid application development (RAD) over the traditional system development life cycle (SDLC) is that it: shortens the development time frame. allows early testing of technical features. facilitates user involvement. facilitates conversion to the new system. The greatest advantage and core objective of RAD is a shorter time frame for the development of a system. 3 / 30 3. The use of object-oriented design and development techniques would MOST likely: facilitate the ability to reuse modules. enhance control effectiveness. improve system performance. speed up the system development life cycle (SDLC). One of the major benefits of object-oriented design and development is the ability to reuse modules. 4 / 30 4. An organization has contracted with a vendor for a turnkey solution for their electronic toll collection system (ETCS). The vendor has provided its proprietary application software as part of the solution. The contract should require that: source code of the ETCS application be placed in escrow. a backup server be loaded with all relevant software and data. a backup server be available to run ETCS operations with up-to-date data. the systems staff of the organization be trained to handle any event. Whenever proprietary application software is purchased, the contract should provide for a source code escrow agreement. This will ensure that the purchasing company will have the opportunity to modify the software should the vendor cease to be in business. 5 / 30 5. An advantage of using sanitized live transactions in test data is that: test transactions are representative of live processing. all transaction types will be included. no special routines are required to assess the results. every error condition is likely to be tested. Test data will be representative of live processing; however, it is important that all sensitive information in the live transaction file is sanitized to prevent improper data disclosure. 6 / 30 6. During which of the following phases in system development would user acceptance test plans normally be prepared? Feasibility study Requirements definition Postimplementation review Implementation planning During requirements definition, the project team will be working with the users to define their precise objectives and functional needs. At this time, the users should be working with the team to consider and document how the system functionality can be tested to ensure that it meets their stated needs. An IS auditor should know at what point user testing should be planned to ensure that it is most effective and efficient. 7 / 30 7. Which of the following is the PRIMARY purpose of quality assurance (QA) within an IS audit department? To ensure conclusions are reliable and no false assurance is given To enforce audit policies and identify any deviations To confirm audit practice is aligned with industry standards and benchmarks To regularly assess and improve audit methodology 8 / 30 8. An IS auditor reviewing a proposed application software acquisition should ensure that the: product is compatible with the current or planned OS. operating system (OS) being used is compatible with the existing hardware platform. planned OS updates have been scheduled to minimize negative impacts on company needs. OS has the latest versions and updates. In reviewing the proposed application, the auditor should ensure that the products to be purchased are compatible with the current or planned OS. 9 / 30 9. Which of the following is MOST important for an IS auditor to consider when reviewing documentation for an organization's forensics policy? Access controls Notification processes Evidence preservation Assigned roles and responsibilities 10 / 30 10. During the development of an application, quality assurance testing and user acceptance testing were combined. The MAJOR concern for an IS auditor reviewing the project is that there will be: increased maintenance. delays in problem resolution. improper documentation of testing. improper acceptance of a program. The major risk of combining quality assurance testing and user acceptance testing is that the users may apply pressure to accept a program that meets their needs even though it does not meet quality assurance standards. 11 / 30 11. In computer forensics, which of the following is the process that allows bit-for-bit copy of a data to avoid damage of original data or information when multiple analysis may be performed? Data Acquisition Data Protection Imaging Extraction 12 / 30 12. During an audit of a data classification policy, an IS auditor finds that many documents are inappropriately classified as confidential. Which of the following is the GREATEST concern? Information may be under protected. Information may generally be overprotected. Data integrity issues may occur Industry security best practices are violated. 13 / 30 13. Functionality is a characteristic associated with evaluating the quality of software products throughout their life cycle, and is BEST described as the set of attributes that bear on the: relationship between the performance of the software and the amount of resources used ability of the software to be transferred from one environment to another. existence of a set of functions and their specified properties. capability of software to maintain its level of performance under stated conditions. Functionality is the set of attributes that bears on the existence of a set of functions and their specified properties. The functionality of a system represents the tasks, operations and purpose of the system in achieving its objective (i.e., supporting a business requirement). 14 / 30 14. Identify the correct sequence which needs to be followed as a chain of event in regards to evidence handling in computer forensics? Analyze, Identify, preserve and present Identify, Analyze, preserve and Present Preserve, Identify, Analyze and Present Identify, Preserve, Analyze and Present 15 / 30 15. A company undertakes a business process reengineering (BPR) project in support of a new and direct marketing approach to its customers. Which of the following would be an IS auditor's main concern about the new process? Whether key controls are in place to protect assets and information resources Whether the system addresses corporate customer requirements Whether the new system will support separation of duties Whether the system can meet the performance goals (time and resources) The audit team must advocate the inclusion of the key controls and verify that the controls are in place before implementing the new process. 16 / 30 16. An advantage in using a bottom-up vs. a top-down approach to software testing is that: errors in critical modules are detected earlier. major functions and processing are tested earlier. interface errors are detected earlier. confidence in the system is achieved earlier. The bottom-up approach to software testing begins with the testing of atomic units, such as programs and modules, and works upward until a complete system testing has taken place. The advantages of using a bottom-up approach to software testing are the fact that errors in critical modules are found earlier. 17 / 30 17. Which of the following should be included in a feasibility study for a project to implement an electronic data interchange (EDI) process? The detailed internal control procedures The encryption algorithm format The proposed trusted third-party agreement The necessary communication protocols The communications protocols must be included because there may be significant cost implications if new hardware and software are involved, and risk implications if the technology is new to the organization. 18 / 30 18. Which of the following is the PRIMARY objective of implementing privacy-related controls within an organization"? To identify data at rest and data in transit for encryption To comply with legal and regulatory requirements To provide options to individuals regarding use of their data To prevent confidential data loss 19 / 30 19. Which of the following functionality is NOT supported by SSL protocol? Authentication Confidentiality Availability Integrity 20 / 30 20. An IS auditor's PRIMARY concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that: unauthorized access to sensitive data may result. error handling and credibility checks may not be fully proven. users may prefer to use contrived data for testing. the full functionality of the new process may not necessarily be tested. Unless the data are sanitized, there is a risk of disclosing sensitive data. 21 / 30 21. Which of the following is NOT a true statement about public key infrastructure (PKI)? The Registration authority (RA) acts as a verifier for Certificate Authority (CA) Root certificate authority's certificate is always self-signed The Certificate authority role is to issue digital certificates to end users The Registration authority role is to validate and issue digital certificates to end users 22 / 30 22. Which of the following is the BEST approach to identify whether a vulnerability is actively being exploited? Conduct a penetration test Review service desk reports Implement key performance indicators (KPIs). Perform log analysis. 23 / 30 23. Which of the following is an advantage of prototyping? The finished system normally has strong internal controls. It ensures that functions or extras are not added to the intended system. Change control is often less complicated with prototype systems. Prototype systems can provide significant time and cost savings. Prototype systems can provide significant time and cost savings through better user interaction and the ability to rapidly adapt to changing requirements; however, they also have several disadvantages, including loss of overall security focus, project oversight and implementation of a prototype that is not yet ready for production. 24 / 30 24. Which of the following statement is NOT true about Voice-Over IP (VoIP)? Lower infrastructure cost Lower cost per call or even free calls, especially for long distance call VoIP is a technology where voice traffic is carried on top of existing data infrastructure VoIP uses circuit switching technology 25 / 30 25. The GREATEST benefit of implementing an expert system is the: reduction of employee turnover in key departments. capturing of the knowledge and experience of individuals in an organization. enhancement of personnel productivity and performance. protection of proprietary knowledge in a secure central repository. The basis for an expert system is the capture and recording of the knowledge and experience of individuals in an organization. This will allow other users to access information formerly held only by experts 26 / 30 26. When a new system is to be implemented within a short time frame, it is MOST important to: add last-minute enhancements to functionalities. perform user acceptance testing. ensure that the code has been documented and reviewed. finish writing user manuals. It would be most important to complete the user acceptance testing to ensure that the system to be implemented is working correctly. 27 / 30 27. In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as: durability. atomicity. isolation. consistency. The principle of atomicity requires that a transaction be completed in its entirety or not at all. If an error or interruption occurs, all changes made up to that point are backed out. 28 / 30 28. Which of the following is the PRIMARY purpose for conducting parallel testing? To determine whether the system is cost-effective To ensure the new system meets user requirements To enable comprehensive unit and system testing To highlight errors in the program interfaces with files The purpose of parallel testing is to ensure that the implementation of a new system will meet user requirements by comparing the results of the old system with the new system to ensure correct processing. 29 / 30 29. A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing system developed in-house. In reviewing the proposed development approach, which of the following would be of GREATEST concern? A quality plan is not part of the contracted deliverables. Acceptance testing is to be managed by users. Prototyping is being used to confirm that the system meets business requirements. Not all business functions will be available on initial implementation. A quality plan is an essential element of all projects. It is critical that the contracted supplier be required to produce such a plan. The quality plan for the proposed development contract should be comprehensive and encompass all phases of the development and include which business functions will be included and when. 30 / 30 30. Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card? Data mining techniques Intrusion detection systems (IDSs) Firewalls Packet filtering routers Data mining is a technique used to detect trends or patterns of transactions or data. If the historical pattern of charges against a credit card account is changed, then it is a flag that the transaction may have resulted from a fraudulent use of the card. Your score is LinkedIn Facebook Twitter Exit Jute Bags in Dubai | Jute Bags in UAE | Jute Bags in Sharjah