CISA Exam-Test 26 /30 211 Sorry, Your time is over. CISA EXAM-TEST 26 1 / 30 1. During an audit of a small enterprise, the IS auditor noted that the IS director has superuser-privilege access that allows the director to process requests for changes to the application access roles (access types). Which of the following should the IS auditor recommend? Document the current procedure in detail, and make it available on the enterprise intranet. Hire additional staff to provide a segregation of duties (SoD) for application role changes. Implement a properly documented process for application role change requests. Implement an automated process for changing application roles. The IS auditor should recommend implementation of processes that could prevent or detect improper changes from being made to the major application roles. The application role change request process should start and be approved by the business owner; then, the IS director can make the changes to the application. 2 / 30 2. What can be used to help identify and investigate unauthorized transactions? Data-mining techniques Expert systems Postmortem review Reasonableness checks 3 / 30 3. Which of the following is widely accepted as one of the critical components in networking management? Application of monitoring Topological mappings Proxy server troubleshooting Configuration management Configuration management is widely accepted as one of the key components of any network because it establishes how the network will function internally and externally. It also deals with the management of configuration and monitoring performance. Configuration management ensures that the setup and management of the network is done properly, including managing changes to the configuration, removal of default passwords and possibly hardening the network by disabling unneeded services. 4 / 30 4. While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should: recommend the use of disk mirroring. review the adequacy of offsite storage. review the capacity management process. recommend the use of a compression algorithm. Capacity management is the planning and monitoring of computer resources to ensure that available IT resources are used efficiently and effectively. This will look at capacity from a strategic viewpoint and allow a plan to forecast and purchase additional equipment in a planned manner. 5 / 30 5. When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next: recommend that the database be normalized. review the justification. review the conceptual data model. review the stored procedures. If the database is not normalized, the IS auditor should review the justification because, in some situations, denormalization is recommended for performance reasons. 6 / 30 6. Which of the following is the PRIMARY purpose of conducting follow-up audits for material observations? To assess the risk of the audit environment To validate remediation efforts To validate the correctness of reported findings To assess evidence for management reporting 7 / 30 7. During the audit of a database server, which of the following would be considered the GREATEST exposure? The password on the administrator account does not expire. Default global security settings for the database remain unchanged. Database activity is not fully logged. Old data have not been purged. Default security settings for the database could allow issues such as blank user passwords or passwords that were the same as the username. 8 / 30 8. A benefit of quality of service (QoS) is that the: communications link will be supported by security controls to perform secure online transactions. telecom carrier will provide the company with accurate service-level compliance reports. participating applications will have bandwidth guaranteed. entire network's availability and performance will be significantly improved. The main function of QoS is to optimize network performance by assigning priority to business applications and end users through the allocation of dedicated parts of the bandwidth to specific traffic. 9 / 30 9. Which of the following is the PRIMARY purpose of using data analytics when auditing an enterprise resource planning (ERP) system for a large organization? To identify business processing errors To select sampling methods To determine recovery point objectives (RPOs) To identify threats to the ERP 10 / 30 10. Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions? Cyclic redundancy check (CRC) Block sum check Echo check Parity check The cyclic redundancy check (CRC) can check for a block of transmitted data. The workstations generate the CRC and transmit it with the data. The receiving workstation computes a CRC and compares it to the transmitted CRC. If both of them are equal, then the block is assumed error free. In this case (such as in parity error or echo check), multiple errors can be detected. In general, CRC can detect all single-bit and double-bit errors. 11 / 30 11. Which of the following is a network diagnostic tool that monitors and records network information? Downtime report Protocol analyzer Help desk report Online monitor Protocol analyzers are network diagnostic tools that monitor and record network information from packets traveling in the link to which the analyzer is attached. 12 / 30 12. Which of the following database controls would ensure that the integrity of transactions is maintained in an online transaction processing system's database? Data normalization controls Commitment and rollback controls Authentication controls Read/write access log controls Commitment and rollback controls are directly relevant to integrity. These controls ensure that database operations that form a logical transaction unit will be completed entirely or not at all, (i.e., if, for some reason, a transaction cannot be fully completed, then incomplete inserts/updates/deletes are rolled back so that the database returns to its pretransaction state). 13 / 30 13. During maintenance of a relational database, several values of the foreign key in a transaction table have been corrupted. The consequence is that: the database will no longer accept input data. the detail of involved transactions may no longer be associated with master data, causing errors when these transactions are processed. there is no way of reconstructing the lost information, except by deleting the dangling tuples and reentering the transactions. the database will immediately stop execution and lose more information. When the external key of a transaction is corrupted or lost, the application system will normally be incapable of directly attaching the master data to the transaction data. Normally, this will cause the system to undertake a sequential search and slow down the processing. If the concerned files are big, this slowdown will be unacceptable. This is a violation of referential integrity. 14 / 30 14. Within the context of an IT-related governance framework, which type of organization would be considered MOST mature? An organization m a state of dynamic growth with continuously updated policies and procedures An organization with established sets of documented standard processes An organization with processes systematically managed by continuous improvement An organization in which processes are repeatable and results periodically reviewed 15 / 30 15. An IS auditor finds the timeliness and depth of information regarding the organization's IT projects varies based on which project manager is assigned. Which of the following recommendations would be A MOST helpful in achieving predictable and repeatable project management processes? Alignment of project performance to pay incentives Use of Gantt charts and work breakdown structures Measurement against defined and documented procedures Adoption of business case and earned value templates 16 / 30 16. A review of wide area network (WAN) usage discovers that traffic on one communication line between sites, synchronously linking the master and standby database, peaks at 96 percent of the line capacity. An IS auditor should conclude that: users should be instructed to reduce their traffic demands or distribute them across all service hours to flatten bandwidth consumption. analysis is required to determine if a pattern emerges that results in a service loss for a short period of time. the line should immediately be replaced by one with a larger capacity to provide approximately 85 percent saturation. WAN capacity is adequate for the maximum traffic demands because saturation has not been reached. The peak at 96 percent could be the result of a one-off incident (e.g., a user downloading a large amount of data); therefore, analysis to establish whether this is a regular pattern and what causes this behavior should be carried out before expenditure on a larger line capacity is recommended. 17 / 30 17. What is an edit check to determine whether a field contains valid data? Accuracy check Completeness check Redundancy check Reasonableness check 18 / 30 18. Which of the following would prevent accountability for an action performed, thus allowing nonrepudiation? Proper identification Proper identification, authentication, AND authorization Proper authentication Proper identification AND authentication 19 / 30 19. What often results in project scope creep when functional requirements are not defined as well as they could be? Inadequate software baselining Project delays Inaccurate resource allocation Insufficient strategic planning 20 / 30 20. A cyclic redundancy check (CRC) is commonly used to determine the: adequacy of encryption. accuracy of data input. integrity of a downloaded program. validity of data transfer. The accuracy of blocks of data transfers, such as data transfer from hard disks, is validated by a cyclic redundancy check (CRC). 21 / 30 21. When storing data archives off-site, what must be done with the data to ensure data completeness? The data must be synchronized The data must be normalized. The data must be validated. The data must be parallel-tested. 22 / 30 22. An IS auditor finds that the data warehouse query performance decreases significantly at certain times of the day. Which of the following controls would be MOST relevant for the IS auditor to review? Permanent table-space allocation Read/write access log controls User spool and database limit controls Commitment and rollback controls User spool limits restrict the space available for running user queries. This prevents poorly formed queries from consuming excessive system resources and impacting general query performance. Limiting the space available to users in their own databases prevents them from building excessively large tables. This helps to control space utilization which itself acts to help performance by maintaining a buffer between the actual data volume stored and the physical device capacity. Additionally, it prevents users from consuming excessive resources in ad hoc table builds (as opposed to scheduled production loads that often can run overnight and are optimized for performance purposes). In a data warehouse, because you are not running online transactions, commitment and rollback does not have an impact on performance. 23 / 30 23. Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is BEST ensured by: validation checks. database integrity checks. input controls. database commits and rollbacks. Database commits ensure that the data are saved after the transaction processing is completed. Rollback ensures that the processing that has been partially completed as part of the transaction is reversed back and not saved if the entire transaction does not complete successfully. 24 / 30 24. An IS auditor analyzing the audit log of a database management system (DBMS) finds that some transactions were partially executed as a result of an error and have not been rolled back. Which of the following transaction processing features has been violated? Isolation Durability Atomicity Consistency Atomicity guarantees that either the entire transaction is processed or none of it is. 25 / 30 25. In a relational database with referential integrity, the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table? Foreign key Primary key Secondary key Public key In a relational database with referential integrity, the use of foreign keys would prevent events such as primary key changes and record deletions, resulting in orphaned relations within the database. 26 / 30 26. Business units are concerned about the performance of a newly implemented system. Which of the following should an IS auditor recommend? Implement the changes users have suggested. Prepare the maintenance manual. Develop a baseline and monitor system usage. Define alternate processing procedures. An IS auditor should recommend the development of a performance baseline and monitor the system's performance against the baseline to develop empirical data upon which decisions for modifying the system can be made. 27 / 30 27. Which of the following is MOST directly affected by network performance monitoring tools? Integrity Confidentiality Availability Completeness Network monitoring tools allow observation of network performance and problems. This allows the administrator to take corrective action when network problems are observed. Therefore, the characteristic that benefits the most from network monitoring is availability. 28 / 30 28. An organization's security policy mandates that all new employees must receive appropriate security awareness training. Which of the following metrics would BEST assure compliance with this policy? Number of new hires who have violated enterprise security policies Percentage of new hires that have completed the training . Percentage of new hires who report incidents Number of reported incidents by new hires 29 / 30 29. A database administrator has detected a performance problem with some tables, which could be solved through denormalization. This situation will increase the risk of: deadlocks. a loss of data integrity. unauthorized access to data. concurrent access. Normalization is the removal of redundant data elements from the database structure. Disabling normalization in relational databases will create redundancy and a risk of not maintaining consistency of data, with the consequent loss of data integrity. 30 / 30 30. Which of the following security measures BEST ensures the integrity of information stored in a data warehouse? Data dictionary maintenance Change management procedures A read-only restriction Validated daily backups Because most data in a data warehouse are historic and do not need to be changed, applying read-only restrictions prevents data manipulation. Your score is LinkedIn Facebook Twitter Exit